User-managed access

from Wikipedia, the free encyclopedia

User Managed Access (UMA) is an OAuth -based protocol for the administration of access rights ("access management protocol"). The protocol is currently (end of 2013) defined in a draft for version 1.0. This specification defines the legally binding obligations of the parties participating in UMA-compliant interactions. The development of UMA as a web standard takes place in the Kantara initiative .

UMA is based on several hypotheses. One of them is that consent ("consent") is not very convenient and only weak consent to exercise control of the user over the disclosure of confidential information. Another reason is that the management of the agreed data access from a client application to a server does not “scale” well (ie becomes disproportionately slower) if one uses many applications. Another reason is that autonomy and individual privacy require control and transparency in order to keep track of data shared with a large number of parties, and not just applications that are used by the user himself.

Accordingly, the design of UMA focuses on how a web user uses the web application called Authorization Server (AS). The AS is used to protect the shared web resources (i.e. ultimately data and information). These web resources could reside on any number of servers, referred to in UMA as "Resource Servers" (RS). Applications that have the original authorization of the user as well as other persons or organizations can access the protected resources by requesting client applications, as long as these comply with the corresponding user guidelines on the AS (i.e. access is permitted). These guidelines or rules are referred to as "policy".

History and background

The Kantara initiative UMA Work Group held its first meeting on August 6, 2009. UMA design principles and engineering began from previous work by Sun Microsystems employees in March 2008 developing a protocol called ProtectServe. ProtectServe was influenced by the goals of the Vendor Relationship Management (VRM) movement and effort, an offshoot called "Feeds-Based VRM".

ProtectServe and the earlier versions of UMA used the OAuth 1.0 protocol. When OAuth was changed with the publication of the WRAP specification, the drafts for the UMA specification were adapted.

UMA is not dependent on OpenID 2.0. However, it optionally uses the OAuth-based OpenID Connect protocol for authentication.

UMA also has no dependency on XACML as a means of describing user rules and obtaining policy decisions. UMA does not prescribe a format for the set of rules. However, UMA and XACML have some things in common when it comes to protocol flows.

Current status of standardization

The UMA-WG-Charter is aimed at the Internet Engineering Task Force (IETF) as a possible home for the UMA standardization work. For this purpose, the working group has submitted several draft versions ("internet draft") to the IETF for examination. One of them, a specification for "Dynamic Customer Registration", has already been accepted as a working point for the "OAuth Working Group".

Current processing and acceptance status

The UMA protocol has several implementations. Forgerock offers a first open source implementation under OpenUMA. A first implementation of the authorization server is to be tested with OpenAM in the nightly build . Gluu implemented UMA to secure and manage access to APIs. Cloud Identity Limited has a full UMA implementation for securing and managing access to personal information as well as web APIs. Some others have shown interest in implementation and interoperability testing to the working group.

Individual evidence

  1. ^ UMA working group wiki
  2. http://kantarainitiative.org/confluence/display/uma/Meetings+and+Minutes?src=contextnavchildmode UMA workgroup meeting minutes
  3. http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg Internet Draft: OAuth 2.0 Dynamic Client Registration Core Protocol
  4. https://forgerock.org/openuma/ OpenUMA
  5. https://forgerock.org/openam/ authorization servers
  6. Archived copy ( memento of the original dated February 9, 2014 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. Gluu OSS implementation of UMA @1@ 2Template: Webachiv / IABot / www.gluu.org

Web links