Versions Compared

Old Version 46

changes.mady.by.user Former user

Saved on

compared with

New Version 47

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


For example, a web user (authorizing user) can authorize a web app (requester) to gain one-time or ongoing access to a resource containing his home address stored at a "personal data store" service (host), by telling the host to act on access decisions made by his authorization decision-making service (authorization manager).

The requesting party might be an e-commerce company whose site is acting on behalf of the user himself to assist him in arranging for shipping a purchased item, or it might be his friend who is using an online address book service to collect addresses, or it might be a survey company that uses an online service to compile population demographics. See the Scenarios and Use Cases document for lots of specific examples.

See the following sections for suggested reading. Be sure to read the documents in the Working Drafts area of this wiki for the official definition of UMA.

...

Following is suggested reading.

The basics

  • Poster (best printed on A0-A3 paper; 8.5x11 or 8.5x14 is okay but small) presented at the IEEE Security and Privacy symposium poster session.Slides from a half-day workshop held at the European Identity Conference in Munich on 4 May 2010
  • The User Experience page collects wireframes exploring user interactions with UMA-enabled services. This includes a set of wireframes that matches the webinar scenario.
  • We have a working lexicon that explores the relationship between the party who authorizes access and the party who ultimately gets access. Lawyerly types might be especially interested in this.
  • Group chair Eve Maler writes about UMA and its predecessor, ProtectServe, here.
  • Some historical materials (may be out of date) explaining the original thinking behind UMA and its predecessor, ProtectServe, are available.
  • If you're a German speaker, check out Christian Scholz's appearance on
    German radio (mp3), discussing privacy and UMA.

Implementers and Deployers

Following is a condensed summary of the draft UMA protocol:

Image Removed

See also the following:

  • The Working Drafts page summarizes the state of play of all of the specs.
  • Christian Scholz has done a very simple prototype of the UMA protocol in Python.
  • These slides from IIW in May 2010 (and this blog post) explain how UMA compares to OAuthThe emerging set of UMA user stories attempts to capture the desired benefits to all the parties involved.

Technical perspective

  • The Working Drafts area of this wiki contains the official definition of the UMA protocol.
  • The OAuth leeloo open-source project is an UMA-friendly Java-based OAuth 2.0 implementation.
  • A comprehensive technical report published under the auspices of Newcastle University called User-Managed Access to Web Resources (also available on ncl.ac.uk site) explains the requirements that drive UMA, analyzes the design features that respond to these requirements, and reviews related work.
  • The Protocol Flow page has swimlane diagrams that show the core protocol at a high level.The Technology Matrix compares UMA with various other technologies and explores potential synergies between them.

Discussions and ruminations

  • Group chair Eve Maler writes about UMA and its predecessor, ProtectServe, here.
  • Some historical materials (may be out of date) explaining the original thinking behind UMA and its predecessor, ProtectServe, are available.
  • If you're a German speaker, check out Christian Scholz's appearance on
    German radio (mp3), discussing privacy and UMA.