1 Oct
2016
1 Oct
'16
4:11 p.m.
confusion around an UMA client vs. an OAuth client...
I find the term "UMA Client" particularly confusing, because the RS is also an OAuth2 client when it obtains a PAT.
* trust elevation vs. claims gathering (interactive exclusively?)
To me, trust elevation implies increased level of assurance about the identity (i.e. just the subject identifier). While additional claims can increase your trust, and perhaps each claim can carry it's own assurance, I think seperating identity from claims would be more clear.