Friday, July 29, 2011

Privacy Control for User-Managed Access

This post is about my recent work at Newcastle University as contributor on the Smart project. The study explores visualization techniques to enhance privacy control user experience for User-Managed Access (UMA) protocol, applied to SmartAM system.
The goal is to mitigate risks of lost of privacy and the exploitation of online personal data caused from user difficulty to maintain control, correlate web resources and assign privileges for specific scope in the data sharing process.
The approach (see slideshare presentation below) introduces the concepts of Connection, Control bridge and visualization tools for this purpose.

Monday, July 18, 2011

UMA & OpenID Connect

As part of my visit at the Newcastle University, thanks to the Smart team and prof. Aad van Moorsel,  last Wednesday, I had the opportunity to talk at the Computer Science Group Talk to a group of PhD students and researchers about UMA protocol and the extension to support Trusted Claims using OpenID Connect. The integration scenario (see slideshare below) shows an user interaction to get access to UMA protected resource with access restrictions based on requester's information/claims (i.e. email address, age, and gender) using OpenID Connect.
Interestingly, yesterday was released a first OpenID Connect demo w/Google. This is very useful for a further investigation about the integration approach and interfaces between UMA and OpenID Connect!
Smart team at Newcastle University

Sunday, July 10, 2011

User-Managed Access (UMA): Power to the people

As contributor and member of the leadership team at Kantara UMA WG, I'm very excited for the announced release of a first draft recommendation for UMA to the IETF for consideration.

This is a fundamental milestone for the creation of a new generation of authorization system which gives data-sharing power to the people.
The  approach addresses the emerging issues for data-sharing and identity in the cloud. From a security and privacy perspective, UMA protocol, which is build on top of the IETF Oauth 2.0 effort, gives the user the capabilities to control what information will be revealed, for what purpose and with which party, indipendently from where the user information are stored. 

This announce happens meanwhile I'm visiting Newcastle University where I joint the Smart team for contributing on SmartAM project (another exciting challenge!!), which implements UMA specification.

The Working group will demonstrate UMA's benefits in a public webinar on Wednesday, July 13, at 9am pacific time. Join us. 
You can register here.