This Work Group operates under the Kantara IPR Policy - Option Patent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non discriminatory (RAND) (HTML version). You can find any opt-outs on this page.
Home | FAQ | Protocol Spec | Trust Model Spec | Chat | Join | WG-UMA List | UMA-dev list | → Join ← | List | Archive (Mailman) | Archive (Google) | Calendar
|title||The UMA V1.0 specs are Kantara Initiative Draft Recommendations|
The UMA V1.0 specifications have been approved as Kantara Initiative Draft Recommendations: Core, RSR. (The UMA Core spec is at rev 12 and the OAuth Resource Set Registration spec is at rev 05 in IETF I-D form.) Stay tuned for ongoing standardization and interoperability news!
We are undertaking some important new work on an UMA "relationship manager" extension to fully enable a resource owner dashboard experience, and more. You can check it out by reading our Meetings and Minutes. To understand more about our work on business-legal considerations, including identity relationship management (IRM)-based delegation use cases, see our Legal hub page. If you're interested to contribute to any of this, be sure to click our Join link above! ⬆︎
Here are the UMA Grant (PDF, HTML for deep linking) and UMA Federated Authorization Recommendations (PDF, HTML for deep linking). Don't miss the UMA2 masterclass delivered by two UMAnitarians at the Identiverse conference in Boston in June 2018 (slides and video). (The slides and video from the previous year's Authorization: Age of UMA session set in the Marvel Cinematic Universe was also a big hit!) The Release Notes review all final UMA1-to-UMA2 changes. See also the UMA Implementer's Guide, our list of known Implementations, and discussions of Case Studies. Finally, see the detailed UMA Grant sequence diagram and FedAuthz sequence diagram.
The purpose of the UMA Work Group (charter) is to develop specs that let an individual control the authorization of data sharing and service access made between online services on the individual's behalf, and to facilitate interoperable implementations of the specs. Read the spec
test your interop
User-Managed Access (UMA) is an award-winning OAuth-based protocol designed to give an individual a unified control point for authorizing who and what can get access to their digital data, content, and services, no matter where all those things live. Read the specs, join the group, check out the implementations,
Follow us on Twitter – our handle is @UMAWG. ( – spread the word) Find us on Facebook too.
follow us on Twitter, get involved!
- February 25: The UMA V1.0 specifications have been approved as Kantara Initiative Draft Recommendations: Core, RSR. (The UMA Core spec is at rev 12 and the OAuth Resource Set Registration spec is at rev 05 in IETF I-D form.) Notable and breaking changes are catalogued on this page. Stay tuned for ongoing standardization and interoperability news!
- January 13: Chair Eve Maler presented on UMA today to the IETF ACE group (Authentication and Authorization for Constrained Environments); here are her slides and here is the recording.
- December 20: Check out the fledgling UMA Implementer's Guide. This will grow quickly, based on our work to whip the specs into "V1.0 candidate" shape. If you have content you'd like to recommend for it, subscribe to the UMA-dev list and suggest away!
- December 16: The UMA WG is hard at work wrapping up new feature requests for UMA V1.0. Recent UMA Work Group decisions have settled on the specifications that constitute our candidate V1.0 suite: UMA Core and OAuth Resource Set Registration. (UMA Claim Profiles has been obsoleted.) Expect to see the call for V1.0 public review soon!
- November 3: Check out the current "State of UMA" in this new slide deck presented at the Kantara workshop at the Identity Relationship Management Summit in Dublin, Ireland.
- October 21: A new slide deck on Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usability to Strong Security is now available on SlideShare.
- October 8: Don't miss the newest entry up on the Case Studies page: How to Give K-12 Students Control of Their Own Data, with a "homework assistance" theme. Want help documenting a case study? See the UMA case study worksheet PowerPoint slide deck, which can help you create a custom set of diagrams to describe your unique circumstances.
- August 20: Looking for a quick-reference way to understand UMA's relationship with the rest of the "Venn of authorization", including OAuth and OpenID Connect? See the Venn "infographic" slides (ppt, pdf).
- May 14: UMA was one of the recipients of a European Identity Conference award today! Find the news on our Facebook page (and "like" us while you're at it).
| || |
| || |
- 6 Sep '21: Congratulations to UMA WG members from Origo on their role in the UK Pensions Dashboard Programme! See this page in the Kantara wiki for more information on using UMA for PDP purposes.
- 10 Jun '21: Congratulations to the new leadership team members! Alec Laws (of Identos) is the Chair and Steve Venema (of ForgeRock) is the Vice-Chair. The WG extends its thanks to former Chair Eve Maler for her previous service as chair. Information about the entire leadership team is here.
- 20 Apr '21: You can get the latest and greatest UMA 101 presentation delivered by UMAnitarians Eve and George at IIW here.
- 3 Dec '20: The UMA Work Group is pleased to accept a new profile contribution (to be provided immently) related to UK Pensions Dashboards as shown on-screen at its meeting today. Read all about it on our updated Third-Party Profiles and Extensions page.
- 15 Oct '20: We are undertaking some important new work on an UMA "policy manager" extension, and more. You can check it out by reading our Meetings and Minutes, and if you're interested to contribute, be sure to click our Join link above! ⬆︎
- 1 Oct '20: WG chair Eve Maler presented UMA, including analyses and comparisons to some other technologies, to the Decentralized Identity Foundation Secure Data Storage WG. Here are her slides.