July 29th, 2015 Piscataway, NJ: Today Kantara Initiative announced the formation of the User-Managed Access Developer Resources Work Group (UMA Dev WG). Leaders from industry and government have come together to call on all interested parties to join the UMA Dev WG to advance global adoption of UMA. Interested parties can learn more here: https://kantarainitiative.org/confluence/x/n4VtB
“Kantara Initiative has been a stalwart supporter of our efforts to build the UMA standard,” said Eve Maler, ForgeRock vice president of innovation, UMA Work Group founder and chair, and convener of the new UMA Dev Work Group. “We’re taking the next exciting step, building free and open-source software with like-minded vendors, end-user organizations, and individual experts so we can foster truly open application ecosystems that give individuals greater control of their data.”
The purpose of the UMA Dev WG is to design and develop free and open-source software (FOSS) in several popular programming languages. FOSS empowers developers to incorporate UMA protection and authorization API enablement into applications, services, and devices, thus promoting privacy enhancement and broader adoption of UMA ecosystems. The UMA WG’s requirements and design principles encourage simplicity of specific kinds, and on the part of specific system entities, to foster ecosystem growth. The purpose of UMA Dev WG is to support those aims.
- Design principle 1 states UMA will be simple: “Simple to understand, implement in an interoperable fashion, and deploy on an Internet-wide scale.”
- Design principle 4 states UMA will be RESTful: “Resource-oriented (for example, as suggested by the REST architectural style) and operating natively on the Web to the extent possible.”
- Design principle 10 describes constraints on Complexity: “Complexity should be borne by the [authorization server] endpoint vs. the [resource server] or [client], if possible.”
Customers, citizens, employees, and partners all demand dynamic access controls in their online experiences. Developed via an open and transparent standards-based approach, UMA’s flexibility for users and enterprise authorization make it a key enabler for driving privacy and identity and access management. UMA can be applied to a growing number of use cases, including but not limited to authorization-as-a-service for the Internet of Things (IoT), social network sharing, the healthcare industry, business services, universities and governments.
“UMA represents an innovative approach to delegated access management furthering citizens’ digital relationship with service providers. The open source code libraries and tools to be progressed in UMA Dev will greatly assist developers in building functionally rich UMA deployments”, said Colin Wallis, Kantara’s eGov WG Vice Chair.
“UMA is increasingly becoming the de facto standard for access controlling under the context of IoT, which is a critical component in connected business. Building a comprehensive set of developer tools is equally important to build a healthy developer community around it for the wide adoption. We strongly believe UMA Dev WG is going to be one key effort to address that concern”, said Prabath Siriwardena, WSO2 Director of Security Architecture.
“UMA addresses critical components of Authorization management by providing users with transparency, choice and control over how they share personal resources and information,” said Joni Brennan, Kantara Initiative Executive Director. “Access Control standardization becomes even more critical as our world is more connected than ever through IoT innovations. UMA is scaled to address the challenges of today and the innovations of tomorrow.”
Kantara Initiative connects leaders from industry and governments to provide strategic vision and real-world innovation for the digital identity transformation. Via initiatives such as Identity Relationship Management, User Managed Access (EIC Award Winner for Innovation in Information Security 2014), Identities of Things, and Minimum Viable Consent Receipt, Kantara Initiative connects a global, open and transparent leadership community. Luminaries from organizations including CA Technologies, Experian, ForgeRock, IEEE-SA, Internet Society, Nomura Research Institute, Radiant Logic, and SecureKey provide strategic insights to drive progress in the transformational elements needed to leverage innovative and safe Identity Management for IoT, access control, context and consent. https://kantarainitiative.org