Thursday, March 8, 2012

Take Control of your Personal Data: An UMA perspective

Recently, the EU commission reviewed the Privacy Directive introducing new rules for the protection of personal data in a data sharing context. The reason is straightforward: the scale of data sharing and collections has increased spectacularly. Online services are increasing and individuals are encouraged to make personal information available publicly and globally.

Even though privacy is a complex problem with many facets - think about the new Google’s Privacy policy, which provide for combination of personal data across different services, and the concern for the compliance with European data protection legislation - there isn't an easy way to address these problems without a legal framework and respect for the individual.

Nevertheless, state of art technology can help individuals to reduce the risk of losing control of their personal data, empowering the user to control personal data distributed among service providers, using a centralized authorization service.

At the Kantara User-Managed Access (UMA) Work Group, headed by Eve Maler, we are developing specs that let an individual control the authorization of data sharing and service access made between online services on the individual's behalf.

UMA is designed with Privacy in mind, with the goal to address the concept of Privacy by Design. UMA is inspired by the paradigm:
"The goal of a flexible, user-centric identity management infrastructure must be to allow the  user to quickly determine what information will be revealed to which parties and for what purposes, how trustworthy those parties are and how they will handle the information, and what the consequences of sharing their information will be" - Ann Cavoukian, Information and Privacy Commissioner of Ontario (Privacy in the clouds). 

This approach helps to reduce sensibly the difficulties for individuals to stay in control of their personal data.
A typical scenario involves online registration for websites to allow an individual to access its online service. This scenario may involve an host where the individual stores the personal data, a requester, which is the website that provides the service and the Authorization Manager which provides the authorization decision on behalf of the individual.

Let me explain how this scenario matches the privacy paradigm in the UMA perspective:

What data will be revealed
Individuals can control what data will be revealed because they are involved in the protocol. First, the Subject must register the resource which is collecting the personal data with a centralized Authorization Manager. This allows individuals to maintain a centralized view of what data is being collected.

UMA goes beyond just informing people what will happen if something is shared; it lets them activily control sharing.

For what purpose
Individuals are an active part of defining the how the personal information will be handled in the data sharing process. With UMA’s centralized Authorization Manager, the Subject is able to define sharing policy (a connection), for what purposes the personal data is shared (or collected) and maintaining of control of it, including the possibility of canceling and disabling connection with service providers (Requester) at any time.

With which parties
Any attempts to access to personal data by any party (Requester), will be intercepted by a policy enforcement point (at the local service provider) and to alert the Authorization Manager, which is in charge of taking an authorization decision. In this specific scenario, the Authorization Manager interacts with the subject for requesting consent to grant the access to the own personal data.

The following picture shows an individual online consent request based on UMA User Experience study applied to a mobile context.

The Role of data Visualization
Visualization plays a fundamental role in creating an abstraction layer for controlling distributed personal data. Last summer, I had the opportunity to visit the Newcastle University for 4 weeks on the SmartAM project, which is implementing UMA spec, with the goal of studing and contributing to human interface aspects.

As a result of this study, we introduced two main concepts to enhance the level of control of personal data. First is the connection which defines the context of a data sharing policy. In other words, it’s a visualization technique that help the individual to define and determine what data will be revealed for what purpose, so it defines an appropriate context. The second one is an analytics feature which helps to maintain control of information which is revealed.

The picture below shows an example of how the individual would see all of the connections for own Personal data. In the middle of the example, “Personal Data” is shown in different contexts (i.e. Professional, University, Collab, etc.), each context includes Requester (MySelf, Person, Groups, ect.), which have access to the data and Applications which have access on behalf of the requester.

Building Trust
One of the most important and complex aspects for economic development and for encouraging individuals to adopt distributed authorization system is to build a trusted eco-system among Individual, Service Providers and Requester services. UMA WG is also defining a Trust Model in order to provide baselines to build technical and business Trust. At this link you can read a blog post that presents a brief introduction of the model.