Versions Compared

Old Version 12

changes.mady.by.user Former user

Saved on

compared with

New Version 13

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Massive revision; see the real spec as linked for the new Trust Model content.

UMA Trust Model

...

Abstract

...

This document defines the expectations and responsibilities of various parties interoperating in the User-Managed Access (UMA) context. The overall goal for UMA 's trust model is to support legal enforceability of any agreements made between authorizing users and requesting parties in the granting of access authorization. This document's audience includes technologists, legal professionals, and operators of UMA-conforming services.

...

Status

...

This document is a product of the User-Managed Access Work Group. It is currently under active development. Its latest version can always be found here. See the Change History at the end of this document for its revision number.

...

Editors

...

  • Susan Morrow
  • Eve Maler

...

Intellectual Property Notice

...

The User-Managed Access Work Group operates under Kantara IPR Policy - Option Patent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non discriminatory (RAND) and the publication of this document is governed by the policies outlined in this option.

Table of Contents

Table of Contents
minLevel1
maxLevel3
outlinetrue
indent20px

Introduction

UMA is a Web protocol. As such, it describes a technical "contract" for web-based interactions – standardized request and response messages using standardized data formats – among software entities. The entities fill various roles in order to achieve "user-managed access" to Web resources. The following diagram illustrates the high-level goal of UMA.

Image Removed

The following diagram illustrates the high-level architecture UMA uses to achieve its goal.

Image Removed

Software entities participating in a protocol are known as endpoints. The UMA endpoints are:

  • Authorizing user – the "user" in User-Managed Access
    • NOTE: "User" is often used informally in the UMA spec, where what is really meant is the browser (or other client software application) being operated by this person
  • Authorization manager (or AM)
  • Host (of "protected resources")
  • Requester

Software is just a tool; it canwork has undergone a lot of refinement. The document that previously lived on this page has been retired, and has been replaced by a new specification, Binding Obligations on User-Managed Access (UMA) Participants. You can see the old document by visiting old revisions of this page.

...

Anchor
change-history
change-history
Change History

Change History