UMA Demo

From IIW
Jump to: navigation, search

Session Topic: UMA Demo

Thursday 1D

Convener: Maciej

Notes-taker: Matt Berry

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


http://www.cloudidentity.co.uk/services/user-managed-access


  • Demo of UMA where B accesses A’s data for Job Application
  • RS sends data’s identifiers to AZ
  • RS pulls access control policies from AM
  • Job site (RS) can discover data from PDS RS
  • Receivers can request access to data asynchronous to data owner using RS
  • RS/AZ own process of notifying data owner about pending requests


  • Does UMA support conditional policies?
  • No: language doesn’t natively support it
  • Yes: scopes can be used to fake it “read”, “read-if-ip-in-range-192.168.0.0/32”


  • Does UMA support policies about data that doesn’t yet exist
  • No
  • Drafts around Policies written for “types” of data are in progress