Abstract
This document is a product of the User-Managed Access Work Group. It records the specific requirements governing the development of the User-Managed Access protocol and guiding associated implementations and deployments.
Status
This document is currently under active development. Its latest version can always be found here. See the Change History at the end of this document for its revision number.
Editors
- Eve Maler
Intellectual Property Notice
The User-Managed Access Work Group operates under Option Liberty and the publication of this document is governed by the policies outlined in this option.
Table of Contents
Introduction
This document is a product of the User-Managed Access Work Group. It records the specific requirements governing the development of the User-Managed Access protocol and guiding associated implementations and deployments.
Each requirement has a number, a short title, normative requirement text, and optionally further explanation that is informational. Please copy and revise an existing requirement in adding new ones. Following are the meanings of the status keywords:
- Proposed: Status when first submitted or still under discussion
- Approved: Needs to be met in UMA V1 and/or its associated compliant implementations
- Deferred: Relevant to the problem space; may be considered in future versions
- Rejected: Out of scope
Design Principles
The UMA Work Group charter states some design principles that shape the nature of our work:
DP# |
Title |
Design Principle |
Explanation/commentary |
---|---|---|---|
DP1 |
Simple |
Simple to understand, implement in an interoperable fashion, and deploy on an Internet-wide scale |
|
DP2 |
OAuth |
OAuth-based to the extent possible |
We may contribute bug reports and RFEs around extensibility, security, and privacy to the IETF OAuth group |
DP3 |
ID-agnostic |
Agnostic as to the identifier systems used in an individual's various services on the web |
This is in order to allow for deployment in "today's Web" |
DP4 |
RESTful |
Resource-oriented (for example, as suggested by the REST architectural style) and operating natively on the Web to the extent possible |
|
DP5 |
Modular |
Modular |
For example, incorporating other existing specifications by reference where appropriate, and breaking down this Work Group's draft specifications into multiple pieces where reuse by different communities is likely |
DP6 |
Generative |
Generative |
Able to be combined and extended to support a variety of use cases and emerging application functionality |
DP 7 |
Fast |
Developed rapidly |
In an "agile specification" process that can refactor for emerging needs |
In addition, we have identified emerging design principles in the course of the work:
DP# |
Title |
Design Principle |
Explanation/commentary |
---|---|---|---|
DP8 |
Cryptography |
We should avoid adding crypto burdens as part of our simplicity goal. |
Avoid adding crypto requirements beyond what existing web app implementations do today. This principle was discussed on 2009-09-10. |
DP9 |
Privacy |
Protect the privacy of the Authorizing User |
The protocol should not provide ways to breach the Authorizing User's privacy, though out-of-band methods are beyond our control. Also, this principle should not be construed as support for protecting the privacy of other parties, or even the same person in a different role (the Requesting User). This principle was discussed on 2009-10-08. |
Approved Requirements
The requirements with numbers starting at zero all come from the UMA Work Group charter, and were thus approved when the group was launched.
