Users in control of their data UMA

From IIW

Session Topic: Users Managed Access (UMA) (T2I)

Convener: Convener: Eve, Maciek, Lukas

Notes-taker(s):


Tags for the session - technology discussed/ideas considered:


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Introduction: reasons for user centric privacy management



Current situation: why UMA gives a better solution.



Digital identity management

Online social networking



Vendor relationship management

How to control your data





What is uma



A web protocol



UMA group



Introducing a new standardised solution





OAuth themes



Password anti-pattern



Access tokens





User managed access



Architecture and protocol



Uma players explanation: user, host, am, requested




Uma protocol steps



Trusting a token - OAuth workflow, host acting as a client




End point

s

Q: Who's reliable for the trust relationship?


A: You have to believe that host will use your AM



Two parties host and AM establish a relation.



Scenarios:

  • 
Alice to Alice sharing

  • Alice to Bob sharing
  • 
Alice to a company sharing



Mapping transactions and transparency of the protocol



Why avoidance of encryption is a design principle?



Trusting a token - establishing a trust relationship.

Requested application getting a token.



Accessing requested resource - token validation.



Smart AM - static layout



Defining available permissions by host.



Accessing a resource through requester





Issue of displaying permissions. Circles of trusts eg in small
business companies. Vertical data. Low assurance for web.



Restful policy making

I

n the open web. Making sure to get users simply and quickly.



Market different shares for different AMs




Architectural challenge:
separating hosting the data from authorising the data.



Good feature of triggering the workflow by users themselves. If one
user have access to e.g. particular folder he or she may also be
interested in accessing also other resources and asking the owner of
the data to grant them with access.



OAuth Leeloo and UMAj framework