This Work Group operates under the Kantara IPR Policy - Option Patent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non discriminatory (RAND) (HTML version). You can find any opt-outs on this page.
Home | Intro | → Join ← | List | Archive (Mailman) | Archive (Google) | Calendar
|title||UMA V1.0.1 specifications approved by the Kantara membership|
The UMA V1.0.1 specifications are Kantara Recommendations! The UMA Core V1.0.1 Recommendation and the OAuth Resource Set Registration V1.0.1 Recommendation are now available (check out the Release Notes too). Many thanks to the Work Group, the Kantara staff, and the membership for their support
We are undertaking some important new work on an UMA "policy manager" extension, and more. You can check it out by reading our Meetings and Minutes, and if you're interested to contribute, be sure to click our Join link above! ⬆︎
Here are the UMA Grant (PDF, HTML for deep linking) and UMA Federated Authorization Recommendations (PDF, HTML for deep linking). Don't miss the UMA2 masterclass delivered by two UMAnitarians at the Identiverse conference in Boston in June 2018 (slides and video). (The slides and video from the previous year's Authorization: Age of UMA session set in the Marvel Cinematic Universe was also a big hit!) The Release Notes review all final UMA1-to-UMA2 changes. See also the UMA Implementer's Guide, our list of known Implementations, and discussions of Case Studies. Finally, see the detailed UMA Grant sequence diagram and FedAuthz sequence diagram.
web user a
User-Managed Access (UMA) is an award-winning OAuth-based protocol designed to give an individual a
unified control point for authorizing who and what can get access to their
on the web spec, like us on FacebookSee the UMA Roadmap for 2016 page to see the use cases and technical issues that the Work Group is currently focusing on
digital data, content, and services, no matter where all those things live
June 23: Today Eve Maler (@xmlgrrl), Maciej Machulak (@mmachulak), and Domenico Catalano (@domcat) were re-elected to their leadership team positions – chair, vice-chair, and user experience editor, respectively. Maciej was also elected to the new position of UMA Developer Resources Work Group liaison. See the Leadership Team page for all details. Thanks to all previously serving leadership team members for their service!March 29: One of UMA's three trust elevation methods, claims gathering, was reported on January 27 to be affected by a session fixation attack. The WG has produced an extension specification to enable mitigation of the attack called UMA Claims-Gathering Extension for Enhanced Security, and a background document to further discuss the attack, the mitigation chosen, and other approaches considered and possible. Many thanks to the original reporters of the issue and the group for its quick action.February 12: The new UMA Roadmap for 2016 page keeps track of the use cases we are prioritizing and currently focusing on.January 25: Enabling user-managed access requires a "BLT sandwich" – not just technical solutions, but well-rounded business and legal solutions as well! A new set of UMA Legal auxiliary material is now available on this wiki, representing the work done by the WG and its ad hoc legal subgroup. Stay tuned for more news and deliverables.January 17: As of December 23, the Kantara All-Member Ballot for the UMA V1.0.1 specifications passed with flying colors. The UMA Core V1.0.1 Recommendation and the OAuth Resource Set Registration V1.0.1 Recommendation are now available (check out the Release Notes too). Many thanks to the Work Group, the Kantara staff, and the membership for their support as we cleaned up various small bugs throughout the spring and summer and returned the specs to the community for review in the fall.
- 10 Jun '21: Congratulations to the new leadership team members! Alec Laws (of Identos) is the Chair and Steve Venema (of ForgeRock) is the Vice-Chair. The WG extends its thanks to former Chair Eve Maler for her previous service as chair. Information about the entire leadership team is here.
- 20 Apr '21: You can get the latest and greatest UMA 101 presentation delivered by UMAnitarians Eve and George at IIW here.
- 3 Dec '20: The UMA Work Group is pleased to accept a new profile contribution (to be provided immently) related to UK Pensions Dashboards as shown on-screen at its meeting today. Read all about it on our updated Third-Party Profiles and Extensions page.
- 15 Oct '20: We are undertaking some important new work on an UMA "policy manager" extension, and more. You can check it out by reading our Meetings and Minutes, and if you're interested to contribute, be sure to click our Join link above! ⬆︎
- 1 Oct '20: WG chair Eve Maler presented UMA to the Decentralized Identity Foundation Secure Data Storage WG. Here are her slides.
- 22 Nov '19: There's a new implementation up on the Implementations page: PatientShare from Lush Group. It's also an implementation of the HEART profiles. Read all about it and check it out!