Title: Gluu Publishes Open Source “Enterprise UMA” Software to enable OAuth 2.0 Access
1Gluu Publishes Open Source Enterprise UMA
Software to enable OAuth 2.0 Access
Gluu announced today that the newest software
release from OX, Gluus open source authorization
and authentication project, implements UMA, a new
profile of OAuth 2.0 for access management. As a
profile of OAuth 2.0 that is complementary to
OpenID Connect, UMA defines RESTful, JSON-based,
standardized flows and constructs for
coordinating the protection of any API or web
resource. UMA defines interfaces between
authorization servers and resource servers
that enable centralized policy decision-making
for improved policy administration, auditing, and
responsiveness to security threats. According
to the UMA Working Groups case study on
enterprise access management, although UMAs
primary use cases have centered on individual
people, more specifically the users who manage
access to their own online resources, the UMA
notion of authorization as a service also has
relevance to modern enterprises that must secure
APIs and other web resources in a
developer-friendly way.
2The UMA Work Group observes the utility of the
protocol for multiple scenarios, noting that
Enterprise UMA has a number of use cases,
including managing client access to APIs,
defining logic for Stepped-Up Authentication, and
providing the foundation for standards-based
interoperable web access management. With UMA,
developers can handle authorization tasks by
calling simple JSON/REST endpoints.
Administrators no longer have to deploy a web
server plugin module or a web reverse proxy to
enable centralized web authorization. This new
paradigm can also be leveraged by native
applications, for example mobile or cloud
applications. Integrating UMA into OX, our
open source authorization and authentication
platform, has opened the door for new enterprise
authorization capabilities only partially solved
by previous commercial access management suites,
said Gluu CEO Michael Schwartz. UMA is a major
milestone for the Internet. Right now
authorization logic is managed in each
application, and it is hard for large
organizations to centralize policies. Previous
attempts to centralize authorization policies
have been proprietary, and are not Internet
scale. By defining an IETF standard for a
developer-friendly access management protocol,
UMA reverses this trend, and ultimately will make
the Internet a safer place for both people and
companies.
3The OX UMA Authorization Server implements all
the UMA defined endpoints. It also provides a web
tool to enable administrators at the domain to
view the servers resource sets and to define the
policies for access management. These are written
using Java or Python code, and customized to meet
the exact authorization requirements, including
calls to external systems or datcan be highly a
sources. OX also provides all OpenID Connect
endpoints, which provide client registration,
authentication, and attribute release policies to
support an UMA policy decision point, which is
required by the UMA endpoints. For more
information on Gluus implementation of UMA visit
http//gluu.org/uma-access-management About
Gluu Gluu provides an open source
authentication and authorization platform for
organizations that want to leverage open
standards such as OpenID Connect, SAML 2.0, and
UMA to enable strong authentication, active
directory single sign on, and access management.
Deployed quickly on the customers IAAS platform
of choice, Gluus technology stack improves the
quality and drives down the cost of an
increasingly complex and mission critical IT
service authentication and authorization (AA).
4About UMA User-Managed Access (UMA, pronounced
OOH-mah) is an OAuth-based protocol designed to
give a web user a unified control point for
authorizing who and what can get access to their
online personal data (such as identity
attributes), content (such as photos), and
services (such as viewing and creating status
updates), no matter where all those things live
on the web.