I have been studying OAuth 2.0 and UMA for a little while now. However, I have a lot of confusion regarding UMA. Please bear with me if I sound naive in my following questions:
1. In UMA’s delegation protocol, the first step is: user registers host to Authorization Manager (AM). The term “user” is EXTREMELY confusing. Because, this “user” supposedly establishes trust between a HOST and AM. Is this “user” an end-user or some sort of administrator? Let’s say, an end-user owns some data in FACEBOOK (i.e. HOST). Now, will this “user” be allowed to establish a trust relationship between FACEBOOK and an AM? Common sense dictates this shouldn’t be the case due to security concerns. So, my question is, is this “user” an end-user or some sort of system administrator of the HOST?
2. In case, the “user” is a system administrator, then how does UMA realize dynamic (runtime) introduction of services?
3. Is OAuth 2.0 only for RESTful web services? Or can it be used with any simple HTML based web sites?