...
We are currently using https://github.com/xmlgrrl/UMA-Specifications for our active spec development, with snapshots provided on the docs.kantarainitiative.org site. ( The UMA wiki page for the core spec is now just a placeholder.)now summarizes all relevant information about that spec.
Following is a "call tree" of key specifications and other documents that are currently referenced normatively in the UMA core spec. Support isn't necessarily required for all (or any) features of these specs; read the UMA spec for details.
- OAuth2 (required)
- OAuth2 bearer tokens (required)
- OAuth2 SAML bearer tokens (recommended in enterprise settings)
- OpenID Connect Standard (optional)
- JSON (required)
- hostmeta (required)
- XRD 1.0
- .well-known.well-known (required)
XRD is no longer used. We have moved to JSON-formatted configuration data instead.
Following are auxiliary documents that are currently non-normative:
...
- OAuth Dynamic Client Registration Protocol – this was a proposal made by the UMA group to the OAuth discussion on dynamic registration; our intention is for it to be superseded by the OpenID Connect Dynamic Client Registration spec. It is being considered as input to the IETF OAuth Working Group's next chartered phase of effort.
The following documents still available on this wiki are considered obsolete:
- Claims 2.0 and Simple Access Authorization Claims (obsoleted by the OpenID Connect mechanisms for requesting and providing claims)
- Legal Considerations (obsoleted by the Trust Model)
- Lexicon (obsoleted by the spec itself and the Trust Model)
- UMA Resource Registration (obsoleted by incorporation of this feature into the core spec)OAuth Dynamic Client Registration Specification Issues (obsoleted by ongoing work on the OpenID Connect Dynamic Client Registration Spec)