UMA 2.0 brings user consent, control and trust into easier reach for organizations processing personal data
WAKEFIELD, Mass., USA – February 13, 2018 – The Kantara Initiative formally announced today the approval and publication of the User-Managed Access (UMA) Version 2.0 (UMA 2.0) technical specifications. UMA 2.0 offers significant enhancements to the established global standard bringing user consent, control and trust into easier reach for organizations processing personal data.
UMA is an award-winning OAuth-based protocol designed to give individuals a convenient central place for controlling who and what can access their online personal data, no matter where that data resides. This gives control to the individual allowing him or her to share or withdraw access to their information on their own terms instead of having to provide “opt-in” consent immediately. The Kantara Initiative approved UMA Version 1.0 of the standard in 2015 and it is currently deployed in projects worldwide.
“Organizations worldwide have never had more incentives to include individuals in their machinations involving personal data. Three factors are contributing to this: strengthened data protection regulations, notably the General Data Protection Regulation; consumer savviness about poor organizational security and trustworthiness; and important use cases – particularly in healthcare, financial services, and the Internet of Things – for positive data sharing,” said Eve Maler, founder and chair, UMA Work Group, Kantara Initiative and vice president, Innovation & Emerging Technology, ForgeRock. “UMA 2.0 addresses key requirements in this landscape to make it ‘as easy to withdraw consent as to give it’, in a unique way.”
- Review the UMA 2.0 specifications – Grant for OAuth 2.0 and Federated Authorization
- Contribute to UMA’s further design, implementation and deployment
- Read UMA Case Studies
- Join the Kantara Initiative and learn more
About UMA 2.0 – What’s Changed and Improved
UMA 2.0 simplifies the protocol and aligns it more closely with its OAuth design base, making it easier to implement and deploy further improving its security posture. It also enables more dynamic sharing scenarios. Third, it makes personal data-sharing simpler in Internet of Things scenarios by ensuring that data servers do not require constant connectivity with an authorization service.
“At Kantara, we are passionate about giving control of data back to people. UMA 2.0 was developed with an open, transparent and standards-based approach and is another step forward in our mission,” said Colin Wallis, executive director, Kantara Initiative. “Special thanks to the User-Managed Access Work Group and other Kantara members for their technical work on UMA 2.0.”
About Kantara Initiative
Kantara Initiative provides real-world innovation and development of specifications and conformity assessment programs for the digital identity and personal data ecosystems. Beyond its flagship Identity Assurance Trust Framework, developing initiatives including Identity Relationship Management, User Managed Access (EIC Award Winner for Innovation in Information Security 2014), Identities of Things, and the Consent Receipt, Kantara Initiative connects a global, open, and transparent leadership community, including CA Technologies, digi.me, Experian, ForgeRock, Internet Society, Nomura Research Institute, and SecureKey Technologies. More information is available at https://kantarainitiative.org/.
Follow Kantara Initiative on Twitter — @KantaraNews
# # #