Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
This issue is a follow up of a discussion  started on WG-UMA mailing list about use cases where the RS is protecting its own resources and privacy is not really a concern. For these use cases there is an assumption that every single protected resource have the RS itself as RO.
This assumption highlights some important points that should be considered on how to address such use cases using UMA given that:
Another important consideration to be made is that both RS and AS are colocated. In some cases, even the client could be within the same realm or security domain as RS and AS.
Considering all that, this issue aims to bring to discussion some sort of extension that could help address such use cases while still using most of UMA constructs and definitions.
I'm glad to come up with some suggestions about how to address some of the issues pointed out here if you think that what have been said so far makes sense and worthy to invest some time.
It would be nice to come up with something that could leverage UMA and support use cases other than those related with privacy. Nowadays, there are a lot of demand for protecting microservices or even resources in a monolithic application, where token-based authentication is becoming a very attractive solution for those looking not only for authentication but, specially, authorization.