UMA Trust Model
...
Abstract
...
This document explores the expectations and responsibilities of various parties interoperating in the User-Managed Access (UMA) context, with an overall goal of facilitating legal enforceability of any agreements made between authorizing users and requesting parties in the granting of access authorization.
...
Status
...
This document is a product of the User-Managed Access Work Group. It is currently under active development. Its latest version can always be found here. See the Change History at the end of this document for its revision number.
...
Editors
...
- Susan Morrow
- Eve Maler
...
Intellectual Property Notice
...
The User-Managed Access Work Group operates under Kantara IPR Policy - Option Patent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non discriminatory (RAND) and the publication of this document is governed by the policies outlined in this option.
Table of Contents
Table of Contents | ||||||||
---|---|---|---|---|---|---|---|---|
|
Introduction
UMA is a protocol that describes a technical "contract" for HTTP-based interactions (such as standardized request and response messages involving standardized data formats) among compliant software entities. The entities fill various roles in order to achieve "user-managed access" to Web resources. The following diagram illustrates the high-level goal of UMA.
The following diagram illustrates the high-level architecture UMA uses to achieve its goal.
Software Endpoints vs. Legally Responsible Parties
Software entities are frequently known as endpoints. The UMA endpoints are:
- Authorizing user (the "user" in User-Managed Access), operating a "user agent" such as a browser in order to interact with the other software in the UMA ecosystem – sometimes the software endpoint is just called the "user" for short
- Authorization manager (AM)
- Host (of "protected resources")
- Requester
Because software is just a tool and canFollowing are handy links to the UMA "trust model" spec, Binding Obligations on UMA Participants, and related materials.
Content | URL | Description |
---|---|---|
UMA Binding Obligations | http://docs.kantarainitiative.org/uma/draft-uma-trust.html | This is the pretty-printed latest version, available on the Kantara site. It may be more up to date than the version last contributed as an IETF I-D. |
UMA Binding Obligations I-D | http://www.ietf.org/id/draft-maler-oauth-umatrust-00.txt | This is the latest version contributed as an IETF I-D. It may be out of date with respect to the version linked above. We don't submit I-D revisions for every little edit. |
User guide | http://kantarainitiative.org/confluence/display/uma | Domenico Catalano's latest work on leveraging UMA in an actual deployed ecosystem. |
Measuring elements of trust | Measuring elements of Trust | Domenico's early study analyzing the UMA trust proposition. |
UMA on GitHub | https://github.com/xmlgrrl/UMA-Specifications | This is the GitHub repository for the spec and issues. |
UMA issues | https://github.com/xmlgrrl/UMA-Specifications/issues | This is a direct link to the issues list. |
Trust model info short link | http://tinyurl.com/umatrust | This is a short link you can use to direct people back to this page. |
Recent breaking changes
Following is a catalog of notable changes.
- (None yet: rev 00 is the first "normative" version)