...
Participant name and logo | Contact names/emails | Solution full name | Solution abbrev | Roles (AS, RS, C) | |||||
---|---|---|---|---|---|---|---|---|---|
Gluu (logo, handle) | Mike Schwartz : mike(mike-at-gluu.org) Yuriy Zabrovarnayy : yuriy(yuriy-at-gluu.org) | OXAuth | OX | AS, RS, C | |||||
Apache plugin | AP | RS, C | |||||||
Cloud Identity Limited | ,(logo, handle) | Maciej Machulak | :(maciej.machulak | (AT)-at-cloudidentity.co.uk) | NuveAM | CI | AS, RS, C | ||
Python/Java UMA | PU | RS, C | |||||||
Roland Hedberg | Roland Hedberg : (roland.hedberg-at-adm.umu.se) | PyUMA | RH | AS, RS, C | |||||
ZXID.org (logo) | Sampo Kellomäki : (sampo-uma14-at-zxid.org) | ZXID w/mod_auth_saml | ZX | AS, RS, C |
Solution information: AS role
It is recommended that the AS provide RO and RqP login credentials that can be used in a programmatic fashion, e.g. in a simple HTML form. For the purposes of automating testing, we have agreed to use a query parameter with the name _umaauthn to convey a token string that enables login of an RO or RqP. It is assumed that the C is claims-unaware and will be using the redirect claim profile to redirect the RqP to the AS for login as the sole claims-gathering process. The "Alice" user can be used as both an RO and an RqP. The , and the "Bob" user can be used as an RqP. The different RqPs can be used with the same client to test policies that discriminate between RqPs using the same client. Clients "A" and "B" can be easily used to test policies that discriminate between the same RqP using different clients.
Solution:role | Config data URL | Token strings for "Alice" and "Bob" users | Static credentials for client "A" and client "B"client credentials | Supports dynamic client registration for RS and C? | Other details | |
---|---|---|---|---|---|---|
OX:AS | https://seed.gluu.org/.well-known/uma-configuration | Alice: Bob: | Client A: Client B: | RS: yes ,C: yes | See:||
CI:AS | https://demo.nuveam.com/.well-known/uma-configuration | Alice: Bob: | Client A: Client B: | RS: yes ,C: yes | ||
RH:AS | Alice: Bob: | Client A: Client B: | RS: yes C: yes | |||
ZX:AS | https://zxidp.org/.well-known/uma-configuration | (Need new info) test:test or HTTPS client cert or SAML IdP https://zxidp.org/idp with test:test | Client A: Client B: | RS: yes ,C: yes | https://zxidp.org/umainfo.html |
...
Any RS participating in interop has needs to expose either multiple resource sets (as registered with the AS) or multiple scopes, or both. This enables testing UMA-specific interop around sufficient/insufficient authz authorization data, permission tickets that match /or don't match the requested type of access, etc., while not dictating the specifics of what the API looks like. Each RS participant needs to provide enough information directly in the table below to explain how to access these differential resource sets and scopes, e.g. the URLs, parameters, etc. This way, clients can tell whether the RS was at fault or not if something goes wrong with authorization. It is RECOMMENDED recommended that each RS document exactly the one or two endpoints/calls/parameters that are sufficient for UMA interop testing purposes, to limit the universe of potential actions that a client can take.
Solution:role | API info | SDK avail? | Login URL and RO creds/token/session details | Protected resource URL(s) info | Client SDK/library info | Expects dynamic client registration at AS? | Other details | |||
---|---|---|---|---|---|---|---|---|---|---|
OX:RS | Java | https://seed.gluu.org/oxuma-rs/ | https://seed.gluu.org/oxuma-rs/ws/phone CRUD: Scopes: | |||||||
CI:RS | https://nuvepds.appspot.com/about/api | Python and Java | https://nuvepds.appspot.com (Sign sign in with your social profile) | https://nuvepds.appspot.com/about/api | Optional | |||||
RH:RS | Uses "pbryan" (http-json-resource) | https://xenosmilus.umdc.umu.se:8777/login.html (user:alice, password:krall) | Base URL for alice's resources: https://xenosmilus.umdc.umu.se:8777/json/alice | Available in Python and Java (sample at https://nuvepdsclient.appspot.com/) – where? | Supports webfinger. Supports acct and http identifier urls. | |||||
ZX:RS | https://zxidp.org/umainfo.html | libzxid (C/C++, PHP, Perl, Java, Apache httpd module) | https://zxidp.org/idpuma?o=umalogin | (test:test) | https://zxidp.org/idpuma?o=umaprotected | ? | ? |
Solution information: C role
...
Solution:role | App type | Other details | |
---|---|---|---|
OX:C | https://seed.gluu.org/oxuma-rp/ | ||
CI:C | https://nuvepdsclient.appspot.com/ | Sign in using social profile or pass a token | |
RH:C | |||
ZX:C | https://zxidp.org/idpuma?o=umatestres | https://zxidp.org/umainfo.html |