Security Market Segment LS
Friday, 20 February 2015 10:08

UMA aims to put users back in control of their data

By

An emerging standard called UMA promises to make it easier to control who can access your data.

As vice president of innovation and emerging technology at identity relationship management vendor ForgeRock, Eve Maler (pictured) is well aware of the importance of identity management.

"Identity is at the centre of everything," she told iTWire. "Without identity you can't authorise, personalise or transact."

While some previous attempts at identity management have focussed largely on people using web browsers, the environment is changing.

Not only is browser traffic becoming a smaller percentage of the online world given mobile users' preference for apps over web pages, plus the nascent Internet of Things, but she also notes the "new savviness" among users when it comes to granting permission for data access, pointing out that the available controls are poor: you either opt in, or you opt out.

Unlike some people in the IT industry, Maler appears to have a genuine interest in privacy.

As part of her responsibility for directing ForgeRock's involvement in relevant industry standards, she leads the User Managed Access (UMA) and Health Relationship Trust (HEART) standards efforts.

The idea of UMA - which is just coming to fruition, she told iTWire - is to provide an API-based mechanism for "selective sharing" so users can allow or revoke access to their data as they wish, much as they can with Google Docs.

Even though open-source code from the OpenUMA community project has yet to be published (the public review period for the UMA V1.0 candidate specifications closes today), UMA "is getting a lot of interest" in various areas including healthcare, Maler said.

It's one thing for the user to say that certain individuals or classes of individuals may access particular pieces of data, but that can only be effective if the person seeking access can prove who they are.

Attribute-based access control - e.g., permitting access by any registered medical practitioner or some other licensed professional - is hard to do unless there is agreement about the attributes, but role-based identity providers already operate in many countries.

And UMA isn't just about people. There are some "really interesting Internet of Things implementations" that may be revealed around April this year, she said.

ForgeRock is involved because it realises that almost all consumer-facing companies have multiple apps and multiple logins, resulting in a poor user experience and poor security - though this is not simply a single-sign-on issue, Maler stressed.

Globally, customers of ForgeRock's identity and access products include Toyota Europe (for connected cars), US insurance company GEICO, and AOL.

Closer to home, the list includes Perpetual (investment services), NSW Department of Education, Vodafone NZ, Spark New Zealand (formerly Telecom New Zealand), and NZ Department of Internal Affairs.


Subscribe to Newsletter here

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

BACK TO HOME PAGE

ZOOM WEBINARS & ONLINE EVENTS

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Research & Case Studies

Channel News

Comments