As a profile of OAuth 2.0 that is complementary to OpenID Connect, UMA defines RESTful, JSON-based, standardized flows and constructs for coordinating the protection of any API or web resource.
UMA defines the concepts of Authorization Servers (AS) and Resource Servers (RS). The Gluu Server functions as an UMA AS and provides an interface for scripting unique policies for access management. Gluu’s client software, oxd, can be used to protect your application with UMA RS code.
Enterprise Web Access Management
Controlling who can get to what websites has been an important objective for organizations for more than a decade. Previous WAM solutions were based on proprietary software and processes.
Stepped Up Authentication
Certain parts of a website might require stronger authentication. UMA gives organizations the ability to define a minimum type of authentication that’s needed to access a certain website or even a part of the website.
API Access Management
OAuth 2 requires companies to issue client ID’s and passwords to partners. UMA enables organizations to define which clients can access which API’s or even which functions within an API.