UMA
...
V1 Protocol (Historical)
Following are handy links to the UMA specs and related materials.
Specification | URL | Description |
---|---|---|
UMA Core V1.0.1 Recommendation | https://docs.kantarainitiative.org/uma/ |
...
This is the pretty-printed latest version, available on the Kantara site.
http://tools.ietf.org/html/draft-hardjono-oauth-umacore
This is the latest version contributed as an IETF I-D. (It may be out of date with respect to the version linked above. We don't submit I-D revisions for every little edit.)
Final V1.0.1 version of the UMA Core Recommendation. | ||
OAuth RSR V1.0.1 Recommendation | https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html | Final V1.0.1 version of the OAuth RSR Recommendation. |
UMA Core V1 Recommendation | http://docs.kantarainitiative.org/uma/ |
...
...
This is the pretty-printed latest version, available on the Kantara site. (It has not yet been contributed to the IETF.)
Final V1.0 version of the UMA Core Recommendation (obsoleted by V1.0.1). | |
OAuth RSR V1 Recommendation | https:// |
...
...
...
This is the GitHub repository for the spec and issues.
uma/rec-oauth-resource-reg.html | Final V1.0 version of the OAuth Resource Set Registration Recommendation (obsoleted by V1.0.1). |
UMA Core I-D rev 13 | https:// |
...
...
...
This is a direct link to the issues list.
html/draft-hardjono-oauth-umacore-13 | IETF I-D of the UMA Core specification corresponding to the V1.0 Recommendation (expired). |
UMA Core I-D | http:// |
...
This is a short link you can use to direct people back to this page.
Recent breaking changes
Following is a catalog of notable changes.
...
- Section 1.5: The authorization server configuration data now allows for providing a dynamic client registration endpoint (now defined by the official OAuth dynamic client registration spec), rather than just serving as a flag for whether the generic feature is support.
- Sections 3.1.1 and 3.1.2: The am_uri header has been renamed to as_uri due to terminology changes (see below).
- Section 3.1.2: The OAuth error "insufficient_scope" is now a central part of the authorization server's response to a client with a valid RPT and insufficient scope. This aligns UMA more closely with OAuth as a profile thereof (stay tuned for more possible tweaks in this general area, e.g. in WWW-Authenticate).
...
- Authorization manager (AM) is now authorization server.
- Host is now resource server.
- Authorizing user is now resource owner.
- Requester is now client.
...
- Scope is now scope type (likely to change back due to feedback).
- Authorization data is now defined as a generic category, of which permissions are an instance.
- RPT now stands for requesting party token instead of requester permission token.
- UMA is more explicitly defined as a profile of OAuth.
...
tools.ietf.org/html/draft-hardjono-oauth-umacore | Latest IETF I-D of the UMA Core specification (corresponding to rev 14 and an expired "shell" specification pointing to V1.0.1; the WG has no intent to update it). | |
OAuth RSR I-D rev 06 | https://tools.ietf.org/html/draft-hardjono-oauth-resource-reg-06 | IETF I-D of the OAuth Resource Set Registration specification corresponding to the V1.0 Recommendation. |
OAuth RSR I-D | https://tools.ietf.org/html/draft-hardjono-oauth-resource-reg | Latest IETF I-D of the OAuth Resource Set Registration specification (corresponding to rev 07 and an expired "shell" specification pointing to V1.0.1; the WG has no intent to update it). |
UMA Binding Obs | http://docs.kantarainitiative.org/uma/draft-uma-trust.html | UMA Binding Obligations specification (now obsolete; see the UMA Legal work). |
UMA Binding Obs I-D | https://tools.ietf.org/html/draft-maler-oauth-umatrust | Latest IETF I-D of the UMA Binding Obligations specification (corresponding to rev 03 and expired; the WG has no intent to update it). |
UMA on GitHub | https://github.com/KantaraInitiative/wg-uma | GitHub repository for the spec. |
UMA issues | https://github.com/KantaraInitiative/wg-uma/issues | Direct link to the issues list in GitHub. |
UMAWG Twitter | https://twitter.com/umawg | UMA group Twitter handle. |
UMAWG Facebook | https://www.facebook.com/UserManagedAccess | UMA group Facebook page. |
Short link | http://tinyurl.com/umav1 | Short link to return to this page. |