NOTICE

The User Managed Access (UMA) specification does not support a mechanism for the Requesting Party (RqP) to list the resources for a given Resource Owner (RO). UMA assumes that the RO provides the RqP with specific information to access a given resource. This scenario provides a "value add" feature of the Resource Server (RS), the ability to "discover" resources related to a RO. Background:

The Process

A Resource Owner (RO) may have resources where by "the existence" may expose privacy information (example: a medical AIDS test report implies that the RO got tested). Whether or not a resource is discoverable, needs to be controlled by the RO. The Resource Server (RS) "meta data", related to a resource, contains an attribute that indicates if the resource is discoverable.

The Sequence

• The Requesting Party (RqP) access the Client Application (CA).
• The Client Application (CA) submits a request to the Resource Server (RS) asking for resources related to the Resource Owner (RO). A request could be for all "discoverable" resources or for those "discoverable" resources that have a specific "name" or "type":
  • GET /share/owners/{ownerId}/resources
  • GET /share/owners/{ownerId}/resources?name={name}
  • GET /share/owners/{ownerId}/resources?type={type}
• The Resource Server (RS) reads the Resource Owner (RO) meta data, for resources, and obtains a list of resources that have been made "discoverable". The list of resources is returned to the Client Application (CA).
• The Client Application (CA) processes the list of resources and updates its interface.