...
User-Managed Access (UMA) involves these entities:
| For example, a web user (authorizing user) can authorize a web app (requester) to gain one-time or ongoing access to a resource containing his home address stored at a "personal data store" service (host), by telling the host to act on access decisions made by his authorization decision-making service (authorization manager). |
...
Following is a condensed summary of the draft UMA protocol:
See also the following:
- Christian Scholz has done a very simple test implementation of the UMA protocol in Python.
- A comprehensive technical report published under the auspices of Newcastle University called User-Managed Access to Web Resources explains the requirements that drive UMA, analyzes the design features that respond to these requirements, and reviews related work.
...