The UMA V1.0 specifications are Kantara Initiative Recommendations

OpenUMAThe User-Managed Access (UMA) Version 1.0 specifications have been finalized as Kantara Initiative Recommendations, the highest level of technical standardization in that body. These specs were developed by the UMA Work Group of Kantara over the last several years.

The main spec is officially known as User-Managed Access (UMA) Profile of OAuth 2.0 but is colloquially known as UMA Core. UMA Core defines how resource owners can control protected-resource access by clients operated by arbitrary requesting parties, where the resources reside on any number of resource servers, and where a centralized authorization server governs access based on resource owner policies.

UMA Core calls several other specs by reference, but only one referenced spec is currently a product of the UMA WG. Officially known as OAuth 2.0 Resource Set Registration but colloquially known as RSR, this spec defines a resource set registration mechanism between an OAuth 2.0 authorization server and resource server. The resource server registers information about the semantics and discovery properties of its resources with the authorization server. The RSR mechanism is useful not just for UMA, but also potentially for OpenID Connect and plain OAuth use cases as well.

ForgeRock is implementing the UMA specifications in OpenAM as part of its OpenUMA project. We invite your feedback on our OpenAM UMA Provider implementation.

Congratulations to Kantara and the UMA Work Group on this milestone!

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?