R# |
Title |
Requirement |
Explanation/commentary |
---|---|---|---|
R0a |
Access relationship service |
Support the notion of a distinct online service for managing data-sharing and service-access relationships ("access relationships" for short) between an individual and his or her online services that request such access. |
|
R0b |
User-driven policies and terms |
Allow an individual to select policies and enforceable contract terms that govern access, as well as data storage, further usage, and further sharing on the part of requesting services. |
|
R0c |
User management of access relationship |
Allow an individual to conduct short-term and long-term management of access relationships, including modifying the conditions of access or terminating the relationship entirely. |
|
R0d |
Auditing |
Allow an individual to audit and monitor various aspects of access relationships. |
|
R0e |
Requester-Host direct access |
Allow requesting services to interact directly with responding services in a fashion guided by policy while an individual is offline, reserving real-time user approval for extraordinary circumstances. |
|
R0f |
Multiple Hosts |
Allow requesting services to interact with multiple responding services associated with the same individual. |
|
R1 |
Host/AM separation |
It must be possible to provide Host and AM functions in separate Web domains. |
Approved on 2009-10-01. |
R2 |
Resource orientation |
User data access and service access must be enabled through accessing Web resources that have URLs. |
Approved on 2009-10-01. |
Proposed Requirements
P# |
Title |
Requirement |
Explanation/commentary |
---|---|---|---|
P1 |
Resource-specific policy limitation |
The deployer of an AM must not be required to do any special configuration to enable the AM to present to the User, or to make decisions regarding Requester access to, any resource-specific policies that apply to the resources available at a Host. |
Examples of differential filtering of resources include photos of different resolutions, calendars covering different time periods or levels of detail, and locations at address vs. city level. (Paul has an AI to rewrite this one.) |
P2 |
Terms persistence |
A set of terms for accessing a resource must be accessible as a Web resource with a URL. |
|
P3 |
Host impersonation of Requesters |
A Host must not be able to impersonate Requesters in interacting with an AM. |
This came up on 2009-10-01. |
P4 |
Host correlation of multi-Requester activity |
A Host must not be able to correlate the same Authorizing User's activity at multiple Requester applications. |
Discussed on 2009-10-08; this is wrongly stated and should be rejected. See P9 for a replacement. |
P5 |
User AM choice |
The UMA protocol must not negatively impact a User's prerogative to choose or even self-host the AM that will protect a resource on any Host. |
|
P6 |
Host following authorization instructions |
A Host must allow or deny Requester access to a resource according to a User's desires as conveyed by an AM access decision, or inform the AM of instances where the User wished to grant access but the Host did not or could not. |
|
P7 |
User-defined constraint on access |
A Host must not grant a Requester access to a resource in cases where |
|
P8 |
Access audit log |
A Host must inform the AM protecting a particular resource on that Host in a timely way of all successful Requester access events. |
|
P9 |
Correlation of Authorizing User by multiple Hosts |
For resources at Host X and resources at Host Y, X and Y must not find out, through their relationship with the AM, that the same Authorizing User uses the other Host. |
For example, a user might use the same AM to protect resources at LinkedIn along with their personal interests and hobbies. |
Change History
Version | Date | Comment |
---|---|---|
Current Version (v. 3) | Oct 08, 2009 15:20 |
Former user
: Added the requirements that were pre-approved as part of the charter approval process |
v. 14 | Dec 15, 2015 14:39 | Eve Maler |
v. 13 | Feb 10, 2011 23:06 |
Former user
Migration of unmigrated content due to installation of a new plugin |
v. 12 | Feb 10, 2011 23:06 |
Former user
Migration of unmigrated content due to installation of a new plugin |
v. 11 | Feb 10, 2011 23:06 |
Former user
Migration of unmigrated content due to installation of a new plugin |
v. 10 | Feb 10, 2011 23:06 |
Former user
Migrated to Confluence 4.0 |
v. 9 | Feb 10, 2011 23:06 |
Former user
New emergent design principle #13 on "digital signatures" added. |
v. 8 | Mar 20, 2010 13:57 |
Former user
Add DP12 as discussed on 2010-03-18 |
v. 7 | Dec 16, 2009 21:02 | Former user |
v. 6 | Nov 12, 2009 11:00 | Former user |
v. 5 | Nov 03, 2009 12:39 |
Former user
Added new emerging design principles generated during the first half of UMA F2F 2009-11-02 |
v. 4 | Oct 16, 2009 13:45 |
Former user
General editorial changes, and decisions made 2009-10-15 |
v. 3 | Oct 08, 2009 15:20 |
Former user
Added the requirements that were pre-approved as part of the charter approval process |
v. 2 | Oct 08, 2009 15:11 |
Former user
Added notations to P4, added P9, and added section for Design Principles |
v. 1 | Oct 01, 2009 16:23 | Former user |