Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

Further reading:

...

With UMA, Alice can manage all these types of sharing in a unified way, from a single web-application point of control called an "authorization server". She can set policies that guide the authorization server in allowing or disallowing access by clients to protected resources at resource servers.

Further reading:

...

Phase 1 of the UMA core protocol involves the resource owner introducing the resource server and authorization server so they can work together. Phases 2 and 3 together involve the requesting party, using a client, making an access attempt, being tested for suitability by the authorization server to receive permission, and ultimately succeeding or failing in the attempt by presenting a token with permissions associated with it. 

Further reading:

...

...

UMA's Relationship to Other Efforts

...

The specifications related to the UMA web protocol are being incubated in the Kantara Initiative, with the intent to contribute the draft work to the IETF. UMA specification draft modules have variously been contributed as IETF individual Internet-Drafts. One such draft so far, covering dynamic client registration, was accepted as an OAuth WG work item, an item that has now progressed.

Further reading:

...

Does UMA make use of the JSON format or JSON Web Tokens (JWT)?

...

The default, mandatory-to-implement token format for UMA "requesting party tokens" (RPTs, the token that a client presents to a resource server when trying to access a protected resource) is opaque on the wire, and a resource server introspects it at the authorization server at run time. Its format is JWT, with an extension property called "permissions" that takes into account UMA's extended concept of resource set scopes.

Further reading:

...

...

Further reading:

How can UMA make requesting parties adhere to the user's wishes for privacy and data usage control?

...

UMA is shooting for a reasonable minimum level of enforceability of authorization agreements, so that if the requesting side goes against your express wishes – wishes they promised to adhere to – then you have a meaningful chance of taking them to court over it.

Further reading:

...

The "UMAnitarians" hail variously from South America, North America, Europe, the UK, Australia, and Japan.

Further reading:

Social networking has made people too willing to share their data. Won't UMA make this worse? How do we get to truly controlled sharing?

...

...

...

We are aware of several major implementations.

Further reading:

Have there been any usability studies on UMA?

...

Why externalize authorization?

...