...
Specifications and Auxiliary Documents
This page collects our draft specifications and other auxiliary material, and various other useful materials that may contribute to them. See the list of child pages at the bottom for a summary.
Specifications in Progress
We are currently using Christian's UMA-Specifications area on github – http://github.com/mrtopf/UMA-Specifications – for our active spec development. We will periodically post or link to snapshots of specs from this wiki. Following is an accounting of specs and their status.
Spec | Description | Status |
---|---|---|
UMA Scenarios and Use Cases | Records the scenarios and use cases governing the development of the User-Managed Access protocol and guiding associated implementations and deployments. | Currently maintained directly on this wiki. Latest version is here. We are behind on assessing and adding scenarios; see below on this page for the "scenario docket". |
UMA Requirements | Records the specific requirements governing the development of the User-Managed Access protocol and guiding associated implementations and deployments. | Currently maintained directly on this wiki. Latest version is here. We treat design principles (beyond the ones in our charter) as emergent, and collect them as we see fit. |
UMA 1.0 Core Protocol | Defines the User-Managed Access (UMA) 1.0 core protocol. This protocol provides a method for users to control access to their protected resources, residing on any number of host sites, through an authorization manager that makes access decisions based on user policy. | Active development currently takes place on github. See also Christian's personal space on this wiki for spec sketches, and Maciej's contributions on dynamic client binding and resource registration). We are in the process of modularizing the spec further. The version on this wiki is currently partially out of date; stay tuned. |
Protocol Issues | Random list of issues we need to burn down in working on the specs. | This list is known not to be complete. We are also putting specific spec design issues directly into the specs on github. |
Claims 2.0 | Defines a JSON-based format for expressing claims and requests for claims. | Currently maintained directly on this wiki. Latest version is here. |
Simple Access Authorization Claims | Uses the Claims 2.0 specification to define a small set of basic claims to be used in the process of User-Managed Access (UMA) access authorization. | Currently maintained directly on this wiki. Latest version is here. |
Lexicon | Compendium of official and unofficial terms and definitions related to UMA. | This document has served as an aid to figuring out legal considerations; now it is not very actively maintained. Latest version is here. |
Legal Considerations in UMA Authorization | Explores legal issues raised by the act of using User-Managed Access (UMA) to authorize another party to get web resource access. | Currently maintained directly on this wiki. Latest version is here. Awaiting incorporation of many comments, include a contribution by JeffS. |
Scenario Docket
Following is the current status of scenarios and their constituent use cases.
...
Scenario nickname
...
Champion
...
Status
...
Other notes
...
Calendar
...
Eve
...
Accepted
...
...
E-commerce
...
Eve
...
Accepted
...
...
Loan
...
Domenico
...
Accepted
...
...
Distributed services
...
Christian
...
Pending
...
...
Two-way location
...
Eve
...
Pending
...
...
Requester delegate
...
Mike H.
...
Accepted
...
One of the two specific use cases was accepted, the other rejected
...
Employer/employee
...
Eve
...
Pending
...
...
Custodian
...
Maciej
...
Pending
...
...
Moving resources
...
Maciej
...
Pending
...
...
Protected inbox
...
Joe
...
Pending
...
...
CV sharing
...
Maciej
...
Accepted
...
...
Health data
...
Gerry
...
Pending
...
...
Car-buying
...
Iain/Joe
...
Awaiting submission
...
This will likely be a summary pointing to the original Kantara InfoSharing document
...
"Hey, sailor"
...
Eve
...
Awaiting submission
...
...
ACLs with PoCo integration
...
?
...
?
...
...
Terms negotiation: null
...
Eve
...
Pending
...
...
Terms negotiation: requester identification
...
Eve
...
Pending
...
...
Terms negotiation: facts
...
Eve
...
Awaiting submission
...
...
Terms negotiation: promises
...
Eve
...
Awaiting submission
...
...
Terms negotiation: payments
...
Eve
...
Awaiting submission
...
auxiliary documents produced by the Work Group.
- The PDP Profile Kantara UMA 2.0 Implementor's Draft based on the contribution by Origo Services Limited for the UK Pensions Dashboard Programme and accepted for consideration by the UMAWG in December 2020. It has not been subsequently published due to the agreement between the Pensions Dashboard Programme and Kantara to make available on Kantara's website the original contribution from Origo on revised License terms.
- The Design Document - PDP Profile of Kantara UMA 2.0 Implementor's Draft based on the contribution by Origo Services Limited and accepted for consideration by the UMAWG in December 2020. It has not been subsequently published due to the agreement between the Pensions Dashboard Programme and Kantara to make available on Kantara's website the original contribution from Origo on revised License terms.
- User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization and Federated Authorization for User-Managed Access (UMA) 2.0 are at Recommendation stage.
- The UMA Release Notes document is up to date to reflect the changes from UMA1 to UMA2.
- The UMA Disposition of Comments document lists how review comments were handled in the UMA2 development process.
- The UMA Implementer's Guide provides advice and discussions relevant to UMA developers and deployers.
Obsolete specifications and auxiliary documents are collected under a separate page in this area.
We use https://github.com/KantaraInitiative/wg-uma for active spec development, with snapshots provided on the docs.kantarainitiative.org site.