Users in control of their data UMA
Session Topic: Users Managed Access (UMA) (T2I)
Convener: Convener: Eve, Maciek, Lukas
Notes-taker(s):
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Introduction: reasons for user centric privacy management
Current situation: why UMA gives a better solution.
Digital identity management Online social networking
Vendor relationship management How to control your data
What is uma
A web protocol
UMA group
Introducing a new standardised solution
OAuth themes
Password anti-pattern
Access tokens
User managed access
Architecture and protocol
Uma players explanation: user, host, am, requested
Uma protocol steps
Trusting a token - OAuth workflow, host acting as a client
End point
s Q: Who's reliable for the trust relationship?
A: You have to believe that host will use your AM
Two parties host and AM establish a relation.
Scenarios:
- Alice to Alice sharing
- Alice to Bob sharing
- Alice to a company sharing
Mapping transactions and transparency of the protocol
Why avoidance of encryption is a design principle?
Trusting a token - establishing a trust relationship. Requested application getting a token.
Accessing requested resource - token validation.
Smart AM - static layout
Defining available permissions by host.
Accessing a resource through requester
Issue of displaying permissions. Circles of trusts eg in small
business companies. Vertical data. Low assurance for web.
Restful policy making I
n the open web. Making sure to get users simply and quickly.
Market different shares for different AMs
Architectural challenge:
separating hosting the data from authorising the data.
Good feature of triggering the workflow by users themselves. If one user have access to e.g. particular folder he or she may also be interested in accessing also other resources and asking the owner of the data to grant them with access.
OAuth Leeloo and UMAj framework