From: Pedro Igor Silva <psilva@redhat.com> Subject: Re: [WG-UMA] Keycloak support for UMA 2.0 Yes, that is what I meant. One of the use cases we have is that RS may fetch claims from external services, current HTTP request, etc, in order to push them along with a permission request. You are not forced to do this though.

Pedro, The RS can call whatever API's it wants before returning the permission ticket to the client. So this is just an optimization. IMHO, you could propose an extension, but I certainly wouldn't want to see any changes to the existing UMA specs that would hinder interoping the standard we already have. - Mike ------------------------ Michael Schwartz Gluu Founder / CEO mike@gluu.org https://www.linkedin.com/in/nynymike/