IdentityCube

UMA Tweet Chat

2012-02-03T05:12:00.000-08:00

If you are interested in User-Managed Access (UMA) from a technical standpoint, including UMA spec, UMA implementations, development advice, best practices and intereroperability testing, don't miss the first-ever UMA Twitter chat on Wednesday, February 8, 2012, at 9-10am Pacific time.

The hosts will be:
Eve Maler, UMA group chair (@xmlgrrl) and
Maciej Machulak, UMA group vice-chair (@mmachulak).

The chat hashtag is #umachat. If you write in, be sure to use it! An easy way to follow along is to use TweetChat.com.

Join us!

UMA: Trust in a distributed authorization system

2012-01-03T14:00:00.000-08:00

During the last UMA WG Webinar (slides) which was focused on multiple implementation demos and UMA's OpenID Connect relationship, I had the opportunity to explain the current UMA trust model. Here are some descriptive details about this model.
Many literatures try to define the concept of trust. According to the ITU-T X.509, Section 3.3.54, trust is defined as follows: “Generally an entity can be said to ‘trust’ a second entity when the first entity makes the assumption that the second entity will behave exactly as the first entity expects.”
UMA trust model is built on the following implications that are based on the UMA features:

Host's Authorization decision is externalized to the Authorization Manager (AM).
There is no relationship between a Requester and the Authorization manager prior to a request for access.

Externalizing an authorization decision requires a formal registration process and consequently a delegation of protection of a resource.
Furthermore, because the AM does not know the requester directly, it has to use information from third parties who know the requester better. Normally, the AM trusts these third parties only for certain things and only to certain degrees.
These trust and delegation aspects make UMA's authorization system different from traditional access control.

The following diagram illustrates is an high level representation of the UMA Trust Model which describes the trust relationship. We use a multiple triangles representation because it's useful to represent this complex trust relationship (2 parties + one authority).

In the diagram are represented the three main aspects of the trust model: Registration, Trusted Claims and Delegation of Authority respectively related to the UMA functional model which includes: Protect, Authorize and Access (that you can see in the centered triangle).

The Registration aspect describes the Host-AM Trust Relationship, this includes technical procedures (such as private key exchange), legal agreements and policies.
On the left side, the vertex called "Accreditation system" represents a third party (e.g. Registration Authority) that we think could be involved to guarantee an adequate level of trustworthiness about the parties in case of a specific business (i.e. Healthcare, financial credit). It is not about identity exclusively.

The Trusted Claims aspect describes the AM-Requester Trust Relationship. For this specific aspect we leverage OpenID Connect specification and its levels of assurance to enable an Claim-based authorization system (see slideshare here). The SmartAM demo in the webinar showed a case of OpenID Connect-sourced trusted claims.

Last is the Delegation of Authority aspect which describes the Host-Requester Trust relationship, which is based on a delegation process, specific of the UMA protocol sequence which enables the propagation of trust.
Examples of delegation are:

The Authorizing User delegates rights of protecting its resource to the Authorization Manager.
The Host delegates rights of authorizing decision to the Authorization Manager.
The Authorization Manager delegates rights of the Requester’s proof-of claims’s to a 3rd party Claims Provider.

For more details about the expectations and responsibilities of various parties interoperating in the User-Managed Access (UMA) context, please take a look at UMA Trust Model document and the approach for Measuring Element of Trust.
See also UMA Trust and Security Implication FAQ

Privacy Control for User-Managed Access

2011-07-29T06:02:00.000-07:00

This post is about my recent work at Newcastle University as contributor on the Smart project. The study explores visualization techniques to enhance privacy control user experience for User-Managed Access (UMA) protocol, applied to SmartAM system.
The goal is to mitigate risks of lost of privacy and the exploitation of online personal data caused from user difficulty to maintain control, correlate web resources and assign privileges for specific scope in the data sharing process.
The approach (see slideshare presentation below) introduces the concepts of Connection, Control bridge and visualization tools for this purpose.

Exploring Visualization Techniques to Enhance Privacy Control UX for User-Managed Access

View more presentations from domcat

UMA & OpenID Connect

2011-07-18T10:53:00.000-07:00

As part of my visit at the Newcastle University, thanks to the Smart team and prof. Aad van Moorsel, last Wednesday, I had the opportunity to talk at the Computer Science Group Talk to a group of PhD students and researchers about UMA protocol and the extension to support Trusted Claims using OpenID Connect. The integration scenario (see slideshare below) shows an user interaction to get access to UMA protected resource with access restrictions based on requester's information/claims (i.e. email address, age, and gender) using OpenID Connect.
Interestingly, yesterday was released a first OpenID Connect demo w/Google. This is very useful for a further investigation about the integration approach and interfaces between UMA and OpenID Connect!

UMA Trusted Claims

View more presentations from domcat

Smart team at Newcastle University

User-Managed Access (UMA): Power to the people

2011-07-10T06:19:00.000-07:00

As contributor and member of the leadership team at Kantara UMA WG, I'm very excited for the announced release of a first draft recommendation for UMA to the IETF for consideration.

