UMA Explained
User-Managed Access (UMA) involves these entities:
|
For example, a web user (authorizing user) can authorize a web app (requester) to gain one-time or ongoing access to a resource containing his home address stored at a "personal data store" service (host), by telling the host to act on access decisions made by his authorization decision-making service (authorization manager). |
Following is suggested reading.
The basics
- FAQ (NEW!)
- Poster (best printed on A0-A3 paper; 8.5x11 or 8.5x14 is okay but small) presented at the IEEE Security and Privacy symposium poster session.
- UMA short overview (slides, slides with notes) and longer overview from 13 July 2011 webinar (with builds and without)
- Try out the SMARTAM.net AM application and its associated gallerify.me host/requester application!
- The emerging set of UMA scenarios attempts to capture the desired benefits to all the parties involved.
Technical perspective
- The Working Drafts area contains the official definition of the UMA protocol.
- The Implementations page highlights known and anticipated implementations, including open source.
- Writeup on how UMA deals with scopes and authorization
- A comprehensive technical report published under the auspices of Newcastle University called User-Managed Access to Web Resources (also available on ncl.ac.uk site) explains the requirements that drive UMA, analyzes the design features that respond to these requirements, and reviews related work.
Discussions and ruminations
- ReadWriteWeb article Identity Management and Networks: The Enterprise Considers the Social Way from 23 Sep 2010, discussing UMA's potential impact.
- Group chair Eve Maler writes about UMA and its predecessor, ProtectServe, here.
- Some historical materials (may be out of date) explaining the original thinking behind UMA and its predecessor, ProtectServe, are available.
- If you're a German speaker, check out Christian Scholz's appearance on
German radio (mp3), discussing privacy and UMA.