Abstract
This document contains non-normative release notes produced by the User-Managed Access Work Group explaining how new versions of the UMA specifications differ from previous ones.
...
The UMA V2.0 specifications (Grant, FedAuthz) (tbs: link to final) are in Draft Recommendation form. This section will be completed, and updated as required, as the specifications progress to Recommendation status. (tbs: add links to sections throughout)
The following sequence diagrams may be of assistance as brief summaries of changes made:
- Sequence diagram for UMA Grant, highlighting key changes from UMA1
- Sequence diagram for FedAuthz, highlighting key changes from UMA1
Version Themes
The themes of this major version are to:
...
Previously, the security considerations around accepting policy-setting context information from an incompletely trusted AS were not covered. Now they cover the user_access_policy_uri
property, which is the only policy-setting context information passed from AS to RS. (185) (RSR Sec 4)
Specification Reorganizations
The specifications, particularly Core Sec 3, were reorganized in the fashion of OpenID Connect, with the goal of giving a subsection to every request and response message. Other notable changes include:
...
Anchor | ||||
---|---|---|---|---|
|
Following is a catalog of notable changes to the specifications in the pre-V1.0 timeframe.
Core Changes
Internet-Draft Rev 11 to Rev 12
...