User-Managed Access for Higher Education

If you are interested on data sharing challenges about security and privacy, don't miss the next UMA work group webinar. 

Next week, the 17th of October (8am PT), UMA Work Group will conduct a free public webinar to discuss and provide live demonstrations of UMA’s benefits for the higher education community and other communities where data sharing presents security and privacy challenges. 

It will be show an extensive demo of how students can manage access by a variety of prospective employers to distributed, trusted information about their educational achievements.

One UMA implementation, the SMART system developed at Newcastle University, is working to help students control the sharing of Transcripts of Records and other personal data hosted on University systems with future employers. Recently, the system was integrated with the UK Federation to provide these benefits to other British universities.

Join us!

Find webex information at http://tinyurl.com/umawg. 

Follow the group on Twitter at @UMAWG, hashtag #UMAedu for news.

UMA at Oracle Community for Security

Last week I had the opportunity to spread the word about User-Managed Access (UMA) at the Oracle Community for Security in Italy.
Oracle Community for Security is an Italian community of qualified Oracle's partners. They have the goal to provide technical and business awareness to the enterprise and for the market. Last years they contributed on interesting studies (Italian) about the "Return on Security Investiments", "Healthcare Record Management", and "Privacy on Cloud and Mobile".
Since in the community there is a convergence of interests on Privacy and Persona Data Protection, I've explained UMA's concepts and benefits in this field, starting from the today's challenges: 

• Privacy in the Social Networks, 
• The emerging of the personal cloud, Personal data store (PDS),
• The Participatory Personal Data.

All these phenomenas along with the mobile and pervasive computing are the main drivers of personal data collection, processing and data sharing, with a sensible impact for the privacy of the individuals.

This brief presentation (see slideshow below) describes these scenarios, and how UMA helps user to manage their personal data and sharing decisions.

Take Control of your Personal Data

View more presentations from Domenico Catalano

Securing Internet Payment Systems

Recently, the European Central Bank (ECB) released a report with a set of recommendations to improve the security of internet payments. The recommendations include:

• General control and security environment.
• Specific control and security measures for Internet Payments.
• Customer awareness, education and communication.

The security measures for the Internet Payments include:

• Customer identification
• Strong Customer authentication 
• Enrollment for and provision of strong authentication 
• Log-in attempts, session time-out, validity of authentication
• Transaction monitoring and authorization
• Protection of sensitive payment data

The following presentation that I've presented at the Security Summit 2012 (Rome), shows the Oracle approach for Securing Internet payment systems according to ECB recommendations. In particular, it shows an intelligent model to prevent online fraud, based on Oracle Adaptive Access Manager (OAAM), a context-aware risk analysis system. Furthermore, it includes a brief introduction to the Managed-Fraud Reduction (MFR) solution based on Oracle and British Telecom experience. 

View more presentations from Domenico Catalano

Introduzione ad UMA. Parte I

Questo è il primo di una serie di post che ha l'obiettivo d’illustrare il protocollo User-Managed Access (UMA)  e le principali esigenze che intende indirizzare.

Che cos'è UMA
UMA  è un protocollo progettato per fornire ad un utente web (Authorizing User) un punto di controllo unificato per autorizzare chi e cosa può ottenere l'accesso ai propri dati personali on-line (come attributi d'identità ), il contenuto (come foto) e servizi (come la visualizzazione e la creazione/aggiornamento di uno stato), non importa dove tutte queste informazioni risiedono sul web.

UMA permette all'utente di verificare l'idonietà della parte richiedente (Requesting Party) che riceve l'autorizzazione per l'accesso ai dati personali. Le verifiche possono includere le richieste di informazioni (ad esempio "Chi sei? oppure "hai piu' di 18 anni?") e promesse (ad esempio "Sei d'accordo sui termini di divulgazione di queste informazioni", oppure " puoi confermare che le tua privacy e le politiche di portabilità del dato corrispondono ai miei requisiti?").

La figura seguente illustra il modello architetturale di alto livello e i principali attori coinvolti nel processo autorizzativo del protocollo UMA.

