User-Managed Access (UMA) Intro & News

From IIW

User-Managed Access (UMA) Intro & News

Tuesday 3A

Convener: Eve Maler, Judith Bush

Notes-taker(s): Eve Maler

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

User Managed Access, Working of Group of Kantara. 1.0 is released. 1.01 is in development.

  • User Managed Access, builds on OAuth
  • The concept of a person controlling access to their data and information.
  • OAuth2 has much of the UMQA architecture in place.
  • UMA contributes to a relationship of trust.
  • Privacy is:
    • Context – The right moment to make the decision to share
    • Control – The ability to share just the right amount….
    • Choice – True ability to say no and to change one’s mind….
    • Respect – Regard for one’s wishes and perspectives
  • BLT – Business Legal Technical
    • BLT – Bourbon Lemon Tonic
  • Business Case of Bob, a web site operator, is in the slides
    • Privacy goals vs. reality
    • Transparency and controls
    • Aspiration vs. risk mitigation
    • Digital consent - Taking UMA from concept to reality
    • Post compliance consent tools only take us so far
  • An IAPP salary survey from two years ago identified that the Privacy Professional reports up to the Legal function in many companies, so interests are not necessarily aligned with people who are interacting with the business
  • Smart TVs – Samsung – sending voice to a third party… nuanced communications, fear….
  • UMA has a Legal subgroup now….
    • Impose a promise on embargo on data for time or a purpose of use
  • Uma is trying to make the hard way easier….
  • Proactive sharing - delegation to others use case
  • A “Share” button
  • The new Venn of access control and consent
    • OIDX
    • OAUTH
    • UMA
  • Ran through an example of connecting your Fidelity account to your Tax account
    • Authorize your tax accountant to see your Fidelity account.
  • Ran through a “view my paycheck service”
    • A pending request to extend it.
  • Delegation is more important than permission
  • Once you release data, it is out there


Raw audio file of session here:

https://www.dropbox.com/s/cqyn4eczaerjrw8/Voice%20009.m4a?dl=0

Introduction to UMA page:

http://www.kantarainitiative.org/confluence/display/uma/Introduction+to+UMA

UMA Implementations page:

http://www.kantarainitiative.org/confluence/display/uma/UMA+Implementations

UMA Case Studies page:

http://www.kantarainitiative.org/confluence/display/uma/Case+Studies

UMA Developer Resources WG page:   http://www.kantarainitiative.org/confluence/display/umadev/Home

UMA V1.0.1 Public Review draft specs (review closes Monday Nov 2):   https://www.docs.kantarainitiative.org/uma/draft-uma-core-v1_0_1.html   https://www.docs.kantarainitiative.org/uma/draft-oauth-resource-reg-v1_0_1.html

Release notes for UMA V1.0.1:

http://www.kantarainitiative.org/confluence/display/uma/UMA+Release+Notes