What you say about the RS not caring about AS/RO (Grantor) interactions is pretty much true. It's also unfortunately irrelevant to the point I'm trying to make about our Grantor and Resource Subject definitions up at the legal model clause level. :-)That is, we seem to have reason to care for our purposes about correctly referring to a Person as the Grantor even if they are not the Resource Subject, and about satisfying ourselves as to whether we can successfully solve both technical and legal versions of the use cases presented in the slide deck. While the technical pattern looks suspiciously similar each time (and as you point out the RS in particular can be blissfully unaware of any changes), it's the legal pattern that changes interestingly. The ASO ends up dealing with different parties, and the AS, in fact, ends up interacting with different digital identities.If people can take a look at the use cases and patterns with this in mind, and see if I missed anything or raise any questions, that would be great.(And it seems it's time to switch from Requesting Party to Grantee in our definitions -- yay!)Eve Maler
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrlOn Fri, Apr 8, 2016 at 9:32 AM, Adrian Gropper <agropper@healthurl.com> wrote:It might be helpful to consider this from an identity perspective as I've had to do in order to propose a globally unique patient ID solution.I see UMA from a similar perspective. At birth, Alice can choose to share her AS with Johnny or to buy Johnny his own AS that she controls. The choice will be transparent to Johnny's RSs just like the choice of registrar for Johnny's personal ID is transparent. If Alice chooses to use her AS for one of Johnny's RSs, then, at some point later when Johnny has a different AS, the RS will be asked to point to a different AS either by Alice or by a court order from Gov.
My proposal registers for Johnny, at birth, a personal domain and an associated email address for life along with email forwarding for life. At birth, the registrar is chosen and controlled by mom Alice and the forwarding address that Alice controls obviously points to Alice's notification endpoints. At some point, control of the registrar and the domain shift to Johnny. That shift is controlled by the registrar, of course, and could be based on input from Alice or a court order from Gov.As far as the RS is concerned, the relationship between Alice and Johnny or Gov and Alice is completely abstracted out by UMA. The only thing that matters to the RS is who specifies the AS for a particular protected resource. Who controls the AS (be it Alice, Susie, Johnny, or Gov) is completely irrelevant to the RS. This delegation is the beauty of UMA.AdrianOn Fri, Apr 8, 2016 at 11:01 AM, Eve Maler <eve@xmlgrrl.com> wrote:
_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma
--Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/