Versions Compared

Old Version 49

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Eve Maler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

UMA

...

V1 Protocol (Historical)

Following are handy links to the UMA specs and related materials.

SpecificationURLDescription

UMA Core V1.0.1 Recommendation

https://docs.kantarainitiative.org/uma/

...

rec-uma-core-v1_0_1.html

This is the pretty-printed latest version, available on the Kantara site.

http://tools.ietf.org/html/draft-hardjono-oauth-umacore

This is the latest version contributed as an IETF I-D. (It may be out of date with respect to the version linked above. We don't submit I-D revisions for every little edit.)

Final V1.0.1 version of the UMA Core Recommendation.

OAuth RSR V1.0.1 Recommendation

https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html
Final V1.0.1 version of the OAuth RSR Recommendation.

UMA Core V1 Recommendation

http://docs.kantarainitiative.org/uma/

...

rec-uma-

...

core-v1_0.html

This is the pretty-printed latest version, available on the Kantara site. (It has not yet been contributed to the IETF.)

Final V1.0 version of the UMA Core Recommendation (obsoleted by V1.0.1).

OAuth RSR V1 Recommendation

https://

...

docs.kantarainitiative.

...

org/

...

This is the GitHub repository for the spec and issues.

uma/rec-oauth-resource-reg.html
Final V1.0 version of the OAuth Resource Set Registration Recommendation (obsoleted by V1.0.1).

UMA Core I-D rev 13

https://

...

tools.ietf.

...

org/

...

This is a direct link to the issues list.

html/draft-hardjono-oauth-umacore-13
IETF I-D of the UMA Core specification corresponding to the V1.0 Recommendation (expired).

UMA Core I-D

http://

...

This is a short link you can use to direct people back to this page.

Recent breaking changes

Following is a catalog of notable changes.

From I-D rev 05 to 06:

...

  • Section 1.5: The authorization server configuration data now allows for providing a dynamic client registration endpoint (now defined by the official OAuth dynamic client registration spec), rather than just serving as a flag for whether the generic feature is support.
  • Sections 3.1.1 and 3.1.2: The am_uri header has been renamed to as_uri due to terminology changes (see below).
  • Section 3.1.2: The OAuth error "insufficient_scope" is now a central part of the authorization server's response to a client with a valid RPT and insufficient scope. This aligns UMA more closely with OAuth as a profile thereof (stay tuned for more possible tweaks in this general area, e.g. in WWW-Authenticate).

...

  • Authorization manager (AM) is now authorization server.
  • Host is now resource server.
  • Authorizing user is now resource owner.
  • Requester is now client.

...

  • Scope is now scope type (likely to change back due to feedback).
  • Authorization data is now defined as a generic category, of which permissions are an instance.
  • RPT now stands for requesting party token instead of requester permission token.
  • UMA is more explicitly defined as a profile of OAuth.

...

tools.ietf.org/html/draft-hardjono-oauth-umacore
Latest IETF I-D of the UMA Core specification (corresponding to rev 14 and an expired "shell" specification pointing to V1.0.1; the WG has no intent to update it).

OAuth RSR I-D rev 06

https://tools.ietf.org/html/draft-hardjono-oauth-resource-reg-06
IETF I-D of the OAuth Resource Set Registration specification corresponding to the V1.0 Recommendation.

OAuth RSR I-D

https://tools.ietf.org/html/draft-hardjono-oauth-resource-reg
Latest IETF I-D of the OAuth Resource Set Registration specification (corresponding to rev 07 and an expired "shell" specification pointing to V1.0.1; the WG has no intent to update it).

UMA Binding Obs

http://docs.kantarainitiative.org/uma/draft-uma-trust.html
UMA Binding Obligations specification (now obsolete; see the UMA Legal work).

UMA Binding Obs I-D

https://tools.ietf.org/html/draft-maler-oauth-umatrust
Latest IETF I-D of the UMA Binding Obligations specification (corresponding to rev 03 and expired; the WG has no intent to update it).

UMA on GitHub

https://github.com/KantaraInitiative/wg-uma
GitHub repository for the spec.

UMA issues

https://github.com/KantaraInitiative/wg-uma/issues
Direct link to the issues list in GitHub.

UMAWG Twitter

https://twitter.com/umawg
UMA group Twitter handle.

UMAWG Facebook

https://www.facebook.com/UserManagedAccess
UMA group Facebook page.
http://tinyurl.com/umav1
Short link to return to this page.