kantara workshop making the world safe for user managed
play

Kantara Workshop: Making the World Safe for User-Managed Access - PowerPoint PPT Presentation

Sep 27, 2022 •379 likes •985 views

Kantara Workshop: Making the World Safe for User-Managed Access Eve Maler Kantara UMA Work Group Chair 4 May 2010 1 About Kantara Initiative http://kantarainitiative.org Participation: Open global identity, web, and developer community

  1. Kantara Workshop: Making the World Safe for User-Managed Access Eve Maler Kantara UMA Work Group Chair 4 May 2010 1

  2. About Kantara Initiative http://kantarainitiative.org • Participation: Open global identity, web, and developer community of individuals and organizations, such as: • Deployers, operators, Web 2.0 service providers, eGovernment agencies, IT vendors, consumer electronics vendors • Developers and members of the open source, legal, and privacy communities • Goal: Harmonize identity community activities to help ensure secure, identity-based, online interactions • While preventing misuse of personal information so that networks will become privacy protecting and more natively trustworthy environments. • Work: 18 Work Groups and Discussion Groups (including UMA) and two certification oversight bodies (Assurance and Interop) 2

  3. How to participate • It’s absolutely free to participate in any group • You can also support the overall goals of the Initiative with an individual or organizational Membership • Today is a public workshop • You are invited to become an UMA WG participant (“UMAnitarian”!) to contribute actively to our work • To become a participant right now, visit kantarainitiative.org , select the User-Managed Access Group, and click on Join This Group • We operate under reciprocal royalty-free rules 3

  4. Suggested agenda for today • Introductions • UMA in a nutshell • The landscape and requirements • Scenarios, use cases, and user experiences • The UMA protocol • Policies, claims, and agreements 4

  5. Introductions 5

  6. UMA in a nutshell 6

  7. UMA is... • A web protocol that lets you control authorization of data sharing and service access made on your behalf • A Work Group of the Kantara Initiative that is free for anyone to join and contribute to • A set of draft specifications that is free for anyone to implement • Heading towards multiple implementation efforts • Going to be contributed to the IETF • Striving to be simple, OAuth-based, identifier-agnostic, RESTful, modular, generative, and developed rapidly 7

  8. The players (definitions come from core protocol spec) 8

  9. The players (definitions come from core protocol spec) a web user who configures an authorization manager with policies that control how it makes access decisions when a requester attempts to access a protected resource at a host 8

  10. The players (definitions come from core protocol spec) a web user who configures an authorization manager with policies that control how it makes access decisions when a requester attempts to access a protected resource at a host carries out an authorizing user's policies governing access to a protected resource 8

  11. The players (definitions come from core protocol spec) a web user who configures an authorization manager with policies that control how it makes access decisions when a requester attempts to access a protected resource at a host enforces access to the protected resources it hosts, as decided by an authorization manager carries out an authorizing user's policies governing access to a protected resource 8

  12. The players (definitions come from core protocol spec) a web user who configures an authorization manager with policies that control how it makes access decisions when a requester attempts to access a protected resource at a host enforces access to the protected resources it hosts, as decided by an authorization manager carries out an authorizing user's policies governing access to a protected resource seeks access to a protected resource 8

  13. The players (definitions come from core protocol spec) a web user who configures an authorization manager with policies that control how it makes access decisions when a requester attempts to access a protected resource at a host enforces access to the protected resources it hosts, as decided by an authorization manager carries out an authorizing user's policies governing access to a protected resource requesting party: a web user, or a corporation (or other seeks access to a legal person), that uses a protected resource requester to seek access to a protected resource 8

  14. Some starter scenarios Authorizing User Hi, I’m Alice Adams. user agent Authorize Store TravelIt.com Keep your itineraries here Host Grant Access Authorization Protected Protect PDP PEP Manager Resource Enforce Hi, I’m Bob Baker. Access Requester Schedewl AIRPLANR 9

  15. Landscape and requirements 10

  16. 11

  17. policy decision-making privacy informational self- determination user centricity 11

  18. policy decision-making valet keys privacy informational the “Open self- Stack” determination the “Connect” user phenomenon centricity 11

  19. volunteered personal personal datastores information policy decision-making valet keys privacy informational the “Open self- Stack” determination the “Connect” user phenomenon centricity 11

  20. volunteered personal personal datastores information policy decision-making valet keys privacy informational the “Open self- Stack” determination the “Connect” user phenomenon centricity intentional vs. digital footprint behaviorial data dashboard 11

  21. Provisioning data “by hand and by value” is broken 12

  22. Comparing models Classic web form model 13

  23. Comparing models Classic web form model disclose site that consumes data 13

  24. Comparing models Classic federated identity model 14

  25. Comparing models Classic federated identity model identity provider, discovery service... (authorize) disclose store consumer, service provider, relying party, attribute authority, web service consumer... web service provider... 14

