UMA
...
V1 Protocol (Historical)
Following are handy links to the UMA specs and related materials.
Content| Specification | URL | Description |
|---|
UMA Core |
httpdrafthttpThis is the pretty-printed latest version, available on the Kantara site. | OAuth RReg | | Final V1.0.1 version of the UMA Core Recommendation. |
OAuth RSR V1.0.1 Recommendation | |
draftThis is the pretty-printed version of a module that covers resource set registration, which UMA and other OAuth-based specs can use| Final V1.0.1 version of the OAuth RSR Recommendation. |
UMA Core V1 Recommendation | | Final V1.0 version of the UMA Core Recommendation (obsoleted by V1.0.1). |
OAuth RSR V1 Recommendation | | Final V1.0 version of the OAuth Resource Set Registration Recommendation (obsoleted by V1.0.1). |
UMA Core I-D rev 13 |
httpThis is the latest version contributed as an . (It may be out of date with respect to the version linked above. We don't submit I-D revisions for every little edit.)OAuth RReg I-D| of the UMA Core specification corresponding to the V1.0 Recommendation (expired). |
UMA Core I-D | | Latest IETF I-D of the UMA Core specification (corresponding to rev 14 and an expired "shell" specification pointing to V1.0.1; the WG has no intent to update it). |
OAuth RSR I-D rev 06 | |
This is the latest version contributed as an . (It may be out of date with respect to the version linked above. We don't submit I-D revisions for every little edit.)UMA Binding Obligations| of the OAuth Resource Set Registration specification corresponding to the V1.0 Recommendation. |
OAuth RSR I-D | | Latest IETF I-D of the OAuth Resource Set Registration specification (corresponding to rev 07 and an expired "shell" specification pointing to V1.0.1; the WG has no intent to update it). |
UMA Binding Obs | |
This is the pretty-printed latest version, available on the Kantara site. (It has not yet been contributed to the IETF.)| UMA Binding Obligations specification (now obsolete; see the UMA Legal work). |
UMA Binding Obs I-D | | Latest IETF I-D of the UMA Binding Obligations specification (corresponding to rev 03 and expired; the WG has no intent to update it). |
UMA on GitHub | |
xmlgrrlUMASpecificationsThis is the | GitHub repository for the spec |
and issuesxmlgrrlUMASpecificationsThis is a direct http| Direct link to the issues list in GitHub. |
Spec short link | tinyurlumav1This is a short link you can use to direct people back to this page. | Recent breaking changes
Following is a catalog of notable changes.
From I-D rev 05 to 06:
...
- Section 1.5: The authorization server configuration data now allows for providing a dynamic client registration endpoint (now defined by the official OAuth dynamic client registration spec), rather than just serving as a flag for whether the generic feature is support.
- Sections 3.1.1 and 3.1.2: The am_uri header has been renamed to as_uri due to terminology changes (see below).
- Section 3.1.2: The OAuth error "insufficient_scope" is now a central part of the authorization server's response to a client with a valid RPT and insufficient scope. This aligns UMA more closely with OAuth as a profile thereof (stay tuned for more possible tweaks in this general area, e.g. in WWW-Authenticate).
...
- Authorization manager (AM) is now authorization server.
- Host is now resource server.
- Authorizing user is now resource owner.
- Requester is now client.
...
- Scope is now scope type (likely to change back due to feedback).
- Authorization data is now defined as a generic category, of which permissions are an instance.
- RPT now stands for requesting party token instead of requester permission token.
- UMA is more explicitly defined as a profile of OAuth.
...
| UMA group Twitter handle. |
UMAWG Facebook | | UMA group Facebook page. |
Short link | | Short link to return to this page. |