Your SlideShare is downloading. ×
0
User-Managed Access: key to
Life Management Platform
Domenico Catalano, Oracle Italy	

Maciej Machulak, Cloud Identity Lim...
Agenda
Personal Data and EmergingTrends	

Life Management Platforms	

UMA Concepts	

Use Cases	

Demo	

Q&A
2
3
What is Personal Data…
Personal Data is the Life Blood of
the Information Age
3
What is Personal Data…
Personal Data is the Life Blood of
the Information Age
3
Personal Data is the New “Oil of
the Internet”
What is Personal D...
Personal Data is the Life Blood of
the Information Age
3
Personal Data is the New “Oil of
the Internet”
Personal Data is t...
Personal Data and new forms of
economic and social value
4
Big Data
Explosive growth
of Personal
Data
New forms
of economi...
How to measure the value of
Personal Data
•Market capitalization	

•Revenue per record/user	

•Market Price	

•Cost of dat...
Externalities: Socio-economic
impact
•Personal data to avoid duplicative testing/
misdiagnosis, etc., in healthcare.
6
Ele...
Risks about Personal Data
7
Individual Organization
“72% of European citizens are concerned that their personal data may b...
Challenges to mitigate Risks
• Protection and Security
‣ New approaches for decentralized and distributed network environm...
Personal Data Ecosystem
Emerging Trends: Data Lockers
9
Personal
Data Store
Personal Clouds
Life Management Platforms
Nati...
Life Management Platforms
10
Life Management Platforms
•The concept of Life Management Platforms
(LMPs) was introduced in 2012 by Kuppinger-
Cole.
10
Life Management Platforms
•The concept of Life Management Platforms
(LMPs) was introduced in 2012 by Kuppinger-
Cole.
•LMP...
Life Management Platforms
•The concept of Life Management Platforms
(LMPs) was introduced in 2012 by Kuppinger-
Cole.
•LMP...
Life Management Platform: Key
features
11
AccessLMP
Requesting	

Party
Data	

Stores
Data	

Control
Informed Pull
Controll...
Life Management Platform: Key
features
11
AccessLMP
Requesting	

Party
Data	

Stores
Data	

Control
Informed Pull
Controll...
Life Management Platform: Key
features
11
AccessLMP
Requesting	

Party
Data	

Stores
Data	

Control
Informed Pull
Controll...
Life Management Platform: Key
features
11
AccessLMP
Requesting	

Party
Data	

Stores
Data	

Control
Informed Pull
Controll...
Life Management Platform: Key
features
11
AccessLMP
Requesting	

Party
Data	

Stores
Data	

Control
Informed Pull
Controll...
User-Managed Access (UMA)
UMA defines how an individual can control
protected-resource access by clients operated by
arbitr...
tinyurl.com/umawg
UMA is...
• A web protocol that lets you control access by anyone to
all your online stuff from one plac...
UMA Architecture
14
User-Managed Access for LMP
15
AccessLMP
Requesting	

Party
Data	

Stores
Data	

Control
Informed Pull
Controlled Push
Dat...
User-Managed Access for LMP
15
LMP Requesting	

Party
Data	

Stores
Bank
healthcare
Home
Car
User-Managed Access for LMP
15
LMP Requesting	

Party
Data	

Stores
Bank
healthcare
Home
Car
Resource	

Owner
Client
UMA AS
User-Managed Access for LMP
15
LMP Requesting	

Party
Data	

Stores
Bank
healthcare
Home
Car
Resource	

Owner
Client
manag...
User-Managed Access for LMP
15
LMP Requesting	

Party
Data	

Stores
Bank
healthcare
Home
Car
Resource	

Owner
Client
manag...
User-Managed Access for LMP
15
LMP Requesting	

Party
Data	

Stores
Bank
healthcare
Home
Car
Resource	

Owner
Client
manag...
UMA for LMP Use Cases
•Personal Loan (Informed Pull)	

•CV Sharing (Controlled Push)
16
UMA for LMP Use Case:
Informed Pull
•An Individual issues a request for information (RFI) to
a group of financial services ...
Informed Pull Model
18
LMP Financial	

