...
- Wikipedia entry for "User-Managed Access" (English)
- WholeChainCom blog entry on selective sharing
- UnboundID blog entry on attribute management and white paper (registration required) on the "identity economy"
- Phil Windley white paper in the Live Web series: From Personal Computers to Personal Clouds
- Oliver Pfaff's "New Trends in Web Security" SlideShare
UMA-related short links:
- tinyurl.com/umawg: wiki home page
- tinyurl.com/umafaq: this FAQ
- tinyurl.com/umav1: UMA Core home page (with list of breaking/notable changes in drafts)
- tinyurl.com/umatrust: Binding Obligations home page
- tinyurl.com/umacore: latest Core spec
- tinyurl.com/oauthrsr: latest Resource Set Registration spec
- tinyurl.com/umacase: UMA case studies page
- tinyurl.com/umaam20: Access Management 2.0 case study
- tinyurl.com/umaiiot: industrial IoT case study
- tinyurl.com/uma1iop: interop home page
Further reading:
- UMA Case Studies
- Latest specification of the UMA profile of OAuth
- UMA's binding obligations specification for dealing with contractual obligations
...
Phase 1 of the UMA core protocol involves the resource owner introducing the resource server and authorization server so they can work together. Phases 2 and 3 together involve the requesting party, using a client, making an access attempt, being tested for suitability by the authorization server to receive permission, and ultimately succeeding or failing in the attempt by presenting a token with permissions associated with it.
Further reading:
...
...
UMA's Relationship to Other Efforts
...