The Process

The Resource Owner (RO) may receive a requests for access to resources from a Requesting Party (RqP). A "request for access" is automatically generated when a RqP attempts to access a registered resource which does not contain a policy for the RqP's specified scope(s).

The Resource Owner (RO) can review pending requests and either "approve" or "deny" requests. If the RO approves the request, the RqP will be allowed to access the registered resource for the specific scope(s).

The Sequence

• Resource Owner (RO) must be authenticated with the Authorization Server (AS)
  • This can be done prior to accessing the Resource Owner Application (ROA) with a SSO session or via an explicit login process
• The Resource Owner Application (ROA) gets a list of pending requests.
  • The Resource Server (RS) gets the list from the Authorization Server (AS)
• The Resource Owner Application (ROA) obtains pending request details
  • The Resource Server (RS) gets the request details from the Authorization Server (AS)
• The Resource Owner Application (ROA) submits the "approve" or "deny" action
  • The Resource Server (RS) submits the action to the Authorization Server (AS)
  • Status information is returned and the interface is updated.