...
- UMA Case Studies
- Latest specification of the UMA profile of OAuth
- UMA's binding obligations specification for dealing with contractual obligations
What is
...
The specifications related to the UMA web protocol are being incubated in the Kantara Initiative, with the intent to contribute the draft work to the IETF. UMA specification draft modules have variously been contributed as IETF individual Internet-Drafts. One such draft so far, covering dynamic client registration was accepted as an OAuth WG work item, an item that has now progressed.
Further reading:
- Kantara Initiative UMA WG charter
- IETF I-D on UMA profile of OAuth (may not be perfectly up to date compared to internal drafts)
- IETF I-D on Resource Set Registration
- OAuth WG status page
What is a typical UMA scenario, and who are the actors in it?
Let's use the example of Alice, a typical web user, to introduce UMA terms and concepts. Alice is a "resource owner" who manages her calendar resource online. She might want to share hercalendar information with a number of different parties for a variety of purposes, while not making it fully public to the whole world.
...
a typical UMA scenario, and who are the actors in it?
Let's use the example of Alice, a typical web user, to introduce UMA terms and concepts. Alice is a "resource owner" who manages her calendar resource online. She might want to share hercalendar information with a number of different parties for a variety of purposes, while not making it fully public to the whole world.
The calendar is known as a "protected resource", and Alice manages it at a web application called a "resource server". She could have many resource servers for many different kinds of content she creates, along with other data about herself. In some cases, such as with credit scores, she can't actually control the values of data about herself.
...
UMA's Relationship to Other Efforts
What is UMA's relationship with Kantara and IETF?
The specifications related to the UMA web protocol are being incubated in the Kantara Initiative, with the intent to contribute the draft work to the IETF. UMA specification draft modules have variously been contributed as IETF individual Internet-Drafts. One such draft so far, covering dynamic client registration was accepted as an OAuth WG work item, an item that has now progressed.
Further reading:
- Kantara Initiative UMA WG charter
- IETF I-D on UMA profile of OAuth (may not be perfectly up to date compared to internal drafts)
- IETF I-D on Resource Set Registration
- OAuth WG status page
What is UMA's relationship with the NSTIC Identity Ecosystem effort?
UMA can solve a variety of different access management problems. One of the key problems it was designed to solve was "user-centric" control of access to personal data. A use case was submitted to the NSTIC Identity Ecosystem Steering Group that relates closely to UMA: Delegated Authentication for User Managed Access. The use case is proceeding through the IDESG lifecycle.
Further reading:
- NSTIC Identity Ecosystem Steering Group
- IDESG use case: Delegated Authentication for User Managed Access
Can't you achieve UMA goals just by using OAuth?
...