+1.
We have just finished a pretty successful PoC of UMA here down-under.
What does that mean? Well.. for use cases that UMA was designed for, it was great.
For use cases where we stretched it way way over its intended scope, less so (wanted to see just how far we could go ..☺)
For use cases that weren’t even in the scope of UMA, ditto.
The point is that the distributed authorization and access control use cases can be pretty complex at the best of times..and they are highly contextual. You can’t design up front, for every single one of them.
Add the fact it was Gov, multiple agencies, a lot of ‘system’ (headless use cases we called them) and you have super complexity.
You have to do some supporting work in your software, in your processes, even maybe some customization here and there.
But we came out with a clear understanding that we were a helluva long way better off than coding up something from scratch from OAuth to do.. well .. what UMA does really.. plus some other things.
Cheers
Colin
From: wg-uma-bounces@kantarainitiative.org [mailto:wg-uma-bounces@kantarainitiative.org] On Behalf Of Adrian Gropper
Sent: Wednesday, 7 October 2015 3:05 a.m.
To: Salvatore D'Agostino
Cc: Michael Schwartz; wg-uma@kantarainitiative.org WG
Subject: Re: [WG-UMA] UMA is ready
Justin nailed it! Michael Chen and I ran headlong into many of the same issues Justin had already reported as soon as we started. More important, the more I've worked on UMA, the more concerned I get on how the profiling around the protocol is going to impact interoperability. How many Authorization Servers will each citizen have? Eve and I have started to work on that around the legal subgroup but we will need a broader discussion soon.
That said, I remain guilty of evangelizing UMA far and wide and am truly grateful for the amazing work the group is doing.
Thank you.
Adrian
On Tue, Oct 6, 2015 at 8:50 AM, Salvatore D'Agostino
On Oct 6, 2015, at 12:49 AM, Mike Schwartz
mailto:mike@gluu.org> wrote: I have heard and seen pushback that UMA is too immature to implement yet and that worries me.
Of course its hard to respond to hearsay, but maybe the ones saying UMA is immature have an interest in non-interoperability of API security. Maybe it's not in the interest of vendors who haven't implemented, or don't understand UMA, to say it's immature. Or maybe the ones saying its not mature would rather not see a standard evolving at an organization they can't control. Who knows...
Gluu had no trouble implementing UMA. And the changes from 1.0 to 1.0.1 are no worse than the changes we've seen in OpenID Connect (i.e. look at the new front channel and back channel logout proposed specs).
Ultimately, Gluu's customers are deriving a competitive business advantage by using UMA, and that's all that really matters to us.
What I'd like to see is more sample code and more libraries. I think that would help--i.e. implementation is exactly what is needed, not what should be delayed.
- Mike
------------------------------------- Michael Schwartz Gluu Founder / CEO _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.orgmailto:WG-UMA@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-uma
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.orgmailto:WG-UMA@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-uma _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.orgmailto:WG-UMA@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-uma -- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/