...
Specifications and Auxiliary Documents
This page collects our draft specifications and other auxiliary material, and various other useful materials that may contribute to them. See the list of child pages at the bottom for a summary.
We are currently using https://github.com/xmlgrrl/UMA-Specifications for our active spec development, with snapshots provided on the docs.kantarainitiative.org site. The UMA wiki page for the core spec now summarizes all relevant information about that spec.
Following is a "call tree" of key specifications and other documents that are currently referenced normatively in the UMA core spec. Support isn't necessarily required for all (or any) features of these specs; read the UMA spec for details.
- OAuth2 (required)
- OAuth2 bearer tokens (required)
- OAuth2 SAML bearer tokens (recommended in enterprise settings)
- OpenID Connect Standard (optional)
- JSON (required)
- hostmeta (required)
- .well-known (required)
XRD is no longer used. We have moved to JSON-formatted configuration data instead.
Following are auxiliary documents that are currently non-normative:
- OAuth Dynamic Client Registration Protocol – this was a proposal made by the UMA group to the OAuth discussion on dynamic registration. It is being considered as input to the IETF OAuth Working Group's next chartered phase of effort.
The following documents still available on this wiki are considered obsolete:
...
auxiliary documents produced by the Work Group.
- The PDP Profile Kantara UMA 2.0 Implementor's Draft based on the contribution by Origo Services Limited for the UK Pensions Dashboard Programme and accepted for consideration by the UMAWG in December 2020. It has not been subsequently published due to the agreement between the Pensions Dashboard Programme and Kantara to make available on Kantara's website the original contribution from Origo on revised License terms.
- The Design Document - PDP Profile of Kantara UMA 2.0 Implementor's Draft based on the contribution by Origo Services Limited and accepted for consideration by the UMAWG in December 2020. It has not been subsequently published due to the agreement between the Pensions Dashboard Programme and Kantara to make available on Kantara's website the original contribution from Origo on revised License terms.
- User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization and Federated Authorization for User-Managed Access (UMA) 2.0 are at Recommendation stage.
- The UMA Release Notes document is up to date to reflect the changes from UMA1 to UMA2.
- The UMA Disposition of Comments document lists how review comments were handled in the UMA2 development process.
- The UMA Implementer's Guide provides advice and discussions relevant to UMA developers and deployers.
Obsolete specifications and auxiliary documents are collected under a separate page in this area.
We use https://github.com/KantaraInitiative/wg-uma for active spec development, with snapshots provided on the docs.kantarainitiative.org site.