Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 44 Next »

UMA Explained

User-Managed Access (UMA) involves these entities:

For example, a web user (authorizing user) can authorize a web app (requester) to gain one-time or ongoing access to a resource containing his home address stored at a "personal data store" service (host), by telling the host to act on access decisions made by his authorization decision-making service (authorization manager).

The requesting party might be an e-commerce company whose site is acting on behalf of the user himself to assist him in arranging for shipping a purchased item, or it might be his friend who is using an online address book service to collect addresses, or it might be a survey company that uses an online service to compile population demographics.

See the Scenarios and Use Cases document for lots of specific examples.

See the following sections for suggested reading. Be sure to read the documents in the Working Drafts area of this wiki for the official definition of UMA.

General Interest

  • Slides from a half-day workshop held at the European Identity Conference in Munich on 4 May 2010.
  • The User Experience page collects wireframes exploring user interactions with UMA-enabled services. This includes a set of wireframes that matches the webinar scenario.
  • We have a working lexicon that explores the relationship between the party who authorizes access and the party who ultimately gets access. Lawyerly types might be especially interested in this.
  • Group chair Eve Maler writes about UMA and its predecessor, ProtectServe, here.
  • Some historical materials (may be out of date) explaining the original thinking behind UMA and its predecessor, ProtectServe, are available.

Implementers and Deployers

Following is a condensed summary of the draft UMA protocol:

See also the following:

  • Christian Scholz has done a very simple prototype of the UMA protocol in Python.
  • These slides from IIW in May 2010 (and this blog post) explain how UMA compares to OAuth.
  • A comprehensive technical report published under the auspices of Newcastle University called User-Managed Access to Web Resources (also available on ncl.ac.uk site) explains the requirements that drive UMA, analyzes the design features that respond to these requirements, and reviews related work.
  • The Protocol Flow page has swimlane diagrams that show the core protocol at a high level.
  • The Technology Matrix compares UMA with various other technologies and explores potential synergies between them.
  • No labels