https://docs.kantarainitiative.org/uma/ed/oauth-resource-reg-2.0-03.html
I've been working on great detailed comments from Cigdem and Mike (thanks!) and other mostly editorial stuff, and managed to implement 98% of the big section refactoring I've been talking about for a while (flatten-consolidate-shorten). Please try and give these a read-through.
Questions:
- I'm starting to believe that the "authorization interface" is actually properly the "UMA grant", tip to toe. In one place I actually did call it that. True?
- I added a precondition/assumption that the client needs to use the client credentials grant to get an access token to use in the header when it makes a call to the token endpoint to get an RPT. Is my understanding correct? We didn't say anything about this before.
- We have "five definitive errors" that end the authorization process. But is there anything that should happen to make this truly definitive? Should permission tickets expire, or what?
- I've got a couple of other Table of Contents nerd questions that I'd love to pore over with others similarly inclined in a quick session before our Thursday session. Self-identify and I'll find you.
Eve Maler
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl