It might be helpful to consider this from an identity perspective as I've had to do in order to propose a globally unique patient ID solution.
My proposal registers for Johnny, at birth, a personal domain and an associated email address for life along with email forwarding for life. At birth, the registrar is chosen and controlled by mom Alice and the forwarding address that Alice controls obviously points to Alice's notification endpoints. At some point, control of the registrar and the domain shift to Johnny. That shift is controlled by the registrar, of course, and could be based on input from Alice or a court order from Gov.
I see UMA from a similar perspective. At birth, Alice can choose to share her AS with Johnny or to buy Johnny his own AS that she controls. The choice will be transparent to Johnny's RSs just like the choice of registrar for Johnny's personal ID is transparent. If Alice chooses to use her AS for one of Johnny's RSs, then, at some point later when Johnny has a different AS, the RS will be asked to point to a different AS either by Alice or by a court order from Gov.
As far as the RS is concerned, the relationship between Alice and Johnny or Gov and Alice is completely abstracted out by UMA. The only thing that matters to the RS is who specifies the AS for a particular protected resource. Who controls the AS (be it Alice, Susie, Johnny, or Gov) is completely irrelevant to the RS. This delegation is the beauty of UMA.