This Work Group operates under the Kantara IPR Policy - Option Patent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non discriminatory (RAND) (HTML version). You can find any opt-outs on this page.
Home | Intro | Join | List | Archive (Mailman) | Archive (Google) | Calendar
|title||Debuting new UMA V2.0 draft specs based on WG last call comments and discussions!|
The Work Group has published a new set of drafts as of 27 April 2017 fully reflecting comments and discussion during the recent review period. If you're familiar with our "traditional" two-spec breakdown, try this new restructuring on for size: Introducing the UMA 2.0 Grant for OAuth 2.0 Authorization, nicknamed Grant (rev 02), and Federated Authorization for UMA 2.0, nicknamed FedAuthz (rev 02).
Here is a detailed swimlane diagram that dynamically tracks the drafts, and a high-level swimlane diagram that briefly summarizes the UMA2 flow. Expect release notes soon. The UMA Implementer's Guide is also growing. We are very keen to get your implementation feedback ASAP. The group plans to vote on starting the Public Comment period on May 12. If you're interested to contribute to the review, testing, and finalization of the Kantara Recommendation versions of these specifications over the coming few weeks, it's not too late! Fill out the Group Participation Agreement form to get going.Click the image above to view the UMA Movie, which premiered at the 23rd Internet Identity Workshop in October 2016. (Don't miss the "UMA 101" session at the 24th IIW May 2-4 in Mountain View!)
|UMA2 has an active business-legal framework workstream|
The premise of the Work Group's report A Proposed Licensing Model for User-Managed Access is that UMA enables the individual to centrally manage access and use rights with respect to personal digital assets by converting permission tokens into machine-readable licenses. The group is working on a companion document that outlines a larger business-legal framework for achieving a wide variety of rights delegation use cases involving UMA technology.
Here are the UMA Grant (PDF, HTML for deep linking) and UMA Federated Authorization Recommendations (PDF, HTML for deep linking). Don't miss the UMA2 masterclass delivered by two UMAnitarians at the Identiverse conference in Boston in June 2018 (slides and video). (The slides and video from the previous year's Authorization: Age of UMA session set in the Marvel Cinematic Universe was also a big hit!) The Release Notes review all final UMA1-to-UMA2 changes. See also the UMA Implementer's Guide, our list of known Implementations, and discussions of Case Studies. Finally, see the detailed UMA Grant sequence diagram and FedAuthz sequence diagram.
See the page to see
User-Managed Access (UMA) is an award-winning OAuth-based protocol designed to give an individual a unified control point for authorizing who and what can get access to their digital data, content, and services, no matter where all those things live. Read the specs, join the group, check out the implementations, follow us on Twitter, like us on Facebook, get involved!
has UMA V2.0 effort
guided the use cases and technical issues that the Work Group
April 27: The Work Group has published a new set of drafts as of 27 April 2017 fully reflecting comments and discussion during the recent review period. If you're familiar with our "traditional" two-spec breakdown, try this new restructuring on for size: Introducing the UMA 2.0 Grant for OAuth 2.0 Authorization, nicknamed Grant (rev 02), and Federated Authorization for UMA 2.0, nicknamed FedAuthz (rev 02).March 3: The UMA Legal subgroup is meeting again to look at important new deliverables. If you've got a legal specialty, or want to contribute to the connection between consent/permission/authorization/delegation and the regulatory data protection world, you're just the kind of person we're looking for.November 4: The UMA Legal subgroup has a new sharpened-up charter today! Check out the Legal page for links to interim deliverables. Particularly if you're a "legal eagle", are familiar with GDPR, or have business use cases involving delegation or proxies/guardians, we'd love for you to join us and help out. (See the Join link on this page.)
- 22 Nov '19: There's a new implementation up on the Implementations page: PatientShare from Lush Group. It's also an implementation of the HEART profiles. Read all about it and check it out!
- 3 Oct '19: Chair Eve Maler and vice-chair Maciej Machulak have been re-elected to their positions for an annual term. See the Leadership Team page for a full list.
- 1 Oct '19: Did you know that the UMA Work Group has an active business-legal framework workstream in addition to a technical workstream? You can check out our latest notes here, and contribute by joining the group!
- 30 Apr '19: Chair Eve Maler presented an UMA 101 session at IIW 28 in Mountain View.
- 23 Apr '19: UMA was a big part of a two-hour HEART (Health Relationship Trust) webinar and workshop; you can view the YouTube recording here.
- 25 Mar '19: The contributed UMA2 specs were presented at the IETF 104 meeting, at the Monday OAuth WG session. You can see the presented slides and the video of the whole session.
- 22 Feb '19: Don't miss the latest updates to our Implementations page, which include a new implementation from IDENTOS.