Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 53 Next »

This page gathers information about implementation efforts and interest, along with interoperability testing plans. Maciej Machulak is the UMA group's implementation coordinator. Key existing implementations that we know about are noted below, in alphabetical order of the project or organization.


OCT '17 The company ForgeRock (also at @ForgeRock) has an Identity Platform that includes an implementation of UMA 2.0, with both an "UMA Provider" (authorization server component) and an "UMA Protector" (resource server component), targeted at individual consent and data sharing use cases. The case studies Users Managing Delegated Access to Online Government Services and and Aggregating and Sharing Pension Information were based on POCs performed with earlier versions of the ForgeRock Identity Platform.


The company Gluu (also at @GluuFederation) hosts the OXAuth open-source project, to which it has contributed an UMA component. The main use case for this implementation is enterprise usage; see the Enterprise UMA case study, the March 2014 "UMA for the Enterprise" webinar slides and recording, Gluu's UMA page, and its YouTube channel for more info.

Gluu has also implemented a crowdfunded Apache server plugin that enables web apps in an Apache container to be UMA-protected.

Gluu has also proposed an "OX UMA claim profile"; for more information, see the Third-Party Profiles page.

HIE of One

OCT '17 The HIE of One open-source project is run by Michael Chen, MD and Adrian Gropper, MD. It implements an UMA V1.0.1 authorization server, and supports dynamic client registration for resource servers and clients. HIE of One serves as an OpenID Connect relay to other OIDC services, such as Google and Twitter. This authorization server is meant to be deployed as a single instance per patient (user). It is licensed through GNU AGPLv3. Support information is available at the distro link.

HIE of One acts as a Health Information Exchange service but under control by the patient themselves. It is coupled in the same root domain URL with a resource server that acts as a patient-centered health record (NOSH ChartingSystem), although they are two separate projects. HIE of One allows the patient to control user-managed access to her resources served by NOSH ChartingSystem using a specific RESTful API (FHIR) for health-related information. This allows other third-party applications to take advantage of the patient's health-related information in a secure and privileged manner, governed by the user and not by another third party.

HIE of One is not in production at this time; fully working code is in GitHub and is used for current demonstration of how HIE of One is coupled with NOSH ChartingSystem for the above functionality.

This implementation leverages third-party OAuth and OpenID Connect implementations Google OAuth2, Twitter OAuth2, and mdNOSH (this is for demo purposes for physician single-sign-on, not federated).

Jericho Systems

In 2015 the company Jericho Systems announced a product, Consentral on FHIR, with UMA support; it also performed a Privacy on FHIR demonstration with UMA support.

MITREid Connect

The open-source MITREid Connect project has UMA1 support. An experimental branch called MPD (for "multi-party delegation") has been used as a sandbox for UMA2 features, but has not yet been updated to full UMA2 support.


JAN '18 Pauldron is an open-source (MIT license) UMA authorization server, with several extensions catering to use cases that have come out of healthcare-related work in the HL7 environment, available on GitHub.

RedHat KeyCloak

RedHat's KeyCloak authorization services offering includes partial UMA1 support, and according to a Work Group participant, the project is working on including full UMA2 support as of June 2017.

SMART project (non-healthcare-related)

This older Java implementation includes an UMA/j framework and sample applications. See the SMART blog. The OAuth portion, originally named leeloo, was contributed to Apache Amber (now Apache Oltu, which is going to include OpenID Connect and good JWT support too). Part the SMART project involves development of set of open-source Python libraries, called Puma, for UMA-enabling web apps to become UMA resource servers and clients. Note that this SMART project is distinct from the SMART health IT initiative.


The company Cloud Identity Limited (since acquired by Synergetics) developed an UMA Authorization Server - NuveAM (Online Demo). NuveAM implements the UMA protocol and supports other open standards including OAuth 2.0, OpenID Connect, and SAML 2.0The company also developed Java and Python SDKs. More information is on the company's website and the company's YouTube channelThe company integrated UMA with its NuveLogin service to simplify the flow for Resource Server and Client applications.


The Telia telecom company has an identity solution that provides UMA support.

Universidad de Alcalá Telematic Services Engineering Group

This Python implementation, part of the European Union-funded project SITAC, focuses on IoT use cases. See a video here.

  • No labels