Service
Bank
Credit Score
!
Request for Information
!
Authorize/Access
!
Offer
!
UM...
Life Connections Request
www.uma4lmp.com/am/informed_pull
Life Management Platform
Life ApplicationsRequest for Informatio...
Life Connections Request
www.uma4lmp.com/am/informed_pull
Life Management Platform
Life ApplicationsRequest for Informatio...
Life Connections Request
www.uma4lmp.com/am/informed_pull
Life Management Platform
Life ApplicationsRequest for Informatio...
Life Connections Request
www.uma4lmp.com/am/informed_pull
Life Management Platform
Life ApplicationsRequest for Informatio...
Life Connections Request
www.uma4lmp.com/am/informed_pull
Life Management Platform
Life ApplicationsRequest for Informatio...
Life Connections Request
www.uma4lmp.com/am/informed_pull
Life Management Platform
Life ApplicationsRequest for Informatio...
Life Connections Request
www.uma4lmp.com/am/informed_pull
Life Management Platform
Life ApplicationsRequest for Informatio...
UMA4LMP: Informed Pull
20
Personal Loan App Results
www.uma4lmp.com/am/informed_pull
Life Management Platform
Vendor
10.00...
UMA4LMP: Informed Pull
20
Personal Loan App Results
www.uma4lmp.com/am/informed_pull
Life Management Platform
Vendor
10.00...
UMA for LMP Use Case:
Controlled Push
•A student interacts with online job
application system.	

•Student shares their exa...
UMA4LMP: Controlled Push
22
UMA4LMP: Controlled Push
23
UMA4LMP: Controlled Push
24
Student, Job Seeker
UMA4LMP: Controlled Push
25
Student, Job Seeker
Employer
26
DEMO
Why UMA
•UMA provides a new approach to protect personal
information in a decentralized and distributed network.	

•UMA pr...
Benefits of UMA applied to LMP
28
Authorize
Client Resource
Server
Authorization
Server
Protect
Access
(on behalf of
Reques...
Benefits of UMA applied to LMP
28
Authorize
Client Resource
Server
Authorization
Server
Protect
Access
(on behalf of
Reques...
Benefits of UMA applied to LMP
28
Authorize
Client Resource
Server
Authorization
Server
Protect
Access
(on behalf of
Reques...
Benefits of UMA applied to LMP
28
Authorize
Client Resource
Server
Authorization
Server
Protect
Access
(on behalf of
Reques...
Benefits of UMA applied to LMP
28
Authorize
Client Resource
Server
Authorization
Server
Protect
Access
(on behalf of
Reques...
Benefits of UMA applied to LMP
28
Authorize
Client Resource
Server
Authorization
Server
Protect
Access
(on behalf of
Reques...
Questions?
29
30
Eve L. Maler	

UMA WG Chair	

emaler@forrester.com	

!
Thomas Hardjono	

UMA WG Specification Editor	

hardjono@mit.edu	...
Thanks!
31
@UMAWG	

tinyurl.com/umawg |tinyurl.com/umafaq
Upcoming SlideShare
Loading in...5
×

User-Access Manager: Key to Life Management Platform

1,187

Published on

User-Access Manager: Key to Life Management Platform presentation at European Identity Conference (EIC) 2014. http://www.id-conf.com/sessions/1268

Published in: Internet, Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,187
On Slideshare
0
From Embeds
0
Number of Embeds
29
Actions
Shares
0
Downloads
21
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Transcript of "User-Access Manager: Key to Life Management Platform"

  1. 1. User-Managed Access: key to Life Management Platform Domenico Catalano, Oracle Italy Maciej Machulak, Cloud Identity Limited European Identity Conference 2014 1
  2. 2. Agenda Personal Data and EmergingTrends Life Management Platforms UMA Concepts Use Cases Demo Q&A 2
  3. 3. 3 What is Personal Data…
  4. 4. Personal Data is the Life Blood of the Information Age 3 What is Personal Data…
  5. 5. Personal Data is the Life Blood of the Information Age 3 Personal Data is the New “Oil of the Internet” What is Personal Data…
  6. 6. Personal Data is the Life Blood of the Information Age 3 Personal Data is the New “Oil of the Internet” Personal Data is the new currency What is Personal Data…
  7. 7. Personal Data and new forms of economic and social value 4 Big Data Explosive growth of Personal Data New forms of economic and social value Quantity and quality Mobile Computing Social Networking Internet of THINGS
  8. 8. How to measure the value of Personal Data •Market capitalization •Revenue per record/user •Market Price •Cost of data breach •Pay to protect 5 Streat address Data of Birth Social Number Military record 0 10 20 30 40 Source: OECD (2013),“Exploring the Economics of Personal Data:A Survey of Methodologies for Measuring MonetaryValue” $112 per user record USD 1.7 per record Data breach cost $171M USD
  9. 9. Externalities: Socio-economic impact •Personal data to avoid duplicative testing/ misdiagnosis, etc., in healthcare. 6 Electronic Health Record Financial BenefitsPatientValue SocialValue Improved treatment Reduced Cost research into new drugs, improved medical protocols Source: OECD (2013),“Exploring the Economics of Personal Data:A Survey of Methodologies for Measuring MonetaryValue”
  10. 10. Risks about Personal Data 7 Individual Organization “72% of European citizens are concerned that their personal data may be misused…” Individuals have little visibility into the practices of the organizations they are putting their trust in – until their data is breached or misused. EU commission survey 2012 Risks: Loss of Trust Personal Data …t e n s i o n…
  11. 11. Challenges to mitigate Risks • Protection and Security ‣ New approaches for decentralized and distributed network environment. • Accountability ‣ Who has data about you? Where is the data about you located? • Right and Responsibility for using personal data ‣ New approaches that help individuals understand how and when data is collected. ‣ How the data is being used and the implications of these actions. ‣ Empower individual more effectively and efficiently. ‣ Context aware. 8 Source:World Economic Forum 2013 Report: Unlocking theValue of Personal Data: From Collection to Usage
  12. 12. Personal Data Ecosystem Emerging Trends: Data Lockers 9 Personal Data Store Personal Clouds Life Management Platforms Native Data Store App App Informed Pull Controlled Push
  13. 13. Life Management Platforms 10
  14. 14. Life Management Platforms •The concept of Life Management Platforms (LMPs) was introduced in 2012 by Kuppinger- Cole. 10
  15. 15. Life Management Platforms •The concept of Life Management Platforms (LMPs) was introduced in 2012 by Kuppinger- Cole. •LMP allows individual to consolidate all relevant data from life, e.g. bank account information, insurance information, health information, etc. 10
  16. 16. Life Management Platforms •The concept of Life Management Platforms (LMPs) was introduced in 2012 by Kuppinger- Cole. •LMP allows individual to consolidate all relevant data from life, e.g. bank account information, insurance information, health information, etc. •The platform concept provides the tools to manage the essential information of every person’s life and making it usable for other parties. 10
  17. 17. Life Management Platform: Key features 11 AccessLMP Requesting Party Data Stores Data Control Informed Pull Controlled Push Data Sharing Policy Individual ControlBank healthcare Home Car
  18. 18. Life Management Platform: Key features 11 AccessLMP Requesting Party Data Stores Data Control Informed Pull Controlled Push Data Sharing Policy Individual ControlBank healthcare Home Car Secure Store of Information
  19. 19. Life Management Platform: Key features 11 AccessLMP Requesting Party Data Stores Data Control Informed Pull Controlled Push Data Sharing Policy Individual ControlBank healthcare Home Car Secure Store of Information Information control remains with Individual
  20. 20. Life Management Platform: Key features 11 AccessLMP Requesting Party Data Stores Data Control Informed Pull Controlled Push Data Sharing Policy Individual ControlBank healthcare Home Car Secure Store of Information Information control remains with Individual Granular Access Control for Data
  21. 21. Life Management Platform: Key features 11 AccessLMP Requesting Party Data Stores Data Control Informed Pull Controlled Push Data Sharing Policy Individual ControlBank healthcare Home Car Secure Store of Information Advanced Data Sharing Models Information control remains with Individual Granular Access Control for Data
  22. 22. User-Managed Access (UMA) UMA defines how an individual can control protected-resource access by clients operated by arbitrary requesting parties, where the resources reside on any number of resource servers, and where a centralized authorization server governs access based on individual policy. 12