Come UMA indirizza i requisiti di privacy dell’utente e di controllo dell'uso dei dati?
Le verifiche d’idonietà che l'utente potrebbe voler fare sul richiedente non possono essere risolte solo con sistemi di crittografia e protocolli web, ma è necessario fare ricorso ad accordi ed alla responsabilità delle parti.

UMA non adotta tecniche come DRM (Digital Rights Management), mediante il quale è possibile, utilizzando meccanismi crittografici, restringere l’accesso ai dati prima che i dati vengano inviati.
Più semplicemente e più convenientemente per l’utente finale, UMA pone l’attenzione, anche per una facilità di adozione, sulla visibilità dell’utente e sul controllo dell’accesso ai dati da parte di terzi.

UMA ha come obiettivo un livello minimo ragionevole di applicazione degli accordi autorizzativi, tali che se la parte richiedente va contro le promesse a cui ha aderito in fase di accesso, allora il soggetto interessato può ricorrere in giudizio.

Take Control of your Personal Data: An UMA perspective

Recently, the EU commission reviewed the Privacy Directive introducing new rules for the protection of personal data in a data sharing context. The reason is straightforward: the scale of data sharing and collections has increased spectacularly. Online services are increasing and individuals are encouraged to make personal information available publicly and globally.

Even though privacy is a complex problem with many facets - think about the new Google’s Privacy policy, which provide for combination of personal data across different services, and the concern for the compliance with European data protection legislation - there isn't an easy way to address these problems without a legal framework and respect for the individual.

Nevertheless, state of art technology can help individuals to reduce the risk of losing control of their personal data, empowering the user to control personal data distributed among service providers, using a centralized authorization service.

At the Kantara User-Managed Access (UMA) Work Group, headed by Eve Maler, we are developing specs that let an individual control the authorization of data sharing and service access made between online services on the individual's behalf.

UMA is designed with Privacy in mind, with the goal to address the concept of Privacy by Design. UMA is inspired by the paradigm:

"The goal of a flexible, user-centric identity management infrastructure must be to allow the  user to quickly determine what information will be revealed to which parties and for what purposes, how trustworthy those parties are and how they will handle the information, and what the consequences of sharing their information will be" - Ann Cavoukian, Information and Privacy Commissioner of Ontario (Privacy in the clouds). 

This approach helps to reduce sensibly the difficulties for individuals to stay in control of their personal data.

A typical scenario involves online registration for websites to allow an individual to access its online service. This scenario may involve an host where the individual stores the personal data, a requester, which is the website that provides the service and the Authorization Manager which provides the authorization decision on behalf of the individual.

Let me explain how this scenario matches the privacy paradigm in the UMA perspective:

What data will be revealed
Individuals can control what data will be revealed because they are involved in the protocol. First, the Subject must register the resource which is collecting the personal data with a centralized Authorization Manager. This allows individuals to maintain a centralized view of what data is being collected.

UMA goes beyond just informing people what will happen if something is shared; it lets them activily control sharing.

For what purpose
Individuals are an active part of defining the how the personal information will be handled in the data sharing process. With UMA’s centralized Authorization Manager, the Subject is able to define sharing policy (a connection), for what purposes the personal data is shared (or collected) and maintaining of control of it, including the possibility of canceling and disabling connection with service providers (Requester) at any time.

With which parties
Any attempts to access to personal data by any party (Requester), will be intercepted by a policy enforcement point (at the local service provider) and to alert the Authorization Manager, which is in charge of taking an authorization decision. In this specific scenario, the Authorization Manager interacts with the subject for requesting consent to grant the access to the own personal data.

The following picture shows an individual online consent request based on UMA User Experience study applied to a mobile context.

The Role of data Visualization
Visualization plays a fundamental role in creating an abstraction layer for controlling distributed personal data. Last summer, I had the opportunity to visit the Newcastle University for 4 weeks on the SmartAM project, which is implementing UMA spec, with the goal of studing and contributing to human interface aspects.

