...
Using current WAM solutions to provide API security can be unfriendly to developers, complex, expensive, and likely proprietary. Mobile clients struggle to deal with XML-based and SOAP-based security mechanisms. Enterprise IT struggles to deploy agents or proxies.
Since it's currently overly complex to centralize access authorization, we find too much authorization code in applications, which slows service delivery by forcing developers to redevelop authorization logic, as well as hindering effective auditing and policy administration.
...
UMA's notion of machine-readable resource set and scope descriptions creates an access control mechanism that enables control over specific API scopes (completely customizable buckets of API functionality), not just domains. With UMA, developers can handle authorization tasks by calling simple REST/JSON endpoints; administrators don't have to deploy a web server agent or reverse proxy to enable centralization.
...