  26. Comparing models OAuth-style model 15

  27. Comparing models OAuth-style model disclose store client server authorize 15

  28. Comparing models OAuth-style model disclose store authz server resource client server server authorize 15

  29. Comparing models UMA model 16

  30. Comparing models UMA model disclose store requester host contract authorize authorization manager 16

  31. Comparing models UMA model disclose store requester host contract authorize authorization manager identity provider, discovery service 16

  32. Comparing models Classic access management model 17

  33. Comparing models Classic access management model requester PEP authorize PDP, PAP, PIP policy admin 17

  34. Design principles and requirements (see also requirements doc) • Original DPs: simple; OAuth; ID-agnostic; RESTful; modular; generative; fast • Emergent DPs: cryptography; privacy; complexity; authentication; user experience • Original reqs: access relationship service; user- driven policies and terms; user management of relationship; auditing; direct access; multiple hosts • Emergent reqs: host/AM separation; resource orientation; correlation of authorizing user by multiple hosts; representation-agnostic AM 18

  35. User experiences, scenarios, and use cases 19

  36. User experiences imagined – and real • Newcastle University SMART project (presented by Maciej Machulak) • “Vision wireframes” (thanks to Domenico Catalano) 20

  37. A sampling of scenarios (see also scenarios and use cases doc) • Sharing a Calendar with Vendors (Accepted) • Packaging Resources for E-Commerce Vendors (Accepted) • Online Personal Loan request scenario (Accepted) • Distributed Services (Pending) • Managing Information in Which Employers and Employees Both Have a Stake (Pending) • Delegating Access Management to Custodians (Pending) • Moving Resources Between Hosts (Pending) • Controlling Access to Health Data (Pending) 21

  38. The protocol 22

  39. First, a little bit about OAuth get a token use a token Classic Google Code diagram 23

  40. First, a little bit about OAuth The client has already “met” the server to get unique credentials get a token use a token Classic Google Code diagram 23

  41. First, a little bit about OAuth The client has already “met” the server to get unique credentials Along with user- delegation use cases, there are autonomous-client use cases without this part get a token use a token Classic Google Code diagram 23

  42. First, a little bit about OAuth The client has already “met” the server to get unique credentials Along with user- OAuth 2.0 has delegation use cases, there are unique flows per client/ autonomous-client use cases device type, and without this part no request token get a token use a token Classic Google Code diagram 23

  43. First, a little bit about OAuth The client has already “met” the server to get unique credentials Along with user- OAuth 2.0 has delegation use cases, there are unique flows per client/ autonomous-client use cases device type, and without this part no request token get a token use a token Classic Google Code diagram OAuth 1.0 relies on signed messages over insecure channels; OAuth2.0 relies on (mostly short-lived) opaque bearer tokens, borne by client over SSL 23

Recommend

Drexel University College of Medicine Proofpoint Anti-SPAM User-Managed Features User Managed

Drexel University College of Medicine Proofpoint Anti-SPAM User-Managed Features User Managed

Drexel University College of Medicine Proofpoint Anti-SPAM User-Managed Features User Managed Features Email is filtered Scanned for viruses and scored for liklihood of SPAM Messages are delivered, quarantined or blocked

313 views • 10 slides
Users and security Authentication Making sure a user is who they say they are ...on

Users and security Authentication Making sure a user is who they say they are ...on

Users and security Authentication Making sure a user is who they say they are ...on every request! Authorization Making sure a user can only get to information they are supposed to see Making sure a user can only perform

801 views • 30 slides
Mapping the Global Virome Making the Unknown Known. And the World Safe From a Future

Mapping the Global Virome Making the Unknown Known. And the World Safe From a Future

Mapping the Global Virome Making the Unknown Known. And the World Safe From a Future of Viral Threats If you know your enemies and know yourself, you will not be imperiled in a hundred battles; ..if you do not know your enemies

266 views • 22 slides
Patient ID Service http://design.patientidservice.us/ * Kantara Initiative * Healthcare Identity

Patient ID Service http://design.patientidservice.us/ * Kantara Initiative * Healthcare Identity

Patient ID Service http://design.patientidservice.us/ * Kantara Initiative * Healthcare Identity Assurance Work Group, Chairs: John Fraser, Pete Palmer, Rick Moore * Open ID Foundation of Japan, Nat Sakimura * My Partners at eCitizen *

611 views • 33 slides
when sex was safe and motor racing was dangerous (Jack Brabham, World Champion 59 60

when sex was safe and motor racing was dangerous (Jack Brabham, World Champion 59 60

when sex was safe and motor racing was dangerous (Jack Brabham, World Champion 59 60 & 66) Vincent REPOUX, the creator of ARPIEM, is a race fan, and his emotions are mainly driven by sounds, colors and smells , making of him a true

322 views • 9 slides
neural networks making the world safe for Skynet David Levinthal Microsoft Azure Cloud Services

neural networks making the world safe for Skynet David Levinthal Microsoft Azure Cloud Services

Performance analysis of deep