...
This page collects specifications and auxiliary documents produced by the Work Group.
We use https://github.com/KantaraInitiative/wg-uma for active spec development, with snapshots provided on the docs.kantarainitiative.org site.
The UMA technical specifications have reached Version 1.0 finalization and V1.0.1 draft specifications representing a "patch release" are out for review.
- The draft V1.0.1 specs include the UMA Core V1.0.1 specification and the OAuth RSR V1.0.1 specification.
- The normative V1.0 specs include the final UMA Core V1.0 specification (Kantara Recommendation, IETF I-D rev 13) and the OAuth Resource Set Registration V1.0 specification (Kantara Recommendation, IETF I-D rev 06), dated 4 April 2015. The latter specification was originally derived from UMA design work, but is suitable for use by OAuth and OpenID Connect as well.
The following auxiliary documents are currently non-normative:
- Binding Obligations on User-Managed Access (UMA) Participants (latest version, pretty-printed) (most recent IETF I-D, possibly somewhat out of date wrt the KI version)
- UMA Requirements
- UMA Scenarios and Use Cases
- UMA Case Studies
- Privacy by Design Implications of UMA
- UMA Implementer's Guide
- UMA Release Notes
The following documents still available on this wiki are considered obsolete:
- User-Managed Access (UMA) Claim Profiles Framework (latest version, pretty-printed) (most recent IETF I-D, possibly somewhat out of date wrt the KI version)
- Claims 2.0 and Simple Access Authorization Claims (obsoleted by Claim Profiles, itself obsolete)
- Legal Considerations (obsoleted by Binding Obligations)
- Lexicon (obsoleted by the spec itself and Binding Obligations)
- UMA Trust Model (obsoleted by Binding Obligations)
- UMA User Stories (obsoleted by Case Studies)
- OAuth Dynamic Client Registration Protocol (obsoleted by the OAuth WG's own standards-track specification, to which UMA core now refers)
- UMA Resource Registration (obsoleted by the now spun-off OAuth Resource Set Registration spec)The PDP Profile Kantara UMA 2.0 Implementor's Draft based on the contribution by Origo Services Limited for the UK Pensions Dashboard Programme and accepted for consideration by the UMAWG in December 2020. It has not been subsequently published due to the agreement between the Pensions Dashboard Programme and Kantara to make available on Kantara's website the original contribution from Origo on revised License terms.
- The Design Document - PDP Profile of Kantara UMA 2.0 Implementor's Draft based on the contribution by Origo Services Limited and accepted for consideration by the UMAWG in December 2020. It has not been subsequently published due to the agreement between the Pensions Dashboard Programme and Kantara to make available on Kantara's website the original contribution from Origo on revised License terms.
- User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization and Federated Authorization for User-Managed Access (UMA) 2.0 are at Recommendation stage.
- The UMA Release Notes document is up to date to reflect the changes from UMA1 to UMA2.
- The UMA Disposition of Comments document lists how review comments were handled in the UMA2 development process.
- The UMA Implementer's Guide provides advice and discussions relevant to UMA developers and deployers.
Obsolete specifications and auxiliary documents are collected under a separate page in this area.
We use https://github.com/KantaraInitiative/wg-uma for active spec development, with snapshots provided on the docs.kantarainitiative.org site.