Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Section
Column
width70%

This Work Group operates under the Kantara IPR Policy - Option Patent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non discriminatory (RAND) (HTML version). You can find any opt-outs on this page.

Home | Intro | → Join ← | List | Archive (Mailman) | Archive (Google) | Calendar


Image Removed

The UMA V2.0 specifications are at "WG last call"! Our 2016 roadmap work has borne fruit, and the Work Group approved a key set of drafts as of 9 March 2017: UMA Core V2.0 revision 20 and OAuth 2.0 Resource Registration revision 07. Here is a detailed swimlane diagram that dynamically tracks the drafts, and a high-level swimlane diagram that briefly summarizes the UMA2 flow. If
Panel
borderColor#99cc00
bgColor#ffffff
borderWidth4pt
titleThe UMA V2.0 specifications are WG Last Call!
UMA extension efforts

Image Added

We are undertaking some important new work on an UMA "policy manager" extension, and more. You can check it out by reading our Meetings and Minutes, and if you're interested to contribute, be sure to the review, testing, and finalization of the Kantara Recommendation versions of these specifications over the coming few weeks and months, we welcome you! Fill out the Group Participation Agreement form to get going. The WG last call period will end on April 11. Click the image above to view the UMA Movie, which premiered at the 23rd Internet Identity Workshop in October 2016click our Join link above! ⬆︎

Here are the UMA Grant (PDF, HTML for deep linking) and UMA Federated Authorization Recommendations (PDF, HTML for deep linking). Don't miss the UMA2 masterclass delivered by two UMAnitarians at the Identiverse conference in Boston in June 2018 (slides and video). (The slides and video from the previous year's Authorization: Age of UMA session set in the Marvel Cinematic Universe was also a big hit!) The Release Notes review all final UMA1-to-UMA2 changes. See also the UMA Implementer's Guide, our list of known Implementations, and discussions of Case Studies. Finally, see the detailed UMA Grant sequence diagram and FedAuthz sequence diagram.

Panel
borderColor#7f7f7f
borderWidth0
Image Removed

Image Added

User-Managed Access (UMA) is an award-winning OAuth-based protocol designed to give an individual a unified control point for authorizing who and what can get access to their digital data, content, and services, no matter where all those things live. Read the specs, join the group, check out the implementations, follow us on Twitter, like us on Facebook, get involved!

See the UMA Roadmap for 2016 page to see the use cases and technical issues that the Work Group is currently focusing on

The group is currently working on extensions to UMA V2.0.

The short link for this page is http://tinyurl.com/umawg.

 


News:

March 13: The UMA V2.0 specifications are at "WG last call"! Our 2016 roadmap work has borne fruit, and the Work Group approved a key set of drafts as of 9 March 2017: UMA Core V2.0 revision 20 and OAuth 2.0 Resource Registration revision 07. Here is a detailed swimlane diagram that dynamically tracks the drafts, and a high-level swimlane diagram that briefly summarizes the UMA2 flow. If
  • 20 Oct '20: You can get UMAnitarian George Fletcher's UMA 101 presentation from IIW right here.
  • 15 Oct '20: We are undertaking some important new work on an UMA "policy manager" extension, and more. You can check it out by reading our Meetings and Minutes, and if you're interested to contribute
to the review, testing, and finalization of the Kantara Recommendation versions of these specifications over the coming few weeks and months, we welcome you! Fill out the Group Participation Agreement form to get going. The WG last call period will end on April 11.
  • March 3: The UMA Legal subgroup is meeting again to look at important new deliverables. If you've got a legal specialty, or want to contribute to the connection between consent/permission/authorization/delegation and the regulatory data protection world, you're just the kind of person we're looking for.
  • November 4: The UMA Legal subgroup has a new sharpened-up charter today! Check out the Legal page for links to interim deliverables. Particularly if you're a "legal eagle", are familiar with GDPR, or have business use cases involving delegation or proxies/guardians, we'd love for you to join us and help out. (See the Join link on this page.)
  • March 29: One of UMA's three trust elevation methods, claims gathering, was reported on January 27 to be affected by a session fixation attack. The WG has produced an extension specification to enable mitigation of the attack called UMA Claims-Gathering Extension for Enhanced Security, and a background document to further discuss the attack, the mitigation chosen, and other approaches considered and possible. Many thanks to the original reporters of the issue and the group for its quick action.
    • , be sure to click our Join link above! ⬆︎
    • 1 Oct '20: WG chair Eve Maler presented UMA to the Decentralized Identity Foundation Secure Data Storage WG. Here are her slides
    • 22 Nov '19: There's a new implementation up on the Implementations page: PatientShare from Lush Group. It's also an implementation of the HEART profiles. Read all about it and check it out!
    Column
    Column
    width5%
     

    Widget Connector
    url
    Column
    width25%
    Leadership
    • Chair: Eve Maler
    • Vice-Chair: Maciej MachulakAlec Laws
    • Full leadership team list
    • Read about Kantara leadership roles
    Teleconference Info
    Section
    twitter
    settings/widgets/419665047808274433

     

    Column
    width5%