Uma sec council_june_22_v4

2,115 views

Published on

UMA at Oracle Community for Security (Italy)

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,115
On SlideShare
0
From Embeds
0
Number of Embeds
1,735
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Uma sec council_june_22_v4

  1. 1. Take control of your Personal Data User-Managed Access (UMA) Domenico Catalano 22 June 2012 1Wednesday, June 27, 12
  2. 2. Agenda Today’s Challenges UMA Concepts and Benefits Use cases SmartAM.org Project Trust Model Q&A 2Wednesday, June 27, 12
  3. 3. Digital life “Everything you do in life leads to a digital slime trail" Boudreau, J. (2011, July 7). Pondering effects of the data deluge. The Los Angeles Times. 3Wednesday, June 27, 12
  4. 4. Today’s Challenges • Social Network • Emerging Personal Cloud, PDS • Participatory Personal data 4Wednesday, June 27, 12
  5. 5. Data Sharing in the Internet Are you in Control of your Personal Data? What do People Share online? http://iservice-europa.eu/dataprotectionreform_infographic/ 5Wednesday, June 27, 12
  6. 6. Emerging Personal Data Store A Cloud Service for storing personal life bits Under the complete control of an individual Provide portability of personal data across PDS http://www.ftc.gov/bcp/workshops/privacyroundtables/personalDataEcosystem.pdf 6Wednesday, June 27, 12
  7. 7. Participatory Personal Data • Participatory personal data refers to aggregation of representations of measurements collected by people, about people. • These data are part of a coordinated activity; • Captured, processed, analyzed, displayed and shared. Participatory Personal Data: An Emerging Research Challenge for the Information Sciences 7Wednesday, June 27, 12
  8. 8. Agenda Introduction and Business Driver UMA Concepts and Benefits Use cases SmartAM.org Project Trust Model Q&A 8Wednesday, June 27, 12
  9. 9. Privacy is not about secrecy“ The goal of a flexible, user-centric identity management infrastructure must be to allow the user to quickly determine what information will be revealed to which parties and for what purposes, how trustworthy those parties are and how they will handle the information, and what the consequences of sharing their information will be” – Ann Cavoukian, Information and Privacy Commissioner of Ontario, Privacy in the Clouds paper It’s about context, control, choice, and respect 9Wednesday, June 27, 12
  10. 10. UMA enables you to manage sharing and protect access from a single hub 10Wednesday, June 27, 12
  11. 11. UMA enables you to manage sharing and protect access from a single hub Historical Biographical Reputation Vocational Artistic/user-generated Social Location/geolocation Computational Genealogical Biological/health Legal ... 10Wednesday, June 27, 12
  12. 12. UMA enables I want to share this stuff selectively! you to manage •Among my own apps •With family and friends sharing and •With organizations protect access from a single hub Historical Biographical Reputation Vocational Artistic/user-generated Social Location/geolocation Computational Genealogical Biological/health Legal ... 10Wednesday, June 27, 12
  13. 13. UMA enables I want to share this stuff selectively! you to manage •Among my own apps •With family and friends sharing and •With organizations protect access from a single I want to protect this stuff from being seen by hub everyone in the world! Historical Biographical Reputation Vocational Artistic/user-generated Social Location/geolocation Computational Genealogical Biological/health Legal ... 10Wednesday, June 27, 12
  14. 14. UMA is... • A web protocol that lets you control access by anyone to all your online stuff from one place • A set of draft specifications, free for anyone to implement • Undergoing multiple implementation efforts • A Work Group of the Kantara Initiative, free for anyone to join and contribute to • Simple, OAuth-based, identifier-agnostic, RESTful, modular, generative, and developed rapidly • Contributed to the IETF for consideration: draft-hardjono-oauth-umacore • Currently undergoing interop testing and increased OpenID Connect integration tinyurl.com/umawg 11Wednesday, June 27, 12
  15. 15. UMA and Privacy Controls benefits 12Wednesday, June 27, 12
  16. 16. UMA and Privacy Controls benefits •Subject registers the resource which is collecting the personal data with a centralized Authorization Manager. •It allows to maintain a centralized view of what data is being collected. 12Wednesday, June 27, 12
  17. 17. UMA and Privacy Controls benefits •Subject registers the resource which is collecting the personal data with a centralized Authorization Manager. •It allows to maintain a centralized view of what data is being collected. •Individuals are an active part of defining the how the personal information will be handled in the data sharing process. •A sharing policy (or connection) defines for what purposes personal data is shared. •Possibility to disable or cancel any connection at any time. 12Wednesday, June 27, 12
  18. 18. UMA and Privacy Controls benefits •Subject registers the resource which is collecting the personal data with a centralized Authorization Manager. •It allows to maintain a centralized view of what data is being collected. •Individuals are an active part of defining the how the personal information will be handled in the data sharing process. •A sharing policy (or connection) defines for what purposes personal data is shared. •Possibility to disable or cancel any connection at any time. •Policy Enforcement Point at Host site allows to intercept any request to access to personal data. •Explicit User consent. •Trusted Claims allow to discriminate the Requesting Party. 12Wednesday, June 27, 12
  19. 19. Maintain control on Information that will be revealed Prof Class University Business Friend Personal Data Collab Professional MySelf ProjectA Self-Registration MySelf Human Interface study for SmartAM at Newcastle University 13Wednesday, June 27, 12
  20. 20. Protecting electronic health records Hospital Laboratory Research Partner AM Contact Center Diagnostic Healthcare Provider EHRs need high security and third-party access and dynamic introduction of parties. Patient http://www.projecthdata.org/ 14Wednesday, June 27, 12
  21. 21. Agenda Introduction and Business Driver UMA Concepts and Benefits Use cases SmartAM Project Trust Model Q&A 15Wednesday, June 27, 12
  22. 22. SmartAM Project • User-Managed Access in Higher Education - Project conducted at Newcastle University. • Reference UMA Implementation in Java. • Smart Authorization Manager. • UMA/j and PUMA (Python) framework for building UMA-enabled application. • To be deployed at Newcastle and integrated with UK Federation. • https://smartjisc.wordpress.com 16Wednesday, June 27, 12
  23. 23. The SMARTAM project See also the SMARTAM implementation FAQ tinyurl.com/umawg 17Wednesday, June 27, 12
  24. 24. The SMARTAM project The “Polish Gang of Four”...plus one See also the SMARTAM implementation FAQ tinyurl.com/umawg 17Wednesday, June 27, 12
  25. 25. Agenda Introduction and Business Driver UMA Concepts and Benefits Use cases SmartAM.org Project Trust Model Q&A 18Wednesday, June 27, 12
  26. 26. Trust in a distributed Authorization System Build a trusted ecosystem among UMA Trust Model Individual, Service http://tinyurl/umatrust Providers and Requester services. Requester (on behalf of Requesting Party) Access Host Authorizing User Au ct tho ote ri z Pr e AM 19Wednesday, June 27, 12
  27. 27. Trust in a distributed Authorization System Build a trusted ecosystem among UMA Trust Model Individual, Service http://tinyurl/umatrust Providers and Requester services. Requester (on behalf of Requesting Party) Access Host Authorizing User Au ct tho ote ri z Pr Registration e AM Trustworthiness Accreditation System 19Wednesday, June 27, 12
  28. 28. Trust in a distributed Authorization System Build a trusted ecosystem among UMA Trust Model Individual, Service http://tinyurl/umatrust Providers and Requester services. Requester (on behalf of Requesting Party) Access Host Authorizing User Au ct tho ote ri z Pr Registration e Trusted Claims Identity Assurance AM Trustworthiness Trust Framework Accreditation System ISO 29115 19Wednesday, June 27, 12
  29. 29. Trust in a distributed Authorization System Trust Chain Build a trusted ecosystem among UMA Trust Model Individual, Service http://tinyurl/umatrust Providers and Requester Delegation services. Requester (on behalf of Requesting Party) Access Host Authorizing User Au ct tho ote ri z Pr Registration e Trusted Claims Identity Assurance AM Trustworthiness Trust Framework Accreditation System ISO 29115 19Wednesday, June 27, 12
  30. 30. Thanks Become an UMAnitarian! Thanks to Eve Maler and Maciej Machulak for their assistance 20Wednesday, June 27, 12

×