Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

This Work Group operates under the Kantara IPR Policy - Option Patent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non discriminatory (RAND) (HTML version). You can find any opt-outs on this page.

Home | FAQ | Protocol Spec | Trust Model Spec | Chat | Intro | Join | List | Archive (Mailman) | Archive (Google) | Calendar

titleImplementations, interop, and case studiesUMA V1.0.1 specifications approved by the Kantara membership

A key focus in 2012-Q1 will be supporting and facilitating interoperable implementation and deployment. Keep an eye on the Implementations page, the Case Studies page, and the UMA area of the OSIS wiki to help get your own implementation work started Image Added

The UMA V1.0.1 specifications are Kantara Recommendations! The UMA Core V1.0.1 Recommendation and the OAuth Resource Set Registration V1.0.1 Recommendation are now available (check out the Release Notes too). Many thanks to the Work Group, the Kantara staff, and the membership for their support.


The purpose of the UMA Work Group (charter) is to develop specs that let an individual control the authorization of data sharing and service access made between online services on the individual's behalf, and to facilitate interoperable implementations of the specs
User-Managed Access (UMA) is an award-winning OAuth-based protocol designed to give a web user a unified control point for authorizing who and what can get access to their online personal data, content, and services, no matter where all those things live on the web. Read the spec, join the group, check out the implementations, test your interop, follow us on Twitter, like us on Facebook, get involved!Follow us on Twitter – our handle is @UMAWG and we often use the hashtag #UMAWG. (Short

See the UMA Roadmap for 2016 page to see the use cases and technical issues that the Work Group is currently focusing on.

The short link for this page is – spread the word.) Find us on Facebook too.



January 6: Dazza Greenwood's presentation on terms of authorization has been uploaded.
  • December 27: New spec drafts fully position UMA as simply a profile of OAuth. We've aligned UMA terminology with OAuth as well.
  • December 6: The Implementations page has gotten a makeover. Check out the refreshed listing, including a new UMA open-source project at OxAuth. Also see the new case study on subscribing to a friend's personal cloud.
  • October 19: Eve presented on UMA to the XACML TC. Check out the slides.
  • October 19: Check out this YouTube video of our Google Tech Talk from Feb 2012, demoing selective Alice-to-Bob sharing through Bob's OpenID Connect claims. Thanks to Maciej for getting this published!
    • April 12: Help fund a professionally produced UMA video at IIW 22 through this Tilt campaign! The campaign is already nearly two-thirds funded after a few days' worth of Twitter and word-of-mouth advertising. Thanks to Mike Schwartz for starting the campaign!
    • March 29: One of UMA's three trust elevation methods, claims gathering, was reported on January 27 to be affected by a session fixation attack. The WG has produced an extension specification to enable mitigation of the attack called UMA Claims-Gathering Extension for Enhanced Security, and a background document to further discuss the attack, the mitigation chosen, and other approaches considered and possible. Many thanks to the original reporters of the issue and the group for its quick action.
    • February 12: The new UMA Roadmap for 2016 page keeps track of the use cases we are prioritizing and currently focusing on.
    • January 25: Enabling user-managed access requires a "BLT sandwich" – not just technical solutions, but well-rounded business and legal solutions as well! A new set of UMA Legal auxiliary material is now available on this wiki, representing the work done by the WG and its ad hoc legal subgroup. Stay tuned for more news and deliverables.
    • January 17: As of December 23, the Kantara All-Member Ballot for the UMA V1.0.1 specifications passed with flying colors. The UMA Core V1.0.1 Recommendation and the OAuth Resource Set Registration V1.0.1 Recommendation are now available (check out the Release Notes too). Many thanks to the Work Group, the Kantara staff, and the membership for their support as we cleaned up various small bugs throughout the spring and summer and returned the specs to the community for review in the fall.
    • December 22: Apologies: We just discovered that this page was linking to V1.1 of the PDF version of the operative IPR policy for the WG, vs. V1.2. The only differences between the two policy versions are the date and title. (The HTML link was correct.) If you have an old version of the IPR policy in your files, note the the correct version should have the date "December 2009" and the title "Option Patent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non discriminatory (RAND)" on it.
    • December 13: An exciting new case study has been made available on our site: Users Managing Delegated Access to Online Government Services. Here you can download the final report resulting from a POC performed by the Government of New Zealand.
    • Chair: Eve Maler
    • Vice-Chair: Maciej Machulak
    • Full leadership team list
    • Read about Kantara leadership roles
    Teleconference Info


    Widget Connector