Mark L and I were IMing a couple of weeks back, discussing some of the things that could constitute "consent instructions" in UMA. I ended up typing out what I thought of as what Alice (y'know, the resource owner or her proxy/guardian/agent :-) wants some RS operator "X" to do on her behalf in "plain English": - Form an agreement with me and my AS operator "Y" to put some set of resources managed by me under the protection of that AS - I might or might not have had a choice about which AS I use, or which AS operators this RS operator will work with. But once we make this agreement, any of my resources that get registered for central protection do have to be under "Y"'s protection for realsies -- and I'm going to be telling "Y" how to protect the resources so they know what to put in the token that the RS eventually gets. - Within normal UMA operations, in the general case, have the RS do what the token from "Y" says to do when a client seeks access -- that is, give access when it says to and deny access when it says to, on the basis of what the client was attempting to do - Within normal UMA operations, in *limited* circumstances (tbd to be enumerated by us if possible, with model clause support????), enable the RS to deviate -- that is, to give access when the RPT says to deny access and to deny access when the RPT says to give access - Possibly requiring the RS to send a notification message somewhere (tbd????) - Outside normal UMA operations, in *limited* circumstances (tbd to be enumerated by us if possible, with model clause support????), enable the RS to give access on request - Possibly requiring the RS to send a notification message somewhere (tbd????) This is pretty much what I as a human being would expect UMA to "mean" wrt a RSO, giving them just enough of an "out" in case they have to live up to laws in their jurisdiction etc. Is this helpful in the spirit of having both Creative Commons human-readable and lawyer-readable text? :-) Should I keep going and write a brute-force list for what the RO/ASO relationship should "mean" and so on? *Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl