Re: [GNAP] Terminology

Dave Tonge <> Thu, 13 August 2020 12:59 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7C4463A0BFC for <>; Thu, 13 Aug 2020 05:59:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id G7p0SKDkddS2 for <>; Thu, 13 Aug 2020 05:59:07 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::636]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D3A5D3A0BFF for <>; Thu, 13 Aug 2020 05:59:07 -0700 (PDT)
Received: by with SMTP id f10so2583919plj.8 for <>; Thu, 13 Aug 2020 05:59:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Iq/eMFQoUmQKRh2QXHUIG/S94FRpNtXVT6LeMg8HAAM=; b=XApJOiIYC6KLtxqmN08D96Rf/4gl1zGgyGN5LrchoxG9z7xpz9aAwWrMziYS1Isuaf 8cy09sB/du3M15Mr1SME0NOE4cdjDkMbYcOm3HHWvZQLTGv9gzSewMxPGXKmVqOI/c8N eyID+dlBjvYH0MLr/9C5BZOGAF2AR9oBfLy4Q=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Iq/eMFQoUmQKRh2QXHUIG/S94FRpNtXVT6LeMg8HAAM=; b=tvSeVdreJMXwtxrULfKu2jDrvRrsJjUcCANwxy1Qr+n6uFBGEr6yhi6TTB+qe3qv2q ivK1Gs789oDYLQqhGtLevIktiMy5ITbymBLEl2wcaqnQDy4kwR535Y+qJNApHNQO2B3L X9EzD9Dzm3eOm78ztE6G/xpKPC8xZvIaS8hFNuUw+Snta/oz7kuJVT+fsV6kxOKtxZe8 2vzr2y3WSzMDEs7nhl8LVhrTKcgkekm6in+WqQw5043PvtzCRGosC9vgeXuvUmgcSn4y YnxFnzP7u5Ny49O558Fz8f/gRF680QRRvihGflxHdK7lX/FZqJR3ohBvCilMf9El7knT rvDQ==
X-Gm-Message-State: AOAM532ZmmiDeDj6KzYr9yJX/b5xDy92Z1Mc8cCwjYE1+YSIGi5BEJSU HmO/HFwCdzt4VN+8rTd0D1RIVg2Ggpi+JtNLQaPLLrQMZZuXWgqk18vGX1lCnhH43NyBbpxmgxZ A6O+B8U/5KbQC3oU=
X-Google-Smtp-Source: ABdhPJx9N2meuDiMw1eNiQ364kpFgFqR1Vvp6LmwCRb8zB8tXu6eyKCKVd4LrrC7Ki2aZuKJTYLVITXW9nRDCa9WNHE=
X-Received: by 2002:a17:90b:1295:: with SMTP id fw21mr4505016pjb.81.1597323547089; Thu, 13 Aug 2020 05:59:07 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
From: Dave Tonge <>
Date: Thu, 13 Aug 2020 14:58:55 +0200
Message-ID: <>
To: Fabien Imbault <>
Cc: Justin Richer <>, Dick Hardt <>, Mike Jones <>, Tom Jones <>, Francis Pouatcha <>, Benjamin Kaduk <>, Denis <>, "" <>
Content-Type: multipart/alternative; boundary="0000000000009db96205acc1de21"
Archived-At: <>
Subject: Re: [GNAP] Terminology
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 13 Aug 2020 12:59:10 -0000

I would be against using "grant" as both a verb and a noun and stick purely
with one or the other. (In the charter the only use of "grant" is in the
verb: "granted").

Using it as both a verb and a noun will be confusing and less accessible.

I think it will be confusing to say "The Grant Server issues a grant to the
Grant Client representing access that has been granted"

Whether the access takes place via a token being returned and used at a
resource server, or "claims" that are directly returned from the "Grant
Server" I think should be largely irrelevant when it comes to the naming of
the roles.

In almost all use cases that I have seen the "Grant Server" is making a
policy based decision "to grant" access to requested resource(s). To me,
that is the fundamental operation happening. I think nearly all use cases
can be applied to that, e.g. the GS grants access to
 - identity attributes for the end user
 - verify an identity attribute (e.g. that user is over 18)
 - all users photos at resource server X
 - a single photo with id 12345 at resource server Y
 - resource of type X at any resource server that trusts the Grant Server
 - call a payment API with specific properties (e.g. amount < 5)
 - call a file storage API
 - call a "contract signing" API with specific properties (e.g. contract
hash of xxx,)

While "client" is problematic, it does now have wide spread usage, so
perhaps we are stuck with it.
However I agree with Justin and think "Grant Client" makes things more

What is wrong with keeping "Client" and "Authorization Server"?



Moneyhub Enterprise is a trading style of Moneyhub Financial Technology 
Limited which is authorised and regulated by the Financial Conduct 
Authority ("FCA"). Moneyhub Financial Technology is entered on the 
Financial Services Register (FRN 809360) at 
<>. Moneyhub Financial Technology is registered 
in England & Wales, company registration number 06909772. Moneyhub 
Financial Technology Limited 2020 © Moneyhub Enterprise, Regus Building, 
Temple Quay, 1 Friary, Bristol, BS1 6EA. 

DISCLAIMER: This email 
(including any attachments) is subject to copyright, and the information in 
it is confidential. Use of this email or of any information in it other 
than by the addressee is unauthorised and unlawful. Whilst reasonable 
efforts are made to ensure that any attachments are virus-free, it is the 
recipient's sole responsibility to scan all attachments for viruses. All 
calls and emails to and from this company may be monitored and recorded for 
legitimate purposes relating to this company's business. Any opinions 
expressed in this email (or in any attachments) are those of the author and 
do not necessarily represent the opinions of Moneyhub Financial Technology 
Limited or of any other group company.