Thanks, Justin. I guess I should have worded my question differently. Evolve to include UMA, not transition, would be better. The use cases are definitely different. The client is just getting to know UMA’s existence but is open to looking into it. I was
curious if there are any existing diagrams of an enterprise that Is evolving so I don’t have to reinvent diagrams.
But your answer of coexistence tells me I should just be brave to add to their diagrams. Thanks.
Why would you transition? UMA is not “OAuth++”, it’s a different protocol that uses OAuth to do its job. It doesn’t solve the OAuth use case particularly smoothly, so if you’re doing OAuth and that fits, then keep doing that. If you have use cases that can
be addressed by UMA (cross-domain authorization servers, user-supplied authorization servers, and user-to-user delegation), then you can build an UMA system alongside the OAuth system. But it doesn’t (and shouldn’t) replace it.
— Justin