Thursday, June 6, 2013

User-Managed Access for Life Management Platforms

The concept of Life Management Platform (LMP) was introduced last year in the Kupping-Cole's advisory note "Life Management Platforms: Control and Privacy for Personal Data".
The platform concept provides the tools to manage the essential information of every person’s life and making it usable for other parties through privacy-enhanced applications, thus meeting the privacy and security requirements.
LMP is about Personal Information Sharing which is an emerging trend for online personal daily life activities, including the interaction with financial credit, insurance, healthcare, etc..
Very similar to concepts like Personal Cloud, or Personal Data Store (PDS), LMP encourages the individual to control own data and for some aspects close to a Vendor Relationship Management (VRM) vision.

The key features of this new concept includes:
  • Secure store of the information
  • Granular access control for data
  • Information control remains with individual
  • Informed Pull and Controlled Push mechanisms for sharing data (see details below)
In the "Take Control of your Personal Data: An UMA perspective" blog post, I've explained how UMA protocol (also see the UMA spec) addresses the individual's privacy requirements in today's data sharing challenges, that includes social network, personal data store, personal cloud and emerging participatory data store.
UMA defines how an individual can control protected-resource access by clients operated by arbitrary requesting parties, where the resource reside on any number of resource servers, and where a centralized authorization server governs access based on individual policy.
For this features, I think that UMA protocol, which is a OAuth profile, is well suitable to be part of Life Management Platform for managing Privacy and Security requirements. (Also see the UMA case study on “subscribing to a friend’s personal cloud”.)
To give you an idea of this approach, the following diagram shows a possible (high level) LMP architecture integrated with UMA protocol. 

  • The individual (the resource owner) interacts with the LMP for managing own data.
  • LMP acts as Resource Server for the individual's data, protected by the UMA Authorization Server (AS).
  • UMA Authorization Server acts as centralized policy decision point where the individual control the authorization of data sharing and service access.
  • Clients act as data producer and data consumer respectively for "Informed Pull" and "Controlled Push" scenarios.
Apart of secure store of the information which is a specific feature of the platform, the others key features could be aspects of UMA features.
In LMP scenarios, an individual interacts for sharing life data with parties through two specific way:
  1. Informed Pull - LMP allows to consume information from other parties (i.e an individual issues a request for information to a group of banks to obtain the best offer for a personal loan).
  2. Controlled Push - LMP is a producer of individual data for other parties (i.e. an individual requestes access to a online insurance service to buy a car insurance, providing personal information and car details).
In the Informed Pull scenario, UMA AS is able to provide a LMP Consumer API protection, forcing the client to be authorized before that the LMP consumes the data published by the client on behalf of a Subject (i.e. a loan offer provided by a bank).

In the Controlled Push scenario, UMA AS is able to provide a control about how personal information will be disseminate with which parties in order to access to online service. 
In this case, the authorization process starts when the client on behalf of the requesting party (i.e the insurance company) requests access to individual data which are stored or produced by the LMP.

The authorization process is based on UMA Connection concept (see details about UMA Connection concept here), by which the client must be identified and invited to negotiate the individual's access policies (they may include trusted claims, individual terms and constraints).

The following picture shows an example of user interface where is visible the two approaches for managing life connections and life events respectively for Controlled Pull and Informed Push models.


Benefits of UMA approach for LMPs:
  • Inspired by Privacy By Design concept.
  • Built on top of OAuth v2 specification.
  • Provide a centralized and granular access control system.
  • Interoperable with trusted ecosystems.
UMA Implementations 
There are several active UMA implementations in different space of the data sharing models, including Personal Data Store, Life Management Platforms and at enterprise level. For more details refer to UMA Implementations page.