WAKEFIELD, Mass.--(BUSINESS WIRE)--The Kantara Initiative formally announced today the approval and publication of the User-Managed Access (UMA) Version 2.0 (UMA 2.0) technical specifications. UMA 2.0 offers significant enhancements to the established global standard bringing user consent, control and trust into easier reach for organizations processing personal data.
UMA is an award-winning OAuth-based protocol designed to give individuals a convenient central place for controlling who and what can access their online personal data, no matter where that data resides. This gives control to the individual allowing him or her to share or withdraw access to their information on their own terms instead of having to provide "opt-in" consent immediately. The Kantara Initiative approved UMA Version 1.0 of the standard in 2015 and it is currently deployed in projects worldwide.
“Organizations worldwide have never had more incentives to include individuals in their machinations involving personal data. Three factors are contributing to this: strengthened data protection regulations, notably the General Data Protection Regulation; consumer savviness about poor organizational security and trustworthiness; and important use cases – particularly in healthcare, financial services, and the Internet of Things – for positive data sharing," said Eve Maler, founder and chair, UMA Work Group, Kantara Initiative and vice president, Innovation & Emerging Technology, ForgeRock. "UMA 2.0 addresses key requirements in this landscape to make it ‘as easy to withdraw consent as to give it,’ in a unique way.”
- Review the UMA 2.0 specifications - Grant for OAuth 2.0 and Federated Authorization
- Contribute to UMA’s further design, implementation and deployment
- Read UMA Case Studies
- Join the Kantara Initiative and learn more
About UMA 2.0 – What's Changed and Improved
UMA 2.0
simplifies the protocol and aligns it more closely with its OAuth design
base, making it easier to implement and deploy further improving its
security posture. It also enables more dynamic sharing scenarios. Third,
it makes personal data-sharing simpler in Internet of Things scenarios
by ensuring that data servers do not require constant connectivity with
an authorization service.
"At Kantara, we are passionate about giving control of data back to people. UMA 2.0 was developed with an open, transparent and standards-based approach and is another step forward in our mission," said Colin Wallis, executive director, Kantara Initiative. "Special thanks to the User-Managed Access Work Group and other Kantara members for their technical work on UMA 2.0."
About Kantara Initiative
Kantara Initiative provides
real-world innovation and development of specifications and conformity
assessment programs for the digital identity and personal data
ecosystems. Beyond its flagship Identity
Assurance Trust Framework, developing initiatives including Identity
Relationship Management, User
Managed Access (EIC Award Winner for Innovation in Information
Security 2014), Identities
of Things, and the Consent
Receipt, Kantara Initiative connects a global, open, and transparent
leadership community, including CA Technologies, digi.me, Experian,
ForgeRock, Internet Society, Nomura Research Institute, and SecureKey
Technologies. More information is available at https://kantarainitiative.org/.
Follow
Kantara Initiative on Twitter
-- @KantaraNews