Confusion with the UMA protocol

Tagged: ,

This topic has 0 replies, 1 voice, and was last updated 5 years, 9 months ago by anis_huq.

  • Author
  • #13698

    Hi friends,
    I have been studying OAuth 2.0 and UMA for a little while now. However, I have a lot of confusion regarding UMA. Please bear with me if I sound naive in my following questions:

    1. In UMA’s delegation protocol, the first step is: user registers host to Authorization Manager (AM). The term “user” is EXTREMELY confusing. Because, this “user” supposedly establishes trust between a HOST and AM. Is this “user” an end-user or some sort of administrator? Let’s say, an end-user owns some data in FACEBOOK (i.e. HOST). Now, will this “user” be allowed to establish a trust relationship between FACEBOOK and an AM? Common sense dictates this shouldn’t be the case due to security concerns. So, my question is, is this “user” an end-user or some sort of system administrator of the HOST?

    2. In case, the “user” is a system administrator, then how does UMA realize dynamic (runtime) introduction of services?

    3. Is OAuth 2.0 only for RESTful web services? Or can it be used with any simple HTML based web sites?

    Hope to hear from you soon.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?