This Work Group operates under the Kantara IPR Policy - Option Patent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non discriminatory (RAND) (HTML version). You can find any opt-outs on this page.
Home | FAQ | Protocol Spec | Trust Model Spec | Chat | Join | WG-UMA List | UMA-dev list → Join ← | List | Archive (Mailman) | Archive (Google) | Calendar
|title||The 45-day public review of the UMA V1.0 candidate specs has concluded|
The UMA V1.0 candidate specs are now about to be considered for Kantara Initiative Draft Recommendation status. The UMA Core spec is at rev 12 and the OAuth Resource Set Registration spec is at rev 05. Stay tuned for ongoing standardization and interoperability news!
We are undertaking some important new work on an UMA "policy manager" extension, and more. You can check it out by reading our Meetings and Minutes, and if you're interested to contribute, be sure to click our Join link above! ⬆︎
Here are the UMA Grant (PDF, HTML for deep linking) and UMA Federated Authorization Recommendations (PDF, HTML for deep linking). Don't miss the UMA2 masterclass delivered by two UMAnitarians at the Identiverse conference in Boston in June 2018 (slides and video). (The slides and video from the previous year's Authorization: Age of UMA session set in the Marvel Cinematic Universe was also a big hit!) The Release Notes review all final UMA1-to-UMA2 changes. See also the UMA Implementer's Guide, our list of known Implementations, and discussions of Case Studies. Finally, see the detailed UMA Grant sequence diagram and FedAuthz sequence diagram.
The purpose of the UMA Work Group (charter) is to develop specs that let an individual control the authorization of data sharing and service access made between online services on the individual's behalf, and to facilitate interoperable implementations of the specs. Read the spec
test your interop
User-Managed Access (UMA) is an award-winning OAuth-based protocol designed to give an individual a unified control point for authorizing who and what can get access to their digital data, content, and services, no matter where all those things live. Read the specs, join the group, check out the implementations,
Follow us on Twitter – our handle is @UMAWG. ( – spread the word) Find us on Facebook too.
follow us on Twitter, get involved!
- February 23: The UMA V1.0 candidate specs are now about to be considered for Kantara Initiative Draft Recommendation status. The UMA Core spec is at rev 12 and the OAuth Resource Set Registration spec is at rev 05. Stay tuned for ongoing standardization and interoperability news!
- January 13: Chair Eve Maler presented on UMA today to the IETF ACE group (Authentication and Authorization for Constrained Environments); here are her slides and here is the recording.
- December 20: Check out the fledgling UMA Implementer's Guide. This will grow quickly, based on our work to whip the specs into "V1.0 candidate" shape. If you have content you'd like to recommend for it, subscribe to the UMA-dev list and suggest away!
- December 16: The UMA WG is hard at work wrapping up new feature requests for UMA V1.0. Recent UMA Work Group decisions have settled on the specifications that constitute our candidate V1.0 suite: UMA Core and OAuth Resource Set Registration. (UMA Claim Profiles has been obsoleted.) Expect to see the call for V1.0 public review soon!
- November 3: Check out the current "State of UMA" in this new slide deck presented at the Kantara workshop at the Identity Relationship Management Summit in Dublin, Ireland.
- October 21: A new slide deck on Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usability to Strong Security is now available on SlideShare.
- October 8: Don't miss the newest entry up on the Case Studies page: How to Give K-12 Students Control of Their Own Data, with a "homework assistance" theme. Want help documenting a case study? See the UMA case study worksheet PowerPoint slide deck, which can help you create a custom set of diagrams to describe your unique circumstances.
- August 20: Looking for a quick-reference way to understand UMA's relationship with the rest of the "Venn of authorization", including OAuth and OpenID Connect? See the Venn "infographic" slides (ppt, pdf).
- May 14: UMA was one of the recipients of a European Identity Conference award today! Find the news on our Facebook page (and "like" us while you're at it).
- 10 Jun '21: Congratulations to the new leadership team members! Alec Laws (of Identos) is the Chair and Steve Venema (of ForgeRock) is the Vice-Chair. The WG extends its thanks to former Chair Eve Maler for her previous service as chair. Information about the entire leadership team is here.
- 20 Apr '21: You can get the latest and greatest UMA 101 presentation delivered by UMAnitarians Eve and George at IIW here.
- 3 Dec '20: The UMA Work Group is pleased to accept a new profile contribution (to be provided immently) related to UK Pensions Dashboards as shown on-screen at its meeting today. Read all about it on our updated Third-Party Profiles and Extensions page.
- 15 Oct '20: We are undertaking some important new work on an UMA "policy manager" extension, and more. You can check it out by reading our Meetings and Minutes, and if you're interested to contribute, be sure to click our Join link above! ⬆︎
- 1 Oct '20: WG chair Eve Maler presented UMA to the Decentralized Identity Foundation Secure Data Storage WG. Here are her slides.
- 22 Nov '19: There's a new implementation up on the Implementations page: PatientShare from Lush Group. It's also an implementation of the HEART profiles. Read all about it and check it out!