Skip to end of metadata
  • Created by Former user, last modified by Former user on Sept 28, 2010
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 25 Next »

Working Drafts

This page collects our draft specifications and other auxiliary material, and various other useful materials that may contribute to them. See the list of child pages at the bottom for a summary.

The following diagram illustrates the "call tree" of key specifications and other documents that are relevant to the UMA universe. Click on the diagram to get a version that allows clicking on specific icons to get the corresponding document. (Note that this diagram may not keep up with rapid spec changes and links only to one document even if there are multiple representations or versions or variants; the table below gives more detail where warranted.)

Unknown macro: {html}

<map name="GraffleExport">
<area shape=rect coords="81,467,144,510" href="http://tools.ietf.org/html/rfc5785">
<area shape=rect coords="24,467,75,510" href="http://www.oasis-open.org/committees/download.php/37692/xrd-1.0-wd16.html">
<area shape=rect coords="41,397,126,439" href="http://tools.ietf.org/html/draft-hammer-hostmeta-13">
<area shape=rect coords="373,29,470,86" href="http://kantarainitiative.org/confluence/display/uma/Simple+Access+Authorization+Claims">
<area shape=poly coords="494,102,508,77,537,77,561,96,546,120,517,120,494,102" href="http://kantarainitiative.org/confluence/download/attachments/17301540/UMA_Trust_Claims_V03.pdf">
<area shape=poly coords="162,215,177,190,206,190,230,208,215,233,186,233,162,215" href="http://kantarainitiative.org/confluence/display/uma/UMA+Scenarios+and+Use+Cases">
<area shape=poly coords="510,215,524,190,553,190,577,208,563,233,534,233,510,215" href="http://kantarainitiative.org/confluence/display/uma/Legal+Considerations+in+UMA+Authorization">
<area shape=poly coords="253,215,268,190,297,190,321,208,306,233,277,233,253,215" href="http://kantarainitiative.org/confluence/display/uma/UMA+Requirements">
<area shape=rect coords="373,117,470,159" href="http://kantarainitiative.org/confluence/display/uma/Claims+2.0">
<area shape=rect coords="303,265,411,308" href="http://mrtopf.clprojects.net/uma/draft-uma-scope-registration.html">
<area shape=rect coords="158,363,293,405" href="http://tools.ietf.org/html/draft-oauth-dyn-reg-v1-00">
<area shape=rect coords="498,412,606,454" href="http://tools.ietf.org/html/draft-vrancken-oauth-redelegation-00">
<area shape=rect coords="434,363,524,405" href="http://www.ietf.org/mail-archive/web/oauth/current/msg04406.html">
<area shape=rect coords="312,363,402,405" href="https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-revocation/">
<area shape=rect coords="354,467,489,510" href="http://www.ietf.org/id/draft-ietf-oauth-v2-10.txt">
<area shape=rect coords="354,190,489,233" href="http://mrtopf.clprojects.net/uma/draft-uma-core.html">
</map>
<img border=0 src="http://kantarainitiative.org/confluence/download/attachments/17301540/spec-modules.png" usemap="#GraffleExport">

Specifications in Progress

We are currently using Christian's UMA-Specifications area on github – http://github.com/mrtopf/UMA-Specifications – for our active spec development, with snapshots provided at http://mrtopf.clprojects.net/uma/. Following is an accounting of specs and their status.

Spec

Description

Status

UMA Scenarios and Use Cases

Records the scenarios and use cases governing the development of the User-Managed Access protocol and guiding associated implementations and deployments.

Currently maintained directly on this wiki. Latest version is here. We are behind on assessing and adding scenarios; see below on this page for the "scenario docket".

UMA Requirements

Records the specific requirements governing the development of the User-Managed Access protocol and guiding associated implementations and deployments.

Currently maintained directly on this wiki. Latest version is here. We treat design principles (beyond the ones in our charter) as emergent, and collect them as we see fit.

UMA 1.0 Core Protocol

Defines the User-Managed Access (UMA) 1.0 core protocol. This protocol provides a method for users to control access to their protected resources, residing on any number of host sites, through an authorization manager that makes access decisions based on user policy.

Active development currently takes place on github. A snapshot is kept here (the working draft on this site is not current).

Resource/scope registration

Defines the mechanism for hosts to convey important information about resources/scopes that the AM needs to protect.

This spec is in flux. See Maciej's contribution on resource registration and Christian's proposal for scope registration.

Dynamic client registration

Defines how hosts can dynamically discover information about an AM and how hosts and requesters can dynamically register at an AM to get a unique client identifier and optional secret.

Some UMA group participants have contributed an Internet-Draft to the IETF on this (pretty HTML version here), and intend to continue working on it as an OAuth WG action item.

Protocol Issues

Random list of issues we need to burn down in working on the specs.

This list is known not to be complete. We are also putting specific spec design issues directly into the specs on github.

Claims 2.0

Defines a JSON-based format for expressing claims and requests for claims.

Currently maintained directly on this wiki. Latest version is here. (See also Domenico's proposal (slides, document) for trust models for third-party-asserted claims.)

Simple Access Authorization Claims

Uses the Claims 2.0 specification to define a small set of basic claims to be used in the process of User-Managed Access (UMA) access authorization.

Currently maintained directly on this wiki. Latest version is here.

Legal Considerations in UMA Authorization

Explores legal issues raised by the act of using User-Managed Access (UMA) to authorize another party to get web resource access.

Currently maintained directly on this wiki. Latest version is here. Awaiting incorporation of many comments, include a contribution by JeffS.

Lexicon

Compendium of official and unofficial terms and definitions related to UMA.

This document has served as an aid to figuring out legal considerations; now it is not very actively maintained. Latest version is here.

Scenario Docket

Following is the current status of scenarios and their constituent use cases.

Scenario nickname

Champion

Status

Other notes

Calendar

Eve

Accepted

 

E-commerce

Eve

Accepted

 

Loan

Domenico

Accepted

 

Distributed services

Christian

Pending

 

Two-way location

Eve

Pending

 

Requester delegate

Mike H.

Accepted

One of the two specific use cases was accepted, the other rejected

Employer/employee

Eve

Pending

 

Custodian

Maciej

Pending

 

Moving resources

Maciej

Pending

 

Protected inbox

Joe

Pending

 

CV sharing

Maciej

Accepted

 

Health data

Gerry

Pending

 

Car-buying

Iain/Joe

Awaiting submission

This will likely be a summary pointing to the original Kantara InfoSharing document

"Hey, sailor"

Eve

Awaiting submission

 

ACLs with PoCo integration

?

?

 

Terms negotiation: null

Eve

Pending

 

Terms negotiation: requester identification

Eve

Pending

 

Terms negotiation: facts

Eve

Awaiting submission

 

Terms negotiation: promises

Eve

Awaiting submission

 

Terms negotiation: payments

Eve

Awaiting submission

 
  • No labels