Privacy – Preserving Accessibility Support with UMA andGPII

From IIW
Jump to: navigation, search

Session Topic:Privacy-Preserving Accessibility Support with GPII and UMA

Wednesday 2I

Convener: Keith Hazelton

Notes-taker(s): Keith Hazelton

The Global Public Inclusive Infrastructure ( is a well-funded and internationally-scoped initiative "to ensure that everyone who faces accessibility barriers due to disability, literacy, digital literacy, or aging, regardless of economic resources, can access and use the Internet and all its information, communities, and services for education, employment, daily living, civic participation, health, and safety."

GPII has adopted a solution to one of the key challenges: Coming up with an range of issues mentioned in their vision statement. ISO/IEC 24751 parts 1- 3, "Individualized adaptability and accessibility in e-learning, education and training". Also known as "Access4All". There is also a defined set of accessibility metadata that is able to express a RESOURCE'S ability to match the needs and preferences of a user. For more, see

One of the challenges to this vision is that by its very nature, the user has quite high stakes in properly controlling the release of accessibility needs and preferences information. This is a classic case where unlinkability is a requirement. I don't necessarily want health insurance companies or prospective employers to have a complete dossier on my accessibility issues.

Here's where User-Managed Access (UMA) comes in. UMA is a profile of OAuth 2.0 that allows a user to specify conditions under which their resources (in this case, their needs and preference information set) are released to relying parties.

Discussion: A pilot is under development under the auspices of the Scalable Privacy project (one of the first round NSTIC awards) using the GLUU UMA stack. Bjorn Annestad of UnboundID spoke of the OAuth 2.0 support in their products. They treat consent as a prime condition of access by an OAuth 2.0 requesting party/client.

Debbie Bucci of the HHS ONC explored the parallels between the notion of segmentation of electronic health records under active discussion in her world and the notion of context-relevant subsets of one's accessibility needs and preferences. The solutions being explored in the scalable privacy pilot of UMA for GPII are relevant models. Collaboration should ensue.

Diagrams and other materials relevant to the topics of this session are available at http://tinyurl/uma4all