Explain it Like I'm 5: OAuth2 & UMA

This entry is the first in a mini-series, where I will attempt to explain some relatively complex terms and flows in the identity and access management space, in a way a 5 year could understand.


First up is OAuth2 and User Managed Access or UMA, a powerful federated authorization flow that sits on top of OAuth2.

Explain it like I’m 5: OAuth2

OAuth2 allows people to share data and things with other services that can access that data on their behalf.  For example, an individual might want to allow a photo printing service access to a few pictures from an album stored on a picture hosting service.

Explain it like I’m 5: Resource Server

The resource server is the service or application that holds the data or object that needs sharing.  For example, this could be the picture hosting site that stores the taken pictures.

Explain it like I’m 5: Resource Owner

The resource owner is the person who has the say on who can retrieve data from the resource server.  For example, this could be the user who took the pictures and uploaded them to the hosting service.

Explain it like I’m 5: Authorization Server

The authorization server is the security system that allows the resource owner to grant access to the data or objects stored on the resource server to the application or service.  In continuing the example of the picture hosting, it’s likely the hosting service itself would be the authorization server.

Explain it like I’m 5: Client

The client is the application that wants to gain access to the data on the resource server.  So in the continuing example, the the picture printing service would be the client.

Explain it like I’m 5: UMA

UMA allows the sharing of feed of data to multiple different 3rd parties, all from different places.  
For example, wanting to share pictures with not only 3rd party services to act on the resource owner’s behalf, but also to other trusted individuals, who can perhaps store those pictures in their store and print them using their own printing service selection.