As client C used by RqP Bob, want to be able to request access to a set of Alice's resources directly from Alice's AS on Bob's behalf without knowledge of their location, because I don't have to retrieve the locations first.
As a RO, I want to manage my resources independently of each individual RS (UMA core prop)
As an AS, I want to decouple the consent management UX from the authorization services,
As a RO, I need a personally controlled user-agent (UMA Wallet) to manage my key material, in order to maintain personal-agency in ecosystems
As a RO, I want to authorize a "UMA Wallet" to manage RS resources, so that I have a single view into my available RS's and Resources
As a RS, I need Alice to authenticate in order to determine which resources she can manage, in order to ensure appropriate management access
As a RS, I need Alice to establish credentials (pub key), so that I can trust externally asserted policy was issued with Alice
AS a RS, I need to trust delegations signed by Alice's key, so that Alice can allow Bob (other keys...) or <<claims gathering condition>> to access her resources
As a RS, I may delegate resource management user experience, so that I can focus of my core service to the RO
As an RS, I need to know which AS(s) Alice wants to use, in order to delegate access control (uma core)
As an AS, I want to delegate RqP identification to a UMA Wallet, so that
- a RqP can choose their private key and consent management provider
- I can avoid directly holding or seeing a users personal details
Best,
- Alec