I have an use case where resources from a UMA protected resource server don't require issuance of permission tickets. There is no need for RO approval neither claims gathering flow. But just check if a requesting party is allowed or not to access the resource.

I was wondering if I could enable a RS to act as a broker in a way that it could exchange the token the client has with a RPT and then return the RPT to the client. Subsequent requests from client will then use the RPT returned by the RS to access protected resources.

With this scenario I'm looking for:

* Avoid unnecessary round trips between clients and AS in order to obtain a RPT when a permission ticket is not necessary.

* Allow RS to push additional claims to AS with runtime/contextual data and evaluate policies based on these claims.

Any thoughts ?

Regards.
Pedro Igor