UMA Trust Model

Abstract

This document explores defines the expectations and responsibilities of various parties interoperating in the User-Managed Access (UMA) context, with an overall goal of facilitating . The overall goal for UMA's trust model is to support legal enforceability of any agreements made between authorizing users and requesting parties in the granting of access authorization. This document's audience includes technologists, legal professionals, and operators of UMA-conforming services.

Status

This document is a product of the User-Managed Access Work Group. It is currently under active development. Its latest version can always be found here. See the Change History at the end of this document for its revision number.

...

...

Introduction

UMA is a Web protocol that . As such, it describes a technical "contract" for HTTPweb-based interactions (such as – standardized request and response messages involving using standardized data formats ) – among compliant software entities. The entities fill various roles in order to achieve "user-managed access" to Web resources. The following diagram illustrates the high-level goal of UMA.

...

Software entities participating in a protocol are frequently known as endpoints. The UMA endpoints are:

• Authorizing user ( – the "user" in User-Managed Access )
  • NOTE: "User" is often used informally in the UMA spec, where what is really meant is the browser (or other client software application) being operated by this person
• Authorization manager (or AM)
• Host (of "protected resources")
• Requester

...

Software

...

Because software is just a tool and ; it can