This Work Group operates under the Kantara IPR Policy - Option Patent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non discriminatory (RAND) (HTML version). You can find any opt-outs on this page.
Home | FAQ | Protocol Spec | Trust Model Spec | Chat | Join → Join ← | List | Archive (Mailman) | Archive (Google) | Calendar
|We're excited to announce that a number of implementors will test their UMA interoperability at the MIT Kerberos and Internet Trust (MIT-KIT) Consortium interop event on October 31 and November 1, 2013, in Cambridge, MA, USA. Thanks to MIT-KIT for hosting this event! If you're interested to take part, please visit our Interop Testing wiki page, and send a note to the UMA WG chair or edit the page to register. (You can participate virtually as well as in person.)|
|title||OAuth, OpenID Connect, UMA are part of MIT-KIT interop|
We are undertaking some important new work on an UMA "policy manager" extension, and more. You can check it out by reading our Meetings and Minutes, and if you're interested to contribute, be sure to click our Join link above! ⬆︎
Here are the UMA Grant (PDF, HTML for deep linking) and UMA Federated Authorization Recommendations (PDF, HTML for deep linking). Don't miss the UMA2 masterclass delivered by two UMAnitarians at the Identiverse conference in Boston in June 2018 (slides and video). (The slides and video from the previous year's Authorization: Age of UMA session set in the Marvel Cinematic Universe was also a big hit!) The Release Notes review all final UMA1-to-UMA2 changes. See also the UMA Implementer's Guide, our list of known Implementations, and discussions of Case Studies. Finally, see the detailed UMA Grant sequence diagram and FedAuthz sequence diagram.
The purpose of the UMA Work Group (charter) is to develop specs that let an individual control the authorization of data sharing and service access made between online services on the individual's behalf, and to facilitate interoperable implementations of the specs. Read the spec
test your interop
User-Managed Access (UMA) is an award-winning OAuth-based protocol designed to give an individual a unified control point for authorizing who and what can get access to their digital data, content, and services, no matter where all those things live. Read the specs, join the group, check out the implementations,
Follow us on Twitter – our handle is @UMAWG and we often use the hashtag #UMAWG. (Short – spread the word.) Find us on Facebook too
follow us on Twitter, get involved!
- September 9: Updated "UMA 101" slides are now available! These slides map out how potential UMA-enabled data sharing ecosystems might unfold, giving extra detail to the applicable scenarios and use cases.
- August 24: The Crowdtilt campaign to raise money for UMA and OpenID Connect plugins is reopening Monday August 26 through Wednesday August 28, and due to commitments obtained in the interim, it's guaranteed to tilt! Don't miss your chance to donate and help make history for cloud security. Read all about the campaign's progress here.
- August 24: The Interop Testing wiki section is getting fleshed out. Check out the feature tests and register now to participate!
- August 19: We're excited to announce that a number of implementors will test their UMA interoperability at the MIT Kerberos and Internet Trust (MIT-KIT) Consortium interop event on October 31 and November 1, 2013, in Cambridge, MA, USA. Thanks to MIT-KIT for hosting this event! If you're interested to take part, please visit our Interop Testing wiki page, and send a note to the UMA WG chair or edit the page to register. (You can participate virtually as well as in person.)
- August 1: The Work Group just approved the current drafts of the core UMA spec, the Resource Set Registration spec, and the Binding Obligations spec as Kantara Initiative Draft Recommendations. (Links are to pretty-printed versions of the IETF individual Internet-Drafts that were approved.)
- June 30: Find a list of known third-party profiles related to UMA on the new Third-Party Profiles wiki page! If you know of other written profiles, please give us a heads-up.
- May 4: New case study: Access Management 2.0 for the Enterprise. UMA's not just for human beings! It can help organizations do API-friendly, developer-friendly, mobile-friendly access management too.
- 10 Jun '21: Congratulations to the new leadership team members! Alec Laws (of Identos) is the Chair and Steve Venema (of ForgeRock) is the Vice-Chair. The WG extends its thanks to former Chair Eve Maler for her previous service as chair. Information about the entire leadership team is here.
- 20 Apr '21: You can get the latest and greatest UMA 101 presentation delivered by UMAnitarians Eve and George at IIW here.
- 3 Dec '20: The UMA Work Group is pleased to accept a new profile contribution (to be provided immently) related to UK Pensions Dashboards as shown on-screen at its meeting today. Read all about it on our updated Third-Party Profiles and Extensions page.
- 15 Oct '20: We are undertaking some important new work on an UMA "policy manager" extension, and more. You can check it out by reading our Meetings and Minutes, and if you're interested to contribute, be sure to click our Join link above! ⬆︎
- 1 Oct '20: WG chair Eve Maler presented UMA to the Decentralized Identity Foundation Secure Data Storage WG. Here are her slides.
- 22 Nov '19: There's a new implementation up on the Implementations page: PatientShare from Lush Group. It's also an implementation of the HEART profiles. Read all about it and check it out!