Versions Compared

Old Version 74

changes.mady.by.user Eve Maler

Saved on

compared with

New Version Current

changes.mady.by.user Eve Maler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page gathers information about implementation efforts and interest, along with interoperability testing plans. Maciej Machulak is the UMA group's implementation coordinator. Key existing implementations that we know about are noted below, in alphabetical order of the project or organization.

...

ForgeRock

Status
colourGreen
titleDec Mar '1820
 The company ForgeRock (also at @ForgeRock) has an Identity Platform that includes an implementation of UMA 2.0, with both an "UMA Provider" (authorization server component) and an "UMA Protector" (resource server component), targeted at individual consent and data sharing use cases. The case studies Users Managing Delegated Access to Online Government Services and and Aggregating and Sharing Pension Information were based on POCs performed with earlier versions of the ForgeRock Identity Platform. In addition, ForgeRock has developed an open-source resource server reference implementation (also available and further described on the ForgeRock Marketplace, and in a series of blog posts – Why ForgeRock Secure Sharing: Trust and EnforceForgeRock Secure Sharing Ingredients: Who, What and How, and ForgeRock Secure Sharing: The Framework).

Gluu

Status
colourGreen
titleMay '18
 Open source software vendor Gluu (Twitter @GluuFederation) has implemented UMA 2.0 Authorization Server endpoints (including claims gathering) since Gluu Server 3.1.2. The Gluu Gateway is an API Gateway that can use UMA (acting as the RS) to enable admins to specify which UMA scopes are required to access certain API's.  Gluu also provides a free open source middleware service, oxd, that makes it easy for Clients and RS software developers to use UMA, and enables the generation of client libraries using an OpenAPI (Swagger) document.  The Gluu Server is used to map policies to UMA scopes. Policies are defined in python-syntax scripts. If policy fails, the Gluu Server claims gathering interception scripts enable admins to define multi-step workflows. For example, claims gathering can be implemented to support stepped-up authentication. Claims gathering also can be used to implement policy where the web browser cookie (i.e. SSO session) is preferred to gather user claims, versus using the pushed claim token mechanism.  

...

Status
colourGreen
titleMar '18
 HealthyMePHR, which enables secure patient-mediated clinical data exchange, was implemented by Lush Group, Inc. It implements UMA 1.0, with plans to update to full UMA 2 support. The software is currently in prototype form. It implemented the HEART profiles in conjunction with HEART specification development; it consists of a FHIR-based RS, AS and Client. 

HealthyMePHR was selected as a Phase 2 winner of The Department of Health and Human Service’s Move Health Data Forward Challenge. Since the intention was to free the patient from the many roadblocks currently in place, the implementers wanted to implement a wide ecosystem for exchange, adding an external OpenID Connect IdP to support that goal. Since other components were not available at the time of development, the solution was developed to be free standing. It is the intention that any of the components could be substituted. While the initial client is a HEART based viewer, it is actually accessing discrete data. This approach demonstrates an important building block for accessing discrete data via an API, under the control of patient-directed consent. HealthyMePHR has also been connected to EMRs via CDS hooks, providing physician’s with the ability to access the patient’s data which may be external to the EMR. For more information, see the Case Studies page or contact info@lgisoftware.com.

...

This implementation leverages third-party OAuth and OpenID Connect implementations Google OAuth2, Twitter OAuth2, and mdNOSH (this is for demo purposes for physician single-sign-on, not federated). HIE of One also implements blockchain-based authentication using the uPort implementation and the project is tracking the Decentralized ID (DID) standards for self-sovereign identity and W3C verifiable claims as these progress.

IDENTOS Federated Privacy Exchange (FPX)

...

The company Cloud Identity Limited (since acquired by Synergetics) developed an UMA Authorization Server - NuveAM (Online Demo). NuveAM implements the UMA protocol and supports other open standards including OAuth 2.0, OpenID Connect, and SAML 2.0The company also developed Java and Python SDKs. More information is on the company's website and the company's YouTube channelThe company integrated UMA with its NuveLogin service to simplify the flow for Resource Server and Client applications.

Telia

The Telia telecom company has an identity solution that provides UMA support.

...