User-Managed Access (UMA) is an access management protocol standard that allows users to control authorization and delegation of access to their resources to online services and other entities. The standard lets resource owners directly manage the rules for access to their private information. This is a key feature in the evolution of access management in the IoT world and has thus inspired many of the leading Access Management software companies to integrate UMA into their products.
UMA relies on the Open standard for Authorization (OAuth 2.0) and extends it to to support the new user-centric concepts of Resource Owner (RO) and Requesting Party (RqP), as well as to clearly distinguish the concepts of Client (C), Resource Server (RS) and Authorization Server (AS). In simple words, the interaction between these entities can be summarized as follows. To manage access to a particular resource, a resource owner communicates with the the authorization server through their resource server and sets up policy rules and conditions. Assuming that the policy rules allow some sort of access to a requesting party, the party can demand access by letting their client communicate to the resource server and to provide a valid token, issued by the authorization server if legitimate. The following diagram illustrates the protocol standard:
Figure 1: UMA entities and relationships taken from https://en.wikipedia.org/wiki/User-Managed_Access
Nulli can help your enterprise:
- Understand UMA capability, theory, and best practices.
- Design a flexible and scalable UMA solution that suits your corporate requirements.
- Integrate UMA in a systematic way into your already existing IAM architecture.
- Improve end user satisfaction.
- Develop custom UMA implementations and enhancements for edge-case needs.
Our Partner Solutions
ForgeRock OpenUMA within ForgeRock Access Management
ForgeRock™ is among the market-leading providers of Access Management software. The company has developed an UMA-compatible open-source software as part of the Access Management product, which aims to play the role of an UMA authorization server. The project has been initiated by the OpenUMA community and is accessible in the OpenAM open source project. OpenUMA is delivered as part of the ForgeRock Access Management product.
We provide you with the knowledge and skills to:
- Install, configure, and/or upgrade quickly and seamlessly to ForgeRock Access Management which supports UMA.
- Analyze, design and configure UMA/OAuth2/OpenIDC entities, resource sets, and policy frameworks to support particular use cases.
- Protect access to Internet of Things (IoT) devices using ForgeRock Access Management combined with Identity Gateway and OpenUMA.
- Design and implement UMA gateways to convert legacy applications to UMA-aware resource servers and clients, with minimal changes.
- Integrate OpenUMA implementation with graph databases for enhanced auditing and policy enforcement.
- Leverage your already existing data in providing advanced access policy frameworks.
- Integrate UMA solutions with advanced ForgeRock Access Management authentication solutions (such as social login and multi-factor authentication).
- Design and support Relationship Based Authorization Controls (RelBAC).