Kantara Initiative Announces the Release of New User-Managed Access (UMA) Recommendations for Privacy, Consent, and Security

February 9, 2016 – Piscataway, NJ –  The Kantara Initiative is pleased to announce that its membership has approved the latest technical specifications submitted by its User-Managed Access (UMA) Work Group as Kantara Recommendations. The two Version 1.0 UMA-related specifications became Recommendations in March 2015; the matching set of Version 1.0.1 revisions became Recommendations in December 2015.

UMA is an OAuth-based protocol designed to give an individual a unified control point for authorizing who and what can get access to their digital data, content, and services, no matter where all those resources live. Use cases for UMA include the protection of personal data coming from cloud, mobile, and Internet of Things sources, along with enterprise API authorization and access control. The two approved specifications include an “UMA Core” specification and an “OAuth Resource Set Registration” specification; the latter has broader applicability to other protocols. In May 2014, UMA won a Best Innovation in Information Security award from analyst firm KuppingerCole at its European Identity & Cloud Conference.

In only six months of design work, the Work Group closed 72 reported issues, of which 38 were substantive clarifications or corrections. The remaining issues were editorial items to help make the specifications easier to understand and to rectify other minor issues.

Eve Maler, founder and chair of the UMA Work Group and VP Innovation & Emerging Technology at ForgeRock, commented, “The number of UMA implementations just keeps growing – further evidence of the need for a standard, agile approach to user consent and privacy, these real-world experiences are informing the protocol’s design in double time. Our Work Group is ready to take on the challenges of a digital landscape that needs a serious user delegation and consent standard.”

Colin Wallis, Kantara Executive Director, commented “As the industry learns that the challenges of federated authorization and delegation are as big as the challenge that authentication once was, UMA will quickly become the defacto specification of choice – and fast movers are already there”.

The UMA Work Group will now continue to maintain and enhance the specifications, as well as to develop solutions that reduce inhibitors to adoption in a business context, including legal “model clauses” that can be included in trust framework agreements.

 

The Kantara Initiative invites parties interested to contribute to UMA’s further design, implementation, and deployment to become Work Group participants by visiting http://tinyurl.com/umawg, and invites parties interested to contribute to the Initiative’s goals of strategic vision and real-world innovation for digital identity innovation to become members by visiting http://kantarainitiative.org/members/.

 

About Kantara Initiative

Kantara Initiative is a membership organization that provides strategic vision and real-world innovation for digital identity transformation. Ongoing initiatives in the Kantara community include: Identity Relationship ManagementUser Managed Access (EIC Award Winner for Innovation in Information Security 2014), Identities of Things, and Minimum Viable Consent Receipt.