Anything that needs to be protected for example :
A user picture or an API operation
Resource with one or more resources.
Contains one or more security rules and is assigned
to one or several resources. Used by the UMA
server to check if an incoming request can execute the
requested operations (read, write or delete) against
Belongs to an authorization policy.
An entity capable of granting access to a protected resource.
When the resource owner is a person, it is referred to as an
List of resources which can be accessed by a client.
An application making protected resource requests on behalf
of the resource owner and with its authorization.
The term “client” does not imply any particular implementations
characteristics (e.g. : whether the application
executes on a server, a desktop or other devices).
Implements the UMA-RFC.
Implements the OPENID-RFC.
|Requesting Party Token (RPT)||
An UMA access token associated with a set of authorization
data, used by the client to gain access to protected resources
at the UMA server.