Working Drafts
This page collects our draft specifications and other auxiliary material, and various other useful materials that may contribute to them. See the list of child pages at the bottom for a summary.
We are currently using https://github.com/xmlgrrl/UMA-Specifications for our active spec development, with snapshots provided on the docs.kantarainitiative.org site. The UMA wiki page for the core spec now summarizes all relevant information about that spec.
Following is a "call tree" of key specifications and other documents that are currently referenced normatively in the UMA core spec. Support isn't necessarily required for all (or any) features of these specs; read the UMA spec for details.
- Binding Obligations on User-Managed Access (UMA) Participants (required)
- OAuth2 (required)
- OAuth2 bearer tokens (required)
- OAuth2 SAML bearer tokens (recommended in enterprise settings)
- OpenID Connect Standard (optional)
- JSON (required)
- hostmeta (required)
- .well-known (required)
XRD is no longer used. We have moved to JSON-formatted configuration data instead.
Following are auxiliary documents that are currently non-normative:
- OAuth Dynamic Client Registration Protocol – this was a proposal made by the UMA group to the OAuth discussion on dynamic registration. It is being considered as input to the IETF OAuth Working Group's next chartered phase of effort.
The following documents still available on this wiki are considered obsolete:
- Claims 2.0 and Simple Access Authorization Claims (obsoleted by the OpenID Connect mechanisms for requesting and providing claims)
- Legal Considerations (obsoleted by the Trust Model)
- Lexicon (obsoleted by the spec itself and the Trust Model)
- UMA Resource Registration (obsoleted by incorporation of this feature into the core spec)