Our 2023 #DEIA survey is now open! Click here to participate!
Congratulations to the UMA Work Group on this milestone!
The User-Managed Access (UMA) Version 1.0 specifications have been finalized as Kantara Initiative Recommendations, the highest level of technical standardization Kantara Initiative can award. UMA has been developed over the last several years by industry leaders in our UMA Work Group.
- Check out the UMA WG
- Review the Approved Recommendation
- Become a Kantara Member to develop and sponsor UMA
- Considering implementing UMA? We’d love to know! Contact via Twitter @umawg
The main spec is officially known as User-Managed Access (UMA) Profile of OAuth 2.0 but is colloquially known as UMA Core. UMA Core defines how resource owners can control protected-resource access by clients operated by arbitrary requesting parties, where the resources reside on any number of resource servers, and where a centralized authorization server governs access based on resource owner policies.
UMA Core calls several other specs by reference, but only one referenced spec is currently a product of the UMA WG. Officially known as OAuth 2.0 Resource Set Registration but colloquially known as RSR, this spec defines a resource set registration mechanism between an OAuth 2.0 authorization server and resource server. The resource server registers information about the semantics and discovery properties of its resources with the authorization server. The RSR mechanism is useful not just for UMA, but also potentially for OpenID Connect and plain OAuth use cases as well.