...
This page collects our draft specifications and other auxiliary material, and various other useful materials that may contribute to them. See the list of child pages at the bottom for a summary.
The following diagram illustrates the "call tree" of key specifications and other documents that are relevant to the UMA universe. Click on the diagram to get a version that allows clicking on specific icons to get the corresponding document.
Specifications in Progress
...
Spec | Description | Status | ||
---|---|---|---|---|
UMA Scenarios and Use Cases | Records the scenarios and use cases governing the development of the User-Managed Access protocol and guiding associated implementations and deployments. | Currently maintained directly on this wiki. Latest version is here. We are behind on assessing and adding scenarios; see below on this page for the "scenario docket". | ||
UMA Requirements | Records the specific requirements governing the development of the User-Managed Access protocol and guiding associated implementations and deployments. | Currently maintained directly on this wiki. Latest version is here. We treat design principles (beyond the ones in our charter) as emergent, and collect them as we see fit. | ||
UMA 1.0 Core Protocol | Defines the User-Managed Access (UMA) 1.0 core protocol. This protocol provides a method for users to control access to their protected resources, residing on any number of host sites, through an authorization manager that makes access decisions based on user policy. | Active development currently takes place on github. Snapshots for the core spec and the dynamic client registration spec are A snapshot is kept here (the working draft on this site is not current). | ||
Resource/scope registration | Defines the mechanism for hosts to convey important information about resources/scopes that the AM needs to protect. | This spec is in flux. See also Maciej's contributions on dynamic client binding and resource registrationcontribution on resource registration and Christian's proposal for scope registration. | ||
Dynamic client registration | Defines how hosts can dynamically discover information about an AM and how hosts and requesters can dynamically register at an AM to get a unique client identifier and optional secret. | Some UMA group participants have contributed an Internet-Draft to the IETF on this (pretty HTML version here), and intend to continue working on it as an OAuth WG action item. | ||
Protocol Issues | Random list of issues we need to burn down in working on the specs. | This list is known not to be complete. We are also putting specific spec design issues directly into the specs on github. | ||
Claims 2.0 | Defines a JSON-based format for expressing claims and requests for claims. | Currently maintained directly on this wiki. Latest version is here. (See also Domenico's proposal (slides, document) for trust models for third-party-asserted claims.) | ||
Simple Access Authorization Claims | Uses the Claims 2.0 specification to define a small set of basic claims to be used in the process of User-Managed Access (UMA) access authorization. | Currently maintained directly on this wiki. Latest version is here. Lexicon | Compendium of official and unofficial terms and definitions related to UMA. | This document has served as an aid to figuring out legal considerations; now it is not very actively maintained. Latest version is here. |
Legal Considerations in UMA Authorization | Explores legal issues raised by the act of using User-Managed Access (UMA) to authorize another party to get web resource access. | Currently maintained directly on this wiki. Latest version is here. Awaiting incorporation of many comments, include a contribution by JeffS. | ||
Lexicon | Compendium of official and unofficial terms and definitions related to UMA. | This document has served as an aid to figuring out legal considerations; now it is not very actively maintained. Latest version is here. |
Scenario Docket
Following is the current status of scenarios and their constituent use cases.
...