Possible to audit host's compliance in giving access based on a legitimate active permission from the AM? #24
Labels
core
Related to (original UMA1) core spec scope; may use obsolete language
extension
Idea that may be suitable for an extension spec or UMA Request For Enhancement
ROctrl
Related to enabling the RO to exert/retain control over resource access
RSctrl
Related to enabling the RS to exert/retain control over resource access
shoebox
Related to consent/personal data receipt API ideas
trust
Business-legal-technical (BLT) trust
Currently, the AM is not fully a "policy decision point" and the host is not merely a "policy enforcement point" because the AM tells the host what the active permissions are, and the host makes a judgment about whether one of them matches what the requester is trying to do. The AM must trust (read: is vulnerable to) a host that chooses to give access in a manner that doesn't match what the AM tells it.
We could get some measure of auditing / non-repudiation if we give the host the option (or require it) to tell the AM what type of permission it's actually looking for when it asks for token status. There are a few ways to do this:
This issue affects Sections 3.1.5 and 3.3. It also may affect the Trust Model if we strength the amount of "technical trust" the AM operator can have in the host operator around this.
The text was updated successfully, but these errors were encountered: