Users in control of their data UMA

Session Topic: Users Managed Access (UMA) (T2I)

Convener: Convener: Eve, Maciek, Lukas

Notes-taker(s):

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Introduction: reasons for user centric privacy management

Current situation: why UMA gives a better solution.

Digital identity management  Online social networking

Vendor relationship management  How to control your data

What is uma

A web protocol

UMA group

Introducing a new standardised solution

OAuth themes

Password anti-pattern

Access tokens

User managed access

Architecture and protocol

Uma players explanation: user, host, am, requested

Uma protocol steps

Trusting a token - OAuth workflow, host acting as a client

End point

s Q: Who's reliable for the trust relationship?

A: You have to believe that host will use your AM

Two parties host and AM establish a relation.

Scenarios:
 * Alice to Alice sharing
 * Alice to Bob sharing
 * Alice to a company sharing

Mapping transactions and transparency of the protocol

Why avoidance of encryption is a design principle?

Trusting a token - establishing a trust relationship. Requested application getting a token.

Accessing requested resource - token validation.

Smart AM - static layout

Defining available permissions by host.

Accessing a resource through requester

Issue of displaying permissions. Circles of trusts eg in small business companies. Vertical data. Low assurance for web.

Restful policy making  I

n the open web. Making sure to get users simply and quickly.

Market different shares for different AMs

Architectural challenge: separating hosting the data from authorising the data.

Good feature of triggering the workflow by users themselves. If one user have access to e.g. particular folder he or she may also be interested in accessing also other resources and asking the owner of the data to grant them with access.

OAuth Leeloo and UMAj framework