This Work Group operates under the Kantara IPR Policy - Option LibertyPatent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non discriminatory (RAND) (HTML version). You can find any opt-outs on this page.
Home | Intro | Join This Group | Subscribe to the Mailing List | Archive (Mailman) | Archive | Google Archive
The purpose of the UMA Work Group (charter) is to develop specs that let an individual control the authorization of data sharing and service access made between online services on the individual's behalf, and to facilitate interoperable implementations of the specs.
We welcome your participation! Follow the links to join this group (read-write mailing list privileges) or subscribe to the mailing list (read-only).
Check out our working drafts (Protocol spec, Requirements, Scenarios and Use Cases), explanatory materials, background information, and comparative technology matrix. Following are the key entities we concern ourselves with, using names agreed on by the group:
(Google) | Calendar
|title||UMA2 has an active business-legal framework workstream|
The premise of the Work Group's report A Proposed Licensing Model for User-Managed Access is that UMA enables the individual to centrally manage access and use rights with respect to personal digital assets by converting permission tokens into machine-readable licenses. The group is working on a companion document that outlines a larger business-legal framework for achieving a wide variety of rights delegation use cases involving UMA technology.
Here are the UMA Grant (PDF, HTML for deep linking) and UMA Federated Authorization Recommendations (PDF, HTML for deep linking). Don't miss the UMA2 masterclass delivered by two UMAnitarians at the Identiverse conference in Boston in June 2018 (slides and video). (The slides and video from the previous year's Authorization: Age of UMA session set in the Marvel Cinematic Universe was also a big hit!) The Release Notes review all final UMA1-to-UMA2 changes. See also the UMA Implementer's Guide, our list of known Implementations, and discussions of Case Studies. Finally, see the detailed UMA Grant sequence diagram and FedAuthz sequence diagram.
User-Managed Access (UMA) is an award-winning OAuth-based protocol designed to give an individual a unified control point for authorizing who and what can get access to their digital data, content, and services, no matter where all those things live. Read the specs, join the group, check out the implementations, follow us on Twitter, like us on Facebook, get involved!
The UMA Roadmap for 2016 guided the use cases and technical issues that the Work Group focused on in its UMA2 effort. You can find other drivers in the Work Group's original compendium of Scenarios and Use Cases, its Case Studies page, and its User Stories page.
The short link for this page is http://tinyurl.com/umawg.
- 16 Jul '20: Make sure to register for the new Kantara UMA webinar taking place on July 21st at 1pm ET – it will be all about health info interop and user control, and will include a demonstration.
- 22 Nov '19: There's a new implementation up on the Implementations page: PatientShare from Lush Group. It's also an implementation of the HEART profiles. Read all about it and check it out!