...
UMA is not formally related to XACML, but we can imagine some patterns of usage that bridge XACML and UMA. For example, UMA does not standardize a policy expression format or its evaluation, and treats an authorization manager server as a conflated policy decision point (or at least authoritative authorization data source), policy administration point, and policy information point for the purposes of UMA's in-band flows. An AS authorization server could provide authorization data for which a resource server could then seek interpretation at a true XACML PDP. An UMA representative made a presentation to the XACML TC on 19 October 2012 to discuss liaison and technical opportunities. A specialized UMA token profile could also be used to provide a pattern for XACML's ongoing efforts to simplify/RESTify the current XACML standard.
...
- UMA webinar from December 2011 (slides, recording) – includes a detailed demo of the SMARTAM app
- Sample SMARTAM.net authorization manager server application
- UMA Binding Obligations framework
- W3C workshop position paper on Controlling Data Usage with UMA
...
Isn't an Authorization
...
Server a privacy-destroying panopticon?
(to be supplied)
UMA seems positioned to be a positive force in managing privacy, but how will it overcome the challenges with Big Data?
...