...
- Blog entry with Venn diagram comparing OAuth, OpenID Connect, and UMA
- UMA webinar from December 2011 (slides, recording)
- UMA Requirements
- UMA Binding Obligations framework
- OpenID Connect specifications
Google Tech Talk video demonstrating the use of OpenID Connect claims for authorization in UMA flows
How is UMA related to XACML?
UMA is not formally related to XACML, but we can imagine some patterns of usage that bridge XACML and UMA. For example, UMA does not standardize a policy expression format or its evaluation, and treats an authorization manager as a conflated policy decision point (or at least authoritative authorization data source), policy administration point, and policy information point for the purposes of UMA's in-band flows. An AM could provide authorization data for which a host could then seek interpretation at a true XACML PDP. An UMA representative made a presentation to the XACML TC on 19 October 2012 to discuss liaison and technical opportunities. A specialized UMA token profile could also be used to provide a pattern for XACML's ongoing efforts to simplify/RESTify the current XACML standard.
Further reading:
- UMA and XACML slide deck
- Discussion on the XACML TC list
- Proposal for REST profile of XACML
...
Data Sharing, User Control, and Privacy Implications
...