Hi, I hope I placed this in proper category. We're trying to write our custom UMA authorization policy. We would like to use information about user group membership (memberOf from user's profile) to make the final decisions more specific. In other words we would like to use groups in the context of roles related to the protected resources. We want to map names of these groups to particular resources_sets registered within UMA. In order to be able to do this we need to extend current functionality to allow dynamic group registering within REST API exposed what is now not possible. Is that a good direction in your opinion? What we want to achieve is to have different roles (groups) which relate to some particular actions like view, edit, delete on some protected resource. Resource owner besides resource registering would create also groups and assign authorized end users to them. Later UMA auth policy would use these groups (names will be mapped to related protected resource) and end user membership to provide final auth decision. Auth policies are out of scope of the UMA spec so why we would like to extend given gluu functionality to reuse user groups to achieve our goals. Best regards, Dawid Szejnfeld