Third-Party Profiles and Extensions
| Table of Contents | ||||
|---|---|---|---|---|
|
This page attempts to keep track of third-party efforts to profile UMA . This page is not guaranteed to include every such profile, nor should any profile's appearance on this page profiles and extensions. Appearance of information here should not be taken as an endorsement by the UMA Work Group (though the group may subsequently choose to adopt any contributed third-party profiles or extensions as work items). We strongly recommend that profilers study and follow the advice given in the Specifying Additional Profiles section of the UMA core specification. Note that As recommended in the UMA core specification itself defines a "bearer" RPT profile that is mandatory to implement, and an OpenID Connect claim profile that is optional.
Profiles of UMA
None known at this time.
RPT Profiles
None known at this time.
Claim Profiles
OX UMA Claim Profile: This profile defines a basis for adhering to a policy that requires an AAT to have been acquired on the basis of a certain authentication strength, leveraging a proposal for capturing domain-specific authentication mode and level through OpenID Connect.
V2.0 Grant specification, an authorization server supporting a related profile or extension should supply any identifying URI in its uma_profiles_supported metadata.
Profiles in the Healthcare Sector
The HEART (Health Relationship Trust) Working Group has profiled UMA 2.0 in the form of two specifications, Health Relationship Trust Profile for User-Managed Access 2.0 and
Health Relationship Trust Profile for Fast Healthcare Interoperability Resources (FHIR) UMA 2 Resources, both at Implementer's Draft status as of this writing.
Profiles in the Financial Sector
The not-for-profit company Origo has profiled UMA for use in the UK Pensions Dashboard ecosystem. See this page for more information.