As a result of this study, we introduced two main concepts to enhance the level of control of personal data. First is the connection which defines the context of a data sharing policy. In other words, it’s a visualization technique that help the individual to define and determine what data will be revealed for what purpose, so it defines an appropriate context. The second one is an analytics feature which helps to maintain control of information which is revealed.

The picture below shows an example of how the individual would see all of the connections for own Personal data. In the middle of the example, “Personal Data” is shown in different contexts (i.e. Professional, University, Collab, etc.), each context includes Requester (MySelf, Person, Groups, ect.), which have access to the data and Applications which have access on behalf of the requester.

Building Trust
One of the most important and complex aspects for economic development and for encouraging individuals to adopt distributed authorization system is to build a trusted eco-system among Individual, Service Providers and Requester services. UMA WG is also defining a Trust Model in order to provide baselines to build technical and business Trust. At this link you can read a blog post that presents a brief introduction of the model.

UMA Tweet Chat

If you are interested in User-Managed Access (UMA) from a technical standpoint, including UMA spec, UMA implementations, development advice, best practices and intereroperability testing, don't miss the first-ever UMA Twitter chat on Wednesday, February 8, 2012, at 9-10am Pacific time.

The hosts will be:
Eve Maler, UMA group chair (@xmlgrrl) and
Maciej Machulak, UMA group vice-chair (@mmachulak).

The chat hashtag is #umachat. If you write in, be sure to use it! An easy way to follow along is to use TweetChat.com.

Join us!

UMA: Trust in a distributed authorization system

During the last UMA WG Webinar (slides) which was focused on multiple implementation demos and UMA's OpenID Connect relationship, I had the opportunity to explain the current UMA trust model. Here are some descriptive details about this model.
Many literatures try to define the concept of trust. According to the ITU-T X.509, Section 3.3.54, trust is defined as follows: “Generally an entity can be said to ‘trust’ a second entity when the first entity makes the assumption that the second entity will behave exactly as the first entity expects.”
UMA trust model is built on the following implications that are based on the UMA features:

• Host's Authorization decision is externalized to the Authorization Manager (AM).
• There is no relationship between a Requester and the Authorization manager prior to a request for access. 

Externalizing an authorization decision requires a formal registration process and consequently a delegation of protection of a resource.
Furthermore, because the AM does not know the requester directly, it has to use information from third parties who know the requester better. Normally, the AM trusts these third parties only for certain things and only to certain degrees.
These trust and delegation aspects make UMA's authorization system different from traditional access control.

The following diagram illustrates is an high level representation of the UMA Trust Model which describes the trust relationship. We use a multiple triangles representation because it's useful to represent this complex  trust relationship (2 parties + one authority).

In the diagram are represented the three main aspects of the trust model: Registration, Trusted Claims and Delegation of Authority respectively related to the UMA functional model which includes: Protect, Authorize and Access (that you can see in the centered triangle). 

The Registration aspect describes the Host-AM Trust Relationship, this includes technical procedures (such as private key exchange), legal agreements and policies.
On the left side, the vertex called "Accreditation system" represents a third party (e.g. Registration Authority) that we think could be involved to guarantee an adequate level of trustworthiness about the parties in case of a specific business (i.e. Healthcare, financial credit). It is not about identity exclusively.

The Trusted Claims aspect describes the AM-Requester Trust Relationship. For this specific aspect we leverage OpenID Connect specification and its levels of assurance to enable an Claim-based authorization system (see slideshare here). The SmartAM demo in the webinar showed a case of OpenID Connect-sourced trusted claims.

Last is the Delegation of Authority aspect which describes the Host-Requester Trust relationship, which is based on a delegation process, specific of the UMA protocol sequence which enables the propagation of trust.
Examples of delegation are:

• The Authorizing User delegates rights of protecting its resource to the Authorization Manager.
• The Host delegates rights of authorizing decision to the Authorization Manager. 
• The Authorization Manager delegates rights of the Requester’s proof-of claims’s to a 3rd party Claims Provider.

For more details about the expectations and responsibilities of various parties interoperating in the User-Managed Access (UMA) context, please take a look at UMA Trust Model document and the approach for Measuring Element of Trust.
See also UMA Trust and Security Implication FAQ