This is a fundamental milestone for the creation of a new generation of authorization system which gives data-sharing power to the people.

The approach addresses the emerging issues for data-sharing and identity in the cloud. From a security and privacy perspective, UMA protocol, which is build on top of the IETF Oauth 2.0 effort, gives the user the capabilities to control what information will be revealed, for what purpose and with which party, indipendently from where the user information are stored.

This announce happens meanwhile I'm visiting Newcastle University where I joint the Smart team for contributing on SmartAM project (another exciting challenge!!), which implements UMA specification.

The Working group will demonstrate UMA's benefits in a public webinar on Wednesday, July 13, at 9am pacific time. Join us.

You can register here.

Microsoft won't ship CardSpace 2.0

2011-02-21T12:46:00.000-08:00

Last week, at RSA Conference, Microsoft announced not to ship Windows CardSpace 2.0. This decision is very significant because Cardspace was considered one of the most interesting user-centric technologies along with OpenID.

The Windows CardSpace software enables people to maintain a set of personal digital identities that are shown to them as visual “Information Cards”. This approach mitigates phishing attacks and encourages a move away from passwords. The card approach combined with the claims-based approach also has some potential privacy benefits.

It seems that Microsoft is reconsidering the state of art of the identity landscape and the evolution of tools and cloud services and trying to focusing on claim-based identity using new approaches (see Kim Cameron's Identity weblog: From CardSpace to Verified Claims).
On the other hand, the claim-based Identity remains one of the vibrant concept to address permissioned data sharing scenarios in the cloud.

Claim-based Identity is also one of the main interest and priority of Kantara UMA WG (Trusted Claims), where we are exploring some interesting user experience and the relationship with OpenID Connect to provide a claim-based access control spec in order to restrict and personalize access to cloud services.

OAuth, UMA and the Enterprise

2010-12-01T04:23:00.000-08:00

As reported from Phil Hunt Blog, a lot of Interest on OAuth applied to Enterprise scenario have emerged at last IIW#11at Mountain View (IIW OAuth Enterprise BOF).

Starting in 2008, I have worked on the Sun internal project led by Eve Maler that formed the basis for User-Managed Access (UMA), based on OAuth, and later joined the Kantara UMA Work Group, now as Oracle employee, after Sun acquisition.

I've noted with much interest that the discussed scenarios at IIW BOF are very similar to the scenario and use case that I've proposed and then accepted from Kantara UMA WG, where I'm contributing as leadership team member.

The scenario that I've proposed is about an Online Personal loan request that is a use case in which a user apply a request for a personal loan to a financial service.

In brief, to approve or reject the loan request, the financial service must verify many pieces of user personal information from different Service Provider/host. For instance, the amount of monthly user salary (i.e. 3 last monthly salary) from user's Employer, user bank account information (account number, net) and need to access to the user credit information (credit history, score, ect.) from the Financial Risk central service.

The actors in UMA terminology:

User as Authorizing User
Financial Service as Requester
User's Employer as Host (salary information)
User Bank as Host (user account information)
Financial Risk central service as Host (user credit information)
Authorization Manager

Distinctive aspects:

The Authorizing User delegates authorization to a Requester to access to Service Providers.
A Requester that needs a collection of information from multiple sources (resource aggregation).
A high-value, privacy-sensitive transaction.
Ensuring that information about the user is third-party verified by using the third parties directly as SPs/Hosts.

Through this and other scenarios UMA WG is developing the next generation user-centric access management platform, based on OAuth 2.0 specification, but with the following key differentiators and capabilities:

Provide a Centralized Policy Decision Point functionality based on end-user policy.
Possibility to aggregate protected resources in a single basket to allow the requester to collect data from multiple resources.
Enhance control on user privacy through an analytics dashboard and auditing to control who access to what.

Furthermore, in order to address specific trust management issue that can be valuable in the Enterprise scenario, at Kantara UMA WG, we are defining an approach to extend UMA access control mechanism to support trusted Claims.

The UMA protocol supports the policy-driven ability of an AM to demand claims from a requesting party before authorization is granted. The claims may be self-asserted or third-party-asserted. In this novel approach, UMA leverages the notion of a Trust Framework (defined by the Open Identity Trust Framework (OITF) Model paper as “a set of technical, operational, and legal requirements and enforcement mechanisms for parties exchanging identity information” and sometimes called a federation).

For more details see last set of wireframes developed to explore a person-to-person data sharing scenario in which the Authorizing User wants to restrict sharing to a specific Requesting Party identity.

It is not complex extend the person-to-person data sharing scenario in a service-to-person scenario, where a Bank service, for instance, to grant access to specific resource to the customers could require specific user-managed trusted claims!!

A new blog site

2010-12-01T00:44:00.000-08:00

This is my new blog site at identitycube.blogspot.com
You can find my previous blogs at blogs.sun.com/domcat