...
We are currently using https://github.com/xmlgrrl/UMA-Specifications for our active spec development, with snapshots provided on the docs.kantarainitiative.org site. The UMA wiki page for the core spec now summarizes all relevant information about that spec.
Following is a "call tree" of key specifications and other documents that are currently referenced normatively in the UMA core spec. Support isn't necessarily required for all (or any) features of these specs; read the UMA spec for details.
- Binding Obligations on User-Managed Access (UMA) Participants (required)
- OAuth2 (required)
- OAuth2 bearer tokens (required)
- OAuth2 SAML bearer tokens (recommended in enterprise settings)
- OpenID Connect Standard (optional)
- JSON (required)
- hostmeta (required)
- .well-known (required)
XRD is no longer used. We have moved to JSON-formatted configuration data instead.
UMA has been made a full-fledged profile of OAuth, and over time it is incorporating (as well as spinning off) functionality that comes from the wider OAuth specification universe. The UMA core spec now refers to a resource set registration spec that was originally derived from UMA design work, but is suitable for use by other OAuth-based technologies. See the normative references in the core spec for the other referenced bits.
Following are auxiliary documents that are currently non-normative:
- UMA Requirements
- UMA Scenarios and Use Cases
- UMA User Stories
- UMA Trust Model
- Case Studies
- OAuth Dynamic Client Registration Protocol – this was a proposal made by the UMA group to the OAuth discussion on dynamic registration. It is being considered as input to the IETF OAuth Working Group's next chartered phase of effort.
- UMA Resource Registration (obsoleted by the now spun-off OAuth Resource Set Registration spec being proposed for wider adoption)
The following documents still available on this wiki are considered obsolete:
- Claims 2.0 and Simple Access Authorization Claims (obsoleted by the OpenID Connect mechanisms for requesting and providing claims)
- Legal Considerations (obsoleted by the Trust ModelBinding Obligations)
- Lexicon (obsoleted by the spec itself and the Binding Obligations)
- UMA Trust Model (obsoleted by Binding Obligations)
- UMA Resource RegistrationUser Stories (obsoleted by incorporation of this feature into the core specCase Studies)