Overview#Federated Authorization for UMA 2.0 (UMAFedAuthz) defines a means for an UMA-enabled Authorization Server and Resource Server to be loosely coupled, or federated, in a Resource Owner context.
Federated Authorization for UMA 2.0 is designed for use with HTTP RFC 2616, and for interoperability and security in the context of loosely coupled services and applications operated by independent parties in independent domains. The use of UMA over any protocol other than HTTP is undefined. In such circumstances, it is RECOMMENDED to define profiles or extensions to achieve interoperability among independent implementations (see Section 4 of UMAGrant).
As defined in UMAGrant, the Resource Owner -- the entity here authorizing Protection API Token issuance -- MAY be an End-User (natural person) or a non-human entity treated as a person for limited legal purposes (Legal Person), such as a corporation. A Protection API Token is unique to a Resource Owner, Resource Server used for resource management, and Authorization Server used for protection of those resources. The issuance of the Protection API Token represents the authorization of the Resource Owner for the Resource Server to use the Authorization Server for protecting those resources.
Different Grant Types for Protection API Token issuance might be appropriate for different types of Resource Owners; for example, the Client Credentials Grant is useful in the case of an organization acting as a Resource Owner, whereas an interactive grant type is typically more appropriate for capturing the approval of an End-User Resource Owner. Where an Identity Token is desired in addition to an Access Token, it is RECOMMENDED to use OpenID.Core in addition.
More Information#There might be more information for this subject on one of the following:
- [#1] - Federated Authorization for User-Managed Access (UMA) 2.0 - based on information obtained 2017-07-10-