This document contains non-normative release notes produced by the User-Managed Access Work Group for various versions of the UMA specifications.
This document is currently under active development.
The User-Managed Access Work Group operates under Kantara IPR Policy - Option Patent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non discriminatory (RAND) (HTML version) and the publication of this document is governed by the policies outlined in this option.
This document contains non-normative release notes produced by the User-Managed Access Work Group for various versions of the UMA specifications.
The Work Group has decided to use Semantic Versioning for its specification version numbers. In short:
Given a version number MAJOR.MINOR.PATCH, increment the:
Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format.
The UMA V1.0 specifications (Core, RSR) were approved in March 2015. The UMA V1.0.1 specifications (Core, RSR) are currently in draft form; the Work Group's goal is to see their completion by the end of calendar 2015. The following release notes are therefore also in draft form. They are catalogued by their impact on software entities, with references to the GitHub issues that drove this release. Where possible, specific section numbers will be referenced; follow the issue number links to find related commit links and see the exact specification wording that changed.
The following themes animated the V1.0.1 release process:
Following are specification changes in V1.0.1 that affect authorization servers, and possibly clients that interact with them as well (denoted with (+Client)).
Previously, the client was instructed to present the ordinary OAuth redirect_uri endpoint to which the AS should redirect requesting parties back after claims gathering, but this was ambiguously specified and incorrect. Now the client has a unique endpoint, claims_redirect_uri
, that it needs to register. (144)
Following are specification changes in V1.0.1 that affect resource servers, and possibly clients that interact with them as well (denoted with (+Client)).