本文档定义了如何在web服务接口上对用户和访问方进行身份验证。它还定义了资源所有者如何将对其资源的访问权委托给访问方。在此背景下，本文件还定义了必要的角色和职责分离，以满足安全、数据隐私和数据保护方面的要求。 角色的所有条件和依赖项都是针对使用OAuth 2.0兼容框架和OpenID Connect 1.0兼容框架的参考实现定义的。

This document defines how to authenticate users and accessing parties on a web-services interface. It also defines how a resource owner can delegate access to its resources to an accessing party. Within this context, this document also defines the necessary roles and required separation of duties between these in order to fulfil requirements stated on security, data privacy and data protection. All conditions and dependencies of the roles are defined towards a reference implementation using OAuth 2.0 compatible framework and OpenID Connect 1.0？compatible framework.