I have heard and seen pushback that UMA is too immature to implement yet and that worries me.
Of course its hard to respond to hearsay, but maybe the ones saying UMA is immature have an interest in non-interoperability of API security. Maybe it's not in the interest of vendors who haven't implemented, or don't understand UMA, to say it's immature. Or maybe the ones saying its not mature would rather not see a standard evolving at an organization they can't control. Who knows... Gluu had no trouble implementing UMA. And the changes from 1.0 to 1.0.1 are no worse than the changes we've seen in OpenID Connect (i.e. look at the new front channel and back channel logout proposed specs). Ultimately, Gluu's customers are deriving a competitive business advantage by using UMA, and that's all that really matters to us. What I'd like to see is more sample code and more libraries. I think that would help--i.e. implementation is exactly what is needed, not what should be delayed. - Mike ------------------------------------- Michael Schwartz Gluu Founder / CEO