By: Andreea Corici user 14 Sep 2022 at 8:10 a.m. CDT

1 Response
Andreea Corici gravatar
My project mGov4EU ( includes in the architecture the 3 parties: user-accessed RP App, the data provider and the Authorization Server(Gluu). The user is the data owner to which the UMA resource relates. Up until now provisioning of UMA resources, retrieving UMA ticket and UMA RPT token were successful. Currently one of the RPT policies returns true all the time. The plan is to empower users to grant access to their UMA Resources per access attempt in case of a third party access. In the simple version, the user can be asked if he wants to retrieve the consent token as data owner. Here one could add claims like name and family name in the request to retrieve the RPT and also define a RPT policy script to check that the UMA resource is associated with the respective user claims. Here there is a missing link between the UMA resource and the user information. I was thinking of using SCIM to add a custom attribute for each UMA resource. What do you think about it. Are activities in the gluu community enabling similar usecases (either the general one with 3rdparty access and offline data owner agreement or the simple one with data owner accessing its own data). Also important is to enable the data owner user to track the access attempts or even accept and reject per attempt. This is why we are looking into the consent management plugin from CASA. Can you please tell me how to trigger the consent management plugin to ask the user about the access attempt. Until now I only got the log output that there are no authorization sessions to be listed.

By Davin Cooke Account Admin 14 Sep 2022 at 8:37 a.m. CDT

Davin Cooke gravatar
Hi Andreea - this is looks like an interesting project we'd like to learn more about. I'll send an email to setup a call but we can certainly answer these questions in this ticket too. I'll have our team respond.