  23. 23. tinyurl.com/umawg UMA is... • A web protocol that lets you control access by anyone to all your online stuff from one place • A set of draft specifications, free for anyone to implement • Undergoing multiple implementation efforts • A Work Group of the Kantara Initiative, free for anyone to join and contribute to • Simple, OAuth-based, identifier-agnostic, RESTful, modular, generative, and developed rapidly • Contributed to the IETF for consideration:
 draft-hardjono-oauth-umacore • Currently undergoing interop testing and increased OpenID Connect integration 13
  24. 24. UMA Architecture 14
  25. 25. User-Managed Access for LMP 15 AccessLMP Requesting Party Data Stores Data Control Informed Pull Controlled Push Data Sharing Policy Individual ControlBank healthcare Home Car
  26. 26. User-Managed Access for LMP 15 LMP Requesting Party Data Stores Bank healthcare Home Car
  27. 27. User-Managed Access for LMP 15 LMP Requesting Party Data Stores Bank healthcare Home Car Resource Owner Client UMA AS
  28. 28. User-Managed Access for LMP 15 LMP Requesting Party Data Stores Bank healthcare Home Car Resource Owner Client manage control protect UMA AS
  29. 29. User-Managed Access for LMP 15 LMP Requesting Party Data Stores Bank healthcare Home Car Resource Owner Client manage consentcontrol protect negotiate manage UMA AS
  30. 30. User-Managed Access for LMP 15 LMP Requesting Party Data Stores Bank healthcare Home Car Resource Owner Client manage consentcontrol protect authorize negotiate manage access UMA AS
  31. 31. UMA for LMP Use Cases •Personal Loan (Informed Pull) •CV Sharing (Controlled Push) 16
  32. 32. UMA for LMP Use Case: Informed Pull •An Individual issues a request for information (RFI) to a group of financial services to obtain the best offer for a personal loan. •Life Connections represent the Individual’s Personal Information requested (i.e Bank Account and Credit Score), for issuing the RFI, protected by UMA AS. •LMP provides the Apps for typical Life events (i.e. Personal Loan Request). 17
  33. 33. Informed Pull Model 18 LMP Financial Service Bank Credit Score ! Request for Information ! Authorize/Access ! Offer ! UMA-Enabled Loan App
  34. 34. Life Connections Request www.uma4lmp.com/am/informed_pull Life Management Platform Life ApplicationsRequest for Information UMA4LMP: Informed Pull 19 Home Bank Healthcare Car Credit Score Loan Application healthcare Insurance Drag request template here
  35. 35. Life Connections Request www.uma4lmp.com/am/informed_pull Life Management Platform Life ApplicationsRequest for Information UMA4LMP: Informed Pull 19 Home Bank Healthcare Car Credit Score Loan Application healthcare Insurance
  36. 36. Life Connections Request www.uma4lmp.com/am/informed_pull Life Management Platform Life ApplicationsRequest for Information UMA4LMP: Informed Pull 19 Home Bank Healthcare Car Credit Score healthcare Insurance + + Bank Account Credit Score Personal Information Request Info Loan amount: Period: Data sharing Policy Claim-based authorization Validity: Cancel Run NowSave as Template Data Purpose: / / Requesting Party Marketing related use Only for this request
  37. 37. Life Connections Request www.uma4lmp.com/am/informed_pull Life Management Platform Life ApplicationsRequest for Information UMA4LMP: Informed Pull 19 Home Bank Healthcare Car Credit Score healthcare Insurance + + Bank Account Credit Score Personal Information Request Info Loan amount: Period: Data sharing Policy Claim-based authorization Validity: OnlineBank.com Shareable Bank Account Privacy impact: Medium Data Access: Read View Data Cancel Run NowSave as Template Data Purpose: / / Requesting Party Marketing related use Only for this request
  38. 38. Life Connections Request www.uma4lmp.com/am/informed_pull Life Management Platform Life ApplicationsRequest for Information UMA4LMP: Informed Pull 19 Home Bank Healthcare Car Credit Score healthcare Insurance + + Bank Account Credit Score Personal Information Request Info Loan amount: Period: Data sharing Policy Claim-based authorization Validity: Cancel Run NowSave as Template Data Purpose: / / Requesting Party Marketing related use Only for this request
  39. 39. Life Connections Request www.uma4lmp.com/am/informed_pull Life Management Platform Life ApplicationsRequest for Information UMA4LMP: Informed Pull 19 Home Bank Healthcare Car Credit Score healthcare Insurance + + Bank Account Credit Score Personal Information Request Info Loan amount: Period: Data sharing Policy Claim-based authorization Validity: Cancel Run NowSave as Template Data Purpose: / / Requesting Party Marketing related use Only for this request
  40. 40. Life Connections Request www.uma4lmp.com/am/informed_pull Life Management Platform Life ApplicationsRequest for Information UMA4LMP: Informed Pull 19 Home Bank Healthcare Car Credit Score healthcare Insurance + + Bank Account Credit Score Personal Information Request Info Loan amount: Period: Data sharing Policy Claim-based authorization Validity: 10000 24 Cancel Run NowSave as Template Data Purpose: / / Requesting Party Marketing related use Only for this request
  41. 41. UMA4LMP: Informed Pull 20 Personal Loan App Results www.uma4lmp.com/am/informed_pull Life Management Platform Vendor 10.000 10.000 Interest Rates View details View details View details6.00% 5.30% 10.000 5.25% OnlineLoan.com 5.1% View details Bestloan.com FinancialOne.com 10.000 10.000 Amount ConsumerBank.com 6.70% Details View detailsCreditMarket.com
  42. 42. UMA4LMP: Informed Pull 20 Personal Loan App Results www.uma4lmp.com/am/informed_pull Life Management Platform Vendor 10.000 10.000 Interest Rates View details View details View details6.00% 5.30% 10.000 5.25% OnlineLoan.com 5.1% View details Bestloan.com FinancialOne.com 10.000 10.000 Amount ConsumerBank.com 6.70% Details View detailsCreditMarket.com
  43. 43. UMA for LMP Use Case: Controlled Push •A student interacts with online job application system. •Student shares their exam marks, certificates references, etc. •Data is stored at their various Higher Education institution. •Employers can ask for additional information to be provided during the application process. 21
  44. 44. UMA4LMP: Controlled Push 22
  45. 45. UMA4LMP: Controlled Push 23
  46. 46. UMA4LMP: Controlled Push 24 Student, Job Seeker
  47. 47. UMA4LMP: Controlled Push 25 Student, Job Seeker Employer
  48. 48. 26 DEMO
  49. 49. Why UMA •UMA provides a new approach to protect personal information in a decentralized and distributed network. •UMA provides a new way to create a trust relationship in a distributed environment. •UMA provides a new way to control of what is happening to personal data. •UMA provides a new way to help individuals understand how personal data is used. 27
  50. 50. Benefits of UMA applied to LMP 28 Authorize Client Resource Server Authorization Server Protect Access (on behalf of Requesting Party) Resource Owner Protection and Security Accountability Right and Responsibility for using personal data
  51. 51. Benefits of UMA applied to LMP 28 Authorize Client Resource Server Authorization Server Protect Access (on behalf of Requesting Party) Resource Owner Individual protects the distributed resource which is collecting the personal data with a centralized Authorization Server. Protection and Security Accountability Right and Responsibility for using personal data
  52. 52. Benefits of UMA applied to LMP 28 Authorize Client Resource Server Authorization Server Protect Access (on behalf of Requesting Party) Resource Owner Individual is active part of defining the how the personal information will be handled in the data sharing process (Controlled Push or Informed Pull). Individual protects the distributed resource which is collecting the personal data with a centralized Authorization Server. Protection and Security Accountability Right and Responsibility for using personal data
  53. 53. Benefits of UMA applied to LMP 28 Authorize Client Resource Server Authorization Server Protect Access (on behalf of Requesting Party) Resource Owner Individual is active part of defining the how the personal information will be handled in the data sharing process (Controlled Push or Informed Pull). Individual is able to define sharing policy for what purposes the personal data is shared (or collected) Individual protects the distributed resource which is collecting the personal data with a centralized Authorization Server. Protection and Security Accountability Right and Responsibility for using personal data
  54. 54. Benefits of UMA applied to LMP 28 Authorize Client Resource Server Authorization Server Protect Access (on behalf of Requesting Party) Resource Owner Individual is active part of defining the how the personal information will be handled in the data sharing process (Controlled Push or Informed Pull). Individual is able to define sharing policy for what purposes the personal data is shared (or collected) Individual protects the distributed resource which is collecting the personal data with a centralized Authorization Server. Protection and Security Accountability Right and Responsibility for using personal data Individual can selectively share personal data with Requesting Party through a Claim-based authorization system
  55. 55. Benefits of UMA applied to LMP 28 Authorize Client Resource Server Authorization Server Protect Access (on behalf of Requesting Party) Resource Owner Individual is active part of defining the how the personal information will be handled in the data sharing process (Controlled Push or Informed Pull). Individual is able to define sharing policy for what purposes the personal data is shared (or collected) Policy Enforcement Point at Resource Server allows to intercept any request to access to personal data Individual protects the distributed resource which is collecting the personal data with a centralized Authorization Server. Protection and Security Accountability Right and Responsibility for using personal data Individual can selectively share personal data with Requesting Party through a Claim-based authorization system
  56. 56. Questions? 29
  57. 57. 30 Eve L. Maler UMA WG Chair emaler@forrester.com ! Thomas Hardjono UMA WG Specification Editor hardjono@mit.edu ! Members of the UMA WG ThankYou /Acknowledgement
  58. 58. Thanks! 31 @UMAWG tinyurl.com/umawg |tinyurl.com/umafaq
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×