I suggest UMA approach #wideeco in order: (1) Delegation > (2) Notification > (3) Authorization

My reasoning is that #wideeco is primarily a multiple portals problem. This can only be solved by delegating the UX to a single-point-of-contact regardless of the nature of the resource and resource server. The ability to delegate any RS to the same AS means that there should be no barrier to the choice of AS and no limitation on the capability of that AS to provide a good user experience for the notification and authorization tasks to follow the RS-AS linkage.

I consider Notification to be next in importance and also essential to user-managed access. In many real-world cases where I have limited control over how a resource is used, I still expect notification of how the resource is used. Notification also provides a potentially valuable service to the RS from a security and trust perspective even if no authorization interaction is expected. UMA's notification capability needs to be broadly applicable for all sorts of relationships with services and Things in the #wideeco.

Finally, we get to authorization. Here, I expect support for localized interactions with mobile clients and resources that may not be able to reach the Internet and support for all sorts of identity providers for Bob and Bob's verified attributes. I also expect that my authorization and delegation policies will be opaque to the RS so that I can have a consistent UX across all kinds of resources and situations.

Adrian