The big idea behind UMA is that users should have a simple, standard way to control access to their online data or resources (files, photos, calendar, contacts, etc.) that doesn’t depend on a single service provider (e.g., a large social network). Rather there should be a user-managed access protocol that works interoperably across different service providers, much the same way Web servers or email servers work interoperably across a user’s choice of different service providers.
Today the Kantara Initiative User Managed Access Working Group announced the first draft recommendation for UMA had been contributed it to the IETF for consideration.
UMA builds on top of the IETF OAuth 2.0 effort, already nearing completion at IETF, and adds the critical pieces needed for a user to set up and configure an online Authorization Manager (AM). An AM is a service that acts on behalf of a user to control access to the user’s resources stored anywhere on the Web, similar to the way a bank help you control access to your money no matter which account it may be stored in. For example, Newcastle University in the UK already has an implementation of UMA that lets a Facebook user control access by their Facebook friends to a set of online files and photos that are not stored on Facebook.
Why does Connect.Me have to do with UMA? Connect.Me believes in user-controlled access to any personal data or resource that has value, including a user’s own personal network of contacts and relationships, whether with other people, communities, or businesses. UMA is a tool for providing that control, and we applaud this milestone for the Kantara UMA Working Group and its chair, Eve Maler.