The state of uma 2014 11-03
-
Upload
kantarainitiative -
Category
Technology
-
view
123 -
download
0
description
Transcript of The state of uma 2014 11-03
![Page 1: The state of uma 2014 11-03](https://reader033.fdocuments.us/reader033/viewer/2022052907/5593e12b1a28abe40b8b47d4/html5/thumbnails/1.jpg)
The State of
User-Managed Access,
November 2014Eve Maler, chair
@UMAWG
3 November 2014
tinyurl.com/umawg
1
![Page 2: The state of uma 2014 11-03](https://reader033.fdocuments.us/reader033/viewer/2022052907/5593e12b1a28abe40b8b47d4/html5/thumbnails/2.jpg)
Agenda
• Quick summary of UMA in context
• Specification progress in context
• Implementation news
• Standardization progress and next steps
• Use case domains
• Other major news items
• Thoughts on UMA contributions to the
larger conversation
2
![Page 3: The state of uma 2014 11-03](https://reader033.fdocuments.us/reader033/viewer/2022052907/5593e12b1a28abe40b8b47d4/html5/thumbnails/3.jpg)
OpenIDConnect
UMA
OAuth 2.0
The new Venn of access control and consent
![Page 4: The state of uma 2014 11-03](https://reader033.fdocuments.us/reader033/viewer/2022052907/5593e12b1a28abe40b8b47d4/html5/thumbnails/4.jpg)
The marvelous spiral of controlled
personal data/access sharing
4
![Page 5: The state of uma 2014 11-03](https://reader033.fdocuments.us/reader033/viewer/2022052907/5593e12b1a28abe40b8b47d4/html5/thumbnails/5.jpg)
Interoperable, RESTful
authorization-as-a-service
5
Has standardized APIs
for privacy and
“selective sharing”
Outsources protection to
a centralizable
authorization server
“authz provider”
(AzP)
“authz relying party”(AzRP)
identity provider
(IdP)
SSO relying party(RP)
![Page 6: The state of uma 2014 11-03](https://reader033.fdocuments.us/reader033/viewer/2022052907/5593e12b1a28abe40b8b47d4/html5/thumbnails/6.jpg)
Specification progress in
context
6
ProtectServe
UMA Core, Resource Set Registration
OAuth 1.0, 1.0a WRAP
OpenID AB/ConnectOpen
IDOpenID Connect
OAuth 2.0
08 09 10 11 1312 14 15
Dynamic Client Reg…
Claims, Obs…
![Page 7: The state of uma 2014 11-03](https://reader033.fdocuments.us/reader033/viewer/2022052907/5593e12b1a28abe40b8b47d4/html5/thumbnails/7.jpg)
Implementation news
• Interop testing has begun on the “V0.9” specs, mostly against Roland Hedberg’s suite
– Four participants, four full solutions (including an authorization server) and two partial solutions (resource server and client only)
– Several other implementations in the wings
• A few implementations in deployment
– One product for a personal data use case
– One product for several enterprise use cases
• Cross-matrix testing coming in 2015
7
![Page 8: The state of uma 2014 11-03](https://reader033.fdocuments.us/reader033/viewer/2022052907/5593e12b1a28abe40b8b47d4/html5/thumbnails/8.jpg)
Standardization progress
and next steps
8
UMA “Core” (Profile of
OAuth)
Resource Set Registration
Claim Profiles Framework
Binding Obligations
Q1-2
Q1-2 Q3-4 Q3-4?
![Page 9: The state of uma 2014 11-03](https://reader033.fdocuments.us/reader033/viewer/2022052907/5593e12b1a28abe40b8b47d4/html5/thumbnails/9.jpg)
Use-case domains
Health
Financial
Education
Personal
Government
Media
Behavioral
Web
Mobile
API
IoT
![Page 10: The state of uma 2014 11-03](https://reader033.fdocuments.us/reader033/viewer/2022052907/5593e12b1a28abe40b8b47d4/html5/thumbnails/10.jpg)
Other major news items
• EIC award
• HEART WG
• New open-
source
community
10
![Page 11: The state of uma 2014 11-03](https://reader033.fdocuments.us/reader033/viewer/2022052907/5593e12b1a28abe40b8b47d4/html5/thumbnails/11.jpg)
UMA contributions to the larger
privacy and consent conversation
• UMA authorization grants (and consent
directives) as asynchronous consent
• The relationship between proactive,
directed sharing and privacy-as-runtime-
consent
11
![Page 12: The state of uma 2014 11-03](https://reader033.fdocuments.us/reader033/viewer/2022052907/5593e12b1a28abe40b8b47d4/html5/thumbnails/12.jpg)
UMA contributions to the larger
access control conversation
• Opportunities for declarative policy to be
the “rocket fuel” of IoT authorization
• Opportunities for UMA along with
simplified XACML in the health space
• UMA extensions for full ABAC
12
![Page 13: The state of uma 2014 11-03](https://reader033.fdocuments.us/reader033/viewer/2022052907/5593e12b1a28abe40b8b47d4/html5/thumbnails/13.jpg)
Big thanks!
• To Kantara
• To the UMA WG
• To the implementers
• To the IRM community
13
![Page 14: The state of uma 2014 11-03](https://reader033.fdocuments.us/reader033/viewer/2022052907/5593e12b1a28abe40b8b47d4/html5/thumbnails/14.jpg)
Questions? Thank you!
Eve Maler, chair
@UMAWG
3 November 2014
tinyurl.com/umawg
14