Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.



This Work Group operates under the Kantara IPR Policy - Option Patent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non discriminatory (RAND) (HTML version). You can find any opt-outs on this page.

Home | FAQ | Protocol Spec | Trust Model Spec | Chat Intro | Join | WG-UMA List | Archive (Mailman) | Archive (Google) | Calendar

Image Removed 

Thanks to vice-chair Maciej Machulak for the image above – it's a good reminder that "UMAnizing" websites and web apps can help add security and privacy features. The UMA V1.0 specifications have been approved as Kantara Initiative Recommendations – UMA Core V1.0 specification (Kantara Recommendation, IETF I-D rev 13) and OAuth Resource Set Registration V1.0 specification (Kantara Recommendation, IETF I-D rev 06). Check out our User Experience page to explore different user experience paradigms
titleUsing UMA to privacy-enable websites
UMA2 has an active business-legal framework workstream

Image Added

The premise of the Work Group's report A Proposed Licensing Model for User-Managed Access is that UMA enables the individual to centrally manage access and use rights with respect to personal digital assets by converting permission tokens into machine-readable licenses. The group is working on a companion document that outlines a larger business-legal framework for achieving a wide variety of rights delegation use cases involving UMA technology.

Here are the UMA Grant (PDF, HTML for deep linking) and UMA Federated Authorization Recommendations (PDF, HTML for deep linking). Don't miss the UMA2 masterclass delivered by two UMAnitarians at the Identiverse conference in Boston in June 2018 (slides and video). (The slides and video from the previous year's Authorization: Age of UMA session set in the Marvel Cinematic Universe was also a big hit!) The Release Notes review all final UMA1-to-UMA2 changes. See also the UMA Implementer's Guide, our list of known Implementations, and discussions of Case Studies. Finally, see the detailed UMA Grant sequence diagram and FedAuthz sequence diagram.

Image Removed

Image Added

User-Managed Access (UMA) is an award-winning OAuth-based protocol designed to give

a web user

an individual a unified control point for authorizing who and what can get access to their

online personal

digital data, content, and services, no matter where all those things live

on the web

. Read the


specs, join the group, check out the implementations, follow us on Twitter, like us on Facebook, get involved!

The UMA Roadmap for 2016 guided the use cases and technical issues that the Work Group focused on in its UMA2 effort. You can find other drivers in the Work Group's original compendium of Scenarios and Use Cases, its Case Studies page, and its User Stories page.

The short link for this page is

 January 13: Chair Eve Maler presented on UMA to the IETF ACE group (Authentication and Authorization for Constrained Environments); here are her slides and here is the recording.


  • July 6: There's a new talk available on UMA from late May that may be of interest: Digital Consent: Taking UMA from Concept to Reality.
  • June 8: Our charter revision from 2013 was belatedly posted to the official charter page.
  • May 28: Leadership team elections were held, and Eve Maler, Maciej Machulak, Thomas Hardjono, and Domenico Catalano were re-elected to their leadership positions.
  • May 21: The recording from May 16's UMA V1.0 webinar is now available on YouTube (slides, video)!
  • April 4: The UMA V1.0 specifications have been approved as Kantara Initiative Recommendations! Thanks to Kantara and to all UMAnitarians for your efforts to this point! The final UMA Core V1.0 specification (Kantara Recommendation, IETF I-D rev 13) and OAuth Resource Set Registration V1.0 specification (Kantara Recommendation, IETF I-D rev 06) are available. Check out the growing UMA Implementer's Guide. Work continues on the UMA Binding Obligations specification.
    • 16 Jul '20: Make sure to register for the new Kantara UMA webinar taking place on July 21st at 1pm ET – it will be all about health info interop and user control, and will include a demonstration.
    • 22 Nov '19: There's a new implementation up on the Implementations page: PatientShare from Lush Group. It's also an implementation of the HEART profiles. Read all about it and check it out!

    Widget Connector
    • Chair: Eve Maler
    • Vice-Chair: Maciej Machulak
    • Full leadership team list
    • Read about Kantara leadership roles
    Teleconference Info