...
These are questions we have fielded while giving UMA presentations and demos. If you want us to answer one of the empty questions you see appearing here, or have other questions, tweet us!
UMA-related short links:
- tinyurl.com/umawg: wiki home page
- tinyurl.com/umafaq: this FAQ
- tinyurl.com/umav1: UMA Core home page (with list of breaking/notable changes in drafts)
- tinyurl.com/umatrust: Binding Obligations home page
- tinyurl.com/umacore: latest Core spec
- tinyurl.com/oauthrsr: latest Resource Set Registration spec
- tinyurl.com/umacase: UMA case studies page
- tinyurl.com/umaam20: Access Management 2.0 case study
- tinyurl.com/umaiiot: industrial IoT case study
- tinyurl.com/uma1iop: interop home page
| Table of Contents | ||||
|---|---|---|---|---|
|
General Questions
What is UMA?
User-Managed Access (UMA, pronounced
| Table of Contents | ||||
|---|---|---|---|---|
|
...
General Questions
What is UMA?
User-Managed Access (UMA, pronounced "OOH-mah" like the given name) is an OAuth-based protocol designed to give a web user a unified control point for authorizing who and what can get access to their online personal data (such as identity attributes), content (such as photos), and services (such as viewing and creating status updates), no matter where all those things live on the web.
...
A number of historical articles and other materials about UMA are available:
- A comprehensive technical report published under the auspices of Newcastle University called User-Managed Access to Web Resources (also available on ncl.ac.uk site) explains the requirements that drive UMA, analyzes the design features that respond to these requirements, and reviews related work.
- A ReadWriteWeb article, Identity Management and Networks: The Enterprise Considers the Social Way from 23 Sep 2010, discusses UMA's potential impact.
- Group chair Eve Maler has written about UMA and its predecessor, ProtectServe, here.
- Some older historical materials (may be out of date) explain the original thinking behind UMA and its predecessor, ProtectServe, and a poster (best printed on A0-A3 paper; 8.5x11 or 8.5x14 is okay but small) was presented at the IEEE Security and Privacy symposium poster session.
For UMA information in other languages, see:
- Domenico Catalano's UMA introduction in Italian
- Cordny Nederkoorn's article on UMA in a Dutch publication
- Tatsuo Kudo's SlideShare deck covering UMA in Japanese
- Wikipedia information in Italian and Spanish, thanks to Riccardo Abeti and Domenico Catalano
For external information and thoughts on UMA, see:
...
materials about UMA are available:
- A comprehensive technical report published under the auspices of Newcastle University called User-Managed Access to Web Resources (also available on ncl.ac.uk site) explains the requirements that drive UMA, analyzes the design features that respond to these requirements, and reviews related work.
- A ReadWriteWeb article, Identity Management and Networks: The Enterprise Considers the Social Way from 23 Sep 2010, discusses UMA's potential impact.
- Group chair Eve Maler has written about UMA and its predecessor, ProtectServe, here.
- Some older historical materials (may be out of date) explain the original thinking behind UMA and its predecessor, ProtectServe, and a poster (best printed on A0-A3 paper; 8.5x11 or 8.5x14 is okay but small) was presented at the IEEE Security and Privacy symposium poster session.
For UMA information in other languages, see:
- Domenico Catalano's UMA introduction in Italian
- Cordny Nederkoorn's article on UMA in a Dutch publication
- Tatsuo Kudo's SlideShare deck covering UMA in Japanese
- Wikipedia information in Italian and Spanish, thanks to Riccardo Abeti and Domenico Catalano
For external information and thoughts on UMA, see:
- Wikipedia entry for "User-Managed Access" (English)
- WholeChainCom blog entry on selective sharing
- UnboundID blog entry on attribute management and white paper (registration required) on the "identity economy"
- Phil Windley white paper in the Live Web series: From Personal Computers to Personal Clouds
- Oliver Pfaff's "New Trends in Web Security" SlideShare
UMA-related short links:
- tinyurl.com/umawg: wiki home page
- tinyurl.com/umafaq: this FAQ
- tinyurl.com/umav1: UMA Core home page (with list of breaking/notable changes in drafts)
- tinyurl.com/umatrust: Binding Obligations home page
- tinyurl.com/umacore: latest Core spec
- tinyurl.com/oauthrsr: latest Resource Set Registration spec
- tinyurl.com/umacase: UMA case studies page
- tinyurl.com/umaam20: Access Management 2.0 case study
- tinyurl.com/umaiiot: industrial IoT case study
- tinyurl.com/uma1iop: interop home page
Further reading:
- UMA Case Studies
- Latest specification of the UMA profile of OAuth
- UMA's binding obligations specification for dealing with contractual obligations
...
Phase 1 of the UMA core protocol involves the resource owner introducing the resource server and authorization server so they can work together. Phases 2 and 3 together involve the requesting party, using a client, making an access attempt, being tested for suitability by the authorization server to receive permission, and ultimately succeeding or failing in the attempt by presenting a token with permissions associated with it.
Further reading:
...
...
UMA's Relationship to Other Efforts
...