UMA Release Notes
Abstract
This document contains non-normative release notes produced by the User-Managed Access Work Group for various versions of the UMA specifications.
Status
This draft document has been updated to reflect the document contains release notes for the final UMA V1.0 and V1.0.1 Recommendations dated 2015-12-28. There were no specification changes between the draft and final Recommendationsand has a fledgling section for release notes for the UMA V2.0 draft technical specifications.
Editor
- Eve Maler
Intellectual Property Notice
...
Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format.
The following key shorthand terms and abbreviations are used in this document:
- AS: authorization server
- RS: resource server
- Core: UMA Core specification (applies to versions 1.0 and 1.0.1)
- RSR: OAuth Resource Set Registration specification (applies to versions 1.0 and 1.0.1)
- Grant: UMA Grant for OAuth Authorization (applies to version 2.0)
- FedAuthz: Federated Authorization for UMA (applies to version 2.0)
- I-D: IETF Internet-Draft specification
- Sec: section
...
| Anchor | ||||
|---|---|---|---|---|
|
The UMA V2.0 specifications (Grant, FedAuthz) are in draft technical specification form. This section will be updated as the specifications progress to Recommendation status.
Version Themes
The themes of this major version are to:
- Increase OAuth 2.0 alignment
- Improve Internet of Things readiness
- Improve readiness for "wide ecosystems", where the requesting party and AS have no pre-established relationship
Specification Reorganization and Conformance Levels
The two specifications were divided differently. Core and RSR were recombined into Grant and FedAuthz, divided in this way:
- All communications of the client and requesting party with the AS moved to Grant. This specification formally defines an extension OAuth grant.
- The communications of the resource owner and resource server with the AS moved to FedAuthz. This includes:
- Policy setting (outside the scope of UMA)
- PAT issuance
- Protection API
- Resource registration (formerly in RSR)
- The RS's permission requests at the AS (formerly in Core)
- The RS's token introspection at the AS (formerly in Core)
It is now optional to implement the features appearing in FedAuthz; thus, this specification defines a conformance level.
(Note that drafts of 2.0 prior to late April 2017 used the 1.0.1 organizing principle.)
Changes in Terminology
| V1.0.1 | V2.0 |
|---|---|
resource set registration, resource set | resource registration, resource (protected while registered) |
authorization API | UMA grant (an extension OAuth grant) |
register a permission (for permission ticket) | request (one or more) permission(s) (on behalf of a client) |
“policies” (colloquial) | access grants, access grant rules, policy conditions |
trust elevation | authorization process and authorization assessment |
claims pushing + claims gathering = (n/a) | claims pushing + claims gathering = claims collection |
step-up authentication | (n/a); just authorization process |
authorization API token (AAT) | goes away; a new related token is persisted claims token (PCT) |
RPT as an UMA access token | RPT as an OAuth access token |
protection API token (PAT) | protection API access token (PAT) |
...
| Anchor | ||||
|---|---|---|---|---|
|
...
Previously, the security considerations around accepting policy-setting context information from an incompletely trusted AS were not covered. Now they cover the user_access_policy_uri property, which is the only policy-setting context information passed from AS to RS. (185) (RSR Sec 4)
Specification Reorganizations
The specifications, particularly Core Sec 3, were reorganized in the fashion of OpenID Connect, with the goal of giving a subsection to every request and response message. Other notable changes include:
...
| Anchor | ||||
|---|---|---|---|---|
|
Following is a catalog of notable changes to the specifications in the pre-V1.0 timeframe.
Core Changes
Internet-Draft Rev 11 to Rev 12
...