...
User-Managed Access (UMA) allows a user to make access demands as well as manage access to their own resources outside of each and every service provider . The implications of these demands quickly go beyond cryptography and web protocols and into the realm of rights, contracts and liability.
Rights in that an individual has the right to control access to their information. UMA provides a infrastructure for dedicated access services. This relates to rights in that individuals Access control needs to be externalized from web applications and provided as a dedicated online service. UMA is a protocol for access control to resources at a host. E.g. a Internet Service provider.
Such a service should allow a user to control data-sharing and service-access relationships between online services hosting and accessing data. An external User controlled access services manager requires the ability to reside in distinct domains and establish relationships between services in a dynamic way. For the access relationship service to be usable across multiple web applications, it should not be required to understand the representations of resources it is charged with protecting and its functionality should be applicable to arbitrary web resources.
...
UMA targets end-user convenience and development simplicity as goals. But it also seeks enforceability of authorization agreements, in order to make the act of granting data and service access truly informed, un coerced, and meaningful – no longer a matter of mere passive consent but rather a step that more fully empowers ordinary web users.
For all these reasons , the UMA Work Group is exploring legal considerations need to be aware of the impact UMA has on issues related to authorization policy, contracts, liability, and enforceability that arise among the various actors in UMA interactions.
(Note: This document is in the process of being edited to be accessible to readers, even relatively nontechnical ones, who have expertise in these areas, and we welcome suggestions for improvement.)
...
To this picture, UMA adds the possibility of a new kind of web-based application: a kind of "traffic cop" for overseeing all these instances of travel itinerary sharing, which will help Alice manage her digital footprint. We'll call this site CopMonkey.com.
(am thinking of re-vamping this scenario so that it refelects an external access control manager than that of the Host (service provider) Mark ??
UMA overview and terminology
...