Set Math for UMA Authorization Assessment
Let define a superset 𝑺 of all possible assignable scopes to protected resources in a UMA context.
Let 𝑠 an element of 𝑺 (𝑠 ∈ 𝑺).
Let define the following subsets of 𝑺:
𝐴 = ClientRegistered = {𝑠, scopes registered at AS by the Client , s.t. 𝑠 ∈ 𝑺}, A ⊆ 𝑺;
𝐵 = ClientRequested = {𝑠, scopes requested at Resource Server by the Client. s.t. 𝑠 ∈ 𝑺}, 𝐵 ⊆ 𝑺;
𝐶 = PermissionTicket = {𝑠, scopes recently used by the Client, s.t. 𝑠 ∈ 𝑺 }, 𝐶 ⊆ 𝑺;
𝐷 = ResourceRegisteredScopes = {𝑠, scopes registered with a protected Resource at AS by the RO, s.t. 𝑠 ∈ 𝑺}, 𝐷 ⊆ 𝑺;
Calculate the RequestedScopes (𝑬 ) set as following:
𝑬 = RequestedScopes = PermissionTicket ⋃ (ClientRegistered ⋂ ClientRequested);
𝑬 = 𝐶 ⋃ (𝐴 ⋂ 𝐵);
Let define SatisfiedPolicyCondition (𝑭 ) as the set all the scopes for which the client satisfies the policy condition related to.
𝑭 = SatisfiedPolicyCondition = {𝑠 ⇔ Client satisfies policy condition ∀ 𝑠 ∈ 𝑫};
Calculate the CandidateGrantedScopes (𝑮) set as following:
𝑮 = CandidateGrantedScopes = RequestedScopes ⋂ SatisfiedPolicyCondition;
𝑮 = 𝑬 ⋂ 𝑭;