Versions Compared

Old Version 12

changes.mady.by.user Eve Maler

Saved on

compared with

New Version 13

changes.mady.by.user Eve Maler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

UMA Release Notes

...

  • Account for V1.0 lessons learned out of the gate
  • Achieve timeline predictability and minimization of disruption for V1.0 implementers
  • Achieve efficiency, speed, and accuracy in specification revisions
  • Achieve issue solution consistency with OAuth 2.0 and OpenID Connect where possible
  • Within the allotted time, prioritize first blocking and critical bug fixes, then low-impact specification and implementation changes

Minor changes, such as changes that don't impact implementations or specification interpretations, are not discussed in this section. To see a full list of issues disposed of and specification commits related to V1.0.1, see the list of GitHub issues with the "V1.0.1" label and the commit histories for Core and RSR.

Changes Affecting Authorization Server (+Client) Implementations

...

Previously, the security considerations around accepting policy-setting context information from an incompletely trusted AS were not covered. Now they cover the user_access_policy_uri property, which is the only policy-setting context information passed from AS to RS. (185) (RSR Sec 4)

Specification Reorganizations

The specifications, particularly Core Sec 3, were reorganized in the fashion of OpenID Connect, with the goal of giving a subsection to every request and response message. Other notable changes include:

...

Anchor
pre-v1.0
pre-v1.0
Pre-V1.0 Changes

Following is a catalog of notable changes to the specifications in the pre-V1.0 timeframe.

Core Changes

Internet-Draft Rev 11 to Rev 12

...