What authorization framework does UMA (User Managed Access) specify for data access?

User Managed Access (UMA) specifies OAuth as its underlying authorization framework for data access. UMA builds upon OAuth to enable individuals to control the access to their resources using a more user-centric model. With UMA, resource owners can define and manage access policies for their data, allowing them to grant permissions to others without the need for direct involvement from the resource server.

This framework enhances the conventional OAuth model by adding layers that ensure not just access but also user empowerment over who can access their resources and how that access is granted. It allows users to manage permissions dynamically and remotely, ensuring that data access aligns with their preferences and policies.

While federated identity management, access control lists, and public key infrastructure are all significant concepts in the realm of access and security, they do not pertain to the specific framework established by UMA. They serve different roles in identity and access management but do not directly define the user-managed access concept as OAuth does in this context.