User-Managed Access (UMA) Intro & News
User-Managed Access (UMA) Intro & News
Tuesday 3A
Convener: Eve Maler, Judith Bush
Notes-taker(s): Eve Maler
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
User Managed Access, Working of Group of Kantara. 1.0 is released. 1.01 is in development.
- User Managed Access, builds on OAuth
- The concept of a person controlling access to their data and information.
- OAuth2 has much of the UMQA architecture in place.
- UMA contributes to a relationship of trust.
- Privacy is:
- Context – The right moment to make the decision to share
- Control – The ability to share just the right amount….
- Choice – True ability to say no and to change one’s mind….
- Respect – Regard for one’s wishes and perspectives
- BLT – Business Legal Technical
- BLT – Bourbon Lemon Tonic
- Business Case of Bob, a web site operator, is in the slides
- Privacy goals vs. reality
- Transparency and controls
- Aspiration vs. risk mitigation
- Digital consent - Taking UMA from concept to reality
- Post compliance consent tools only take us so far
- An IAPP salary survey from two years ago identified that the Privacy Professional reports up to the Legal function in many companies, so interests are not necessarily aligned with people who are interacting with the business
- Smart TVs – Samsung – sending voice to a third party… nuanced communications, fear….
- UMA has a Legal subgroup now….
- Impose a promise on embargo on data for time or a purpose of use
- Uma is trying to make the hard way easier….
- Proactive sharing - delegation to others use case
- A “Share” button
- The new Venn of access control and consent
- OIDX
- OAUTH
- UMA
- Ran through an example of connecting your Fidelity account to your Tax account
- Authorize your tax accountant to see your Fidelity account.
- Ran through a “view my paycheck service”
- A pending request to extend it.
- Delegation is more important than permission
- Once you release data, it is out there
Raw audio file of session here:
https://www.dropbox.com/s/cqyn4eczaerjrw8/Voice%20009.m4a?dl=0
Introduction to UMA page:
http://www.kantarainitiative.org/confluence/display/uma/Introduction+to+UMA
UMA Implementations page:
http://www.kantarainitiative.org/confluence/display/uma/UMA+Implementations
UMA Case Studies page:
http://www.kantarainitiative.org/confluence/display/uma/Case+Studies
UMA Developer Resources WG page: http://www.kantarainitiative.org/confluence/display/umadev/Home
UMA V1.0.1 Public Review draft specs (review closes Monday Nov 2): https://www.docs.kantarainitiative.org/uma/draft-uma-core-v1_0_1.html https://www.docs.kantarainitiative.org/uma/draft-oauth-resource-reg-v1_0_1.html
Release notes for UMA V1.0.1:
http://www.kantarainitiative.org/confluence/display/uma/UMA+Release+Notes