Abstract
Today, you use OAuth 2.0 to authorize software to access your own stuff, but what if you want to let someone else access your stuff? We call this "Alice to Bob sharing". This is one of the primary use cases for the User-Managed Access (UMA) protocol. Alice and Bob don’t have to be humans—either can be a non-person entity (NPE), such as a software process or company. With UMA, Alice can use any authorization server to share data with Bob. It's up to Bob and the clients he is using, to interact with the authorization servers of Alice's choosing. Moreover, Alice can choose to use the same authorization server for different protected information that she wants to share with Bob—this data can be distributed, yet access to it can be centralized with UMA. An interesting property of UMA is that it also handles asynchronous authorization. For example, Bob may request access to something, and Alice may not approve the request until she's online. Likewise, Alice can also create a policy at the authorization server that gives access to some data to Bob—she does not have to be online for access to be granted.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2018 Michael Schwartz, Maciej Machulak
About this chapter
Cite this chapter
Schwartz, M., Machulak, M. (2018). User-Managed Access. In: Securing the Perimeter. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-2601-8_8
Download citation
DOI: https://doi.org/10.1007/978-1-4842-2601-8_8
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-2600-1
Online ISBN: 978-1-4842-2601-8
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books