This chapter covers
- User Managed Access (UMA), a protocol built on top of OAuth 2.0 for dynamic consent and policy management
- Health Relationship Trust (HEART), a profile of OAuth 2.0, OpenID Connect (OIDC), and UMA for healthcare-related scenarios
- International Government (iGov), a profile of OAuth 2.0 and OpenID Connect for government services
As you’ve seen by now, OAuth 2.0 is a powerful protocol, and it’s good at what it does: delegation of access rights and communication of that authorization across HTTP. OAuth can’t do many things on its own. If you need to go beyond what OAuth offers, it’s a valuable tool in the toolbox, but it’s not the only tool at your disposal. OAuth is a versatile building block in more complex systems.