Seeking service implementations

28 views
Skip to first unread message

Graham Klyne

unread,
Oct 11, 2013, 6:23:09 AM10/11/13
to uma...@googlegroups.com
Hi all,

I've just stumbled across the UMA project, and it looks like just what I want for an open source project for research data collection and management that I'm planning.  I've been digging around the OAuth2 landscape, and it's kinda hard to figure out what is actually available on the implementation front, especially for supporting services as opposed to client applications.

What I'm particularly interested in is finding a module that I can use with an off-the-shelf web server (e.g. Apache, nginx, or whatever) to provide controlled access (for specified URI patterns/prefixes and HTTP verbs), where the requesting client may be not a browser.  It seems as if it should be a shoo-in for UMA.  Is there an implementation of something like this, or something that could be relatively easily adapted for this purpose?

What I really want is off-the-shelf modules that I can use for:
- resource server implementation for existing web server
- configurable authorization server (preferably one that can use http-hosted permission data)
- python client libraries for setting up resource protection, and for obtaining RPT access tokens

(I've tried to follow terminology from http://tools.ietf.org/html/draft-hardjono-oauth-umacore-07 here)

I'm prepared to do some coding to bring the pieces together, but I don't want this to be a full time task ;)

Related to this, I came across a project from Newcastle University (http://smartjisc.wordpress.com/team/) who claimed to be producing an implementation, but their project web site appears to be down.  Does anyone know if this is now defunct?  

#g

Maciej Machulak

unread,
Oct 11, 2013, 7:05:04 AM10/11/13
to uma...@googlegroups.com

Hi Graham,


It’s great to see interest in the UMA technology and existing implementations. The SMART project at Newcastle University has ended quite some time ago and the website might be down - I was the Project Manager for this effort for nearly 3 years.


UMA offerings, including Open-Source software for clients (Hosts and Requesters), are provided by Cloud Identity Limited in UK - see http://www.cloudidentity.co.uk. From what you require:

- resource server implementation for existing web server


Cloud Identity has SDKs for Java and Python, including software that integrates well with Spring and Apache CXF.


- configurable authorization server (preferably one that can use http-hosted permission data)


We have a configurable Authorization Server compliant with UMA protocol with additional features to support clients with obtaining PAT and AAT tokens.


- python client libraries for setting up resource protection, and for obtaining RPT access tokens


We have Python libraries for Host and Requester applications.


It would be great to discuss your requirements in more details. Would you be available for a quick chat sometime soon? Please let me know in case you have any questions.


Kind regards,

Maciej


--
You received this message because you are subscribed to the Google Groups "User-Managed Access Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to uma-dev+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/uma-dev/7601fb13-aa24-4b66-9be0-102e6fd875be%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



--
Maciej Machulak
email: maciej....@gmail.com
mobile: +44 7999 606 767 (UK)
mobile: +48 602 45 31 66 (PL)

Graham Klyne

unread,
Oct 11, 2013, 8:24:09 AM10/11/13
to uma...@googlegroups.com
Hi Maciej,

Thanks for getting back to me.

I'll limit my comments here to purely technical issues.  I have some other questions which are probably not interesting to this group.

Please bear in mind that I have only just learned about UMA, so I certainly am not familiar with all the terminology and ramifications.  I also don't know very much about OAuth2.  But on the surface, UMA appears to do exactly what I'm looking for.

On Friday, October 11, 2013 12:05:04 PM UTC+1, Maciej Machulak wrote:

Hi Graham,


It’s great to see interest in the UMA technology and existing implementations. The SMART project at Newcastle University has ended quite some time ago and the website might be down - I was the Project Manager for this effort for nearly 3 years.


That was my guess... but your blog survives!
 

UMA offerings, including Open-Source software for clients (Hosts and Requesters), are provided by Cloud Identity Limited in UK - see http://www.cloudidentity.co.uk. From what you require:

- resource server implementation for existing web server


Cloud Identity has SDKs for Java and Python, including software that integrates well with Spring and Apache CXF.



I was thinking of something more at the level of an Apache HTTPD auth* module that could be configured to apply an access policy to requests for any resource, especially including static files.  I.e. at the resource access level, not something that plugs in to a specific Apache-hosted web application.
 

- configurable authorization server (preferably one that can use http-hosted permission data)


We have a configurable Authorization Server compliant with UMA protocol

 

with additional features to support clients with obtaining PAT and AAT tokens.


 
Sounds useful.

- python client libraries for setting up resource protection, and for obtaining RPT access tokens


We have Python libraries for Host and Requester applications.



I'm not fully grokking that bit, but I'm guessing it's the sort of thing I'm looking for.
 

It would be great to discuss your requirements in more details. Would you be available for a quick chat sometime soon? Please let me know in case you have any questions.


 
That would be interesting.  Is your ncl.ac.uk email still active?  Alternatively, we could rendezvous via twitter or skype - I'm @gklyne on both.

#g

Maciej Machulak

unread,
Oct 11, 2013, 12:00:47 PM10/11/13
to uma...@googlegroups.com
Hi Graham,

Thank you for your reply. Comments inline.

On 11 October 2013 14:24, Graham Klyne <gk-g...@ninebynine.org> wrote:
Hi Maciej,

Thanks for getting back to me.

I'll limit my comments here to purely technical issues.  I have some other questions which are probably not interesting to this group.

Sure. 
 

Please bear in mind that I have only just learned about UMA, so I certainly am not familiar with all the terminology and ramifications.  I also don't know very much about OAuth2.  But on the surface, UMA appears to do exactly what I'm looking for.


It would be great to learn more about the project and its requirements.

 
On Friday, October 11, 2013 12:05:04 PM UTC+1, Maciej Machulak wrote:

Hi Graham,


It’s great to see interest in the UMA technology and existing implementations. The SMART project at Newcastle University has ended quite some time ago and the website might be down - I was the Project Manager for this effort for nearly 3 years.


That was my guess... but your blog survives!

True.
 
 

UMA offerings, including Open-Source software for clients (Hosts and Requesters), are provided by Cloud Identity Limited in UK - see http://www.cloudidentity.co.uk. From what you require:

- resource server implementation for existing web server


Cloud Identity has SDKs for Java and Python, including software that integrates well with Spring and Apache CXF.



I was thinking of something more at the level of an Apache HTTPD auth* module that could be configured to apply an access policy to requests for any resource, especially including static files.  I.e. at the resource access level, not something that plugs in to a specific Apache-hosted web application.
 

A company named Gluu works on Apache HTTPD module that is planned to work with UMA-compliant Authorisation Servers. I am not sure about the status, though.
 

- configurable authorization server (preferably one that can use http-hosted permission data)


We have a configurable Authorization Server compliant with UMA protocol

 

with additional features to support clients with obtaining PAT and AAT tokens.


 
Sounds useful.

Yes, this can be used with any UMA-compliant framework.
 

- python client libraries for setting up resource protection, and for obtaining RPT access tokens


We have Python libraries for Host and Requester applications.



I'm not fully grokking that bit, but I'm guessing it's the sort of thing I'm looking for.

Yes, from what you write this is precisely what you are looking for.
 
 

It would be great to discuss your requirements in more details. Would you be available for a quick chat sometime soon? Please let me know in case you have any questions.


 
That would be interesting.  Is your ncl.ac.uk email still active?  Alternatively, we could rendezvous via twitter or skype - I'm @gklyne on both.

Yes, you can also use my gmail address: maciej....@gmail.com 
 

#g


Enjoy the weekend, cheers, Maciej
 

For more options, visit https://groups.google.com/groups/opt_out.

Eve Maler

unread,
Oct 11, 2013, 12:38:03 PM10/11/13
to uma...@googlegroups.com
Graham-- Thanks for your interest! The status of the Apache server plugin work can be found here:


Eve


For more options, visit https://groups.google.com/groups/opt_out.


Eve Maler                                  http://www.xmlgrrl.com/blog
+1 425 345 6756                         http://www.twitter.com/xmlgrrl

Michael Schwartz

unread,
Oct 11, 2013, 4:10:27 PM10/11/13
to uma...@googlegroups.com
Graham,

As mentioned, Gluu is working on PDP/PEP/PAP software similar to what
you describe. You should take a look at some of the videos on
http://gluu.org/videos on UMA Policy management. Also, we have a wiki
page on the design for an UMA PEP Apache plugin:
http://ox.gluu.org/doku.php?id=oxd:concept In order to use the UMA
plugin, we also needed an OpenID Connect plugin
http://ox.gluu.org/doku.php?id=oxd:mod_oic
for authn and attributes.

We crowdfunded these plugins : http://www.gluu.co/uma-apache
As mentioned in the status, we are finishing up the OpenID Connect
plugin right now. The Openid Connect plugin is almost done, and we're
hoping to make a dent in the UMA plugin as well.

thx,

Mike


-------------------------------------
Michael Schwartz
Gluu
Founder / CEO

Graham Klyne

unread,
Oct 11, 2013, 5:37:48 PM10/11/13
to uma...@googlegroups.com
Michael,
Eve,

Thanks for the pointers.  I'm still coming up to speed, but this does indeed look like a key part of what I'm looking for.  If it's near ready for some kicking of tyres, I'll try and schedule some evaluation time (from December onwards), and provide feedback.

Is there a good document introducing the terminology and key concepts?  Or should I stick with the core protocol internet-draft?  Right now, as I poke around, I feel as if there's a fair amount of tacit knowledge I'm not up to speed on.  I think I've got a fair sense of the 50000 foot view, but I get a bit lost as I try to zoom in on the next level of detail, which may be because I'm not attuned to the way things are described.

#g

Eve Maler

unread,
Oct 12, 2013, 5:49:31 PM10/12/13
to uma...@googlegroups.com
Hi again Graham-- The core protocol spec tries to do a careful and thorough job of explaining concepts, but it may not be everyone's cup of tea. :-) You can also check out the "UMA 101" slides and the FAQ, both linked off the main wiki page, and can certainly ask clarifying questions here. The Case Studies may also help because they constitute a series of concrete examples.

Eve

--
You received this message because you are subscribed to the Google Groups "User-Managed Access Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to uma-dev+u...@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

Graham Klyne

unread,
Oct 17, 2013, 5:04:50 AM10/17/13
to uma...@googlegroups.com
Hi Eve, Thanks.  I've snagged a copy for airplane reading.

#g
Reply all
Reply to author
Forward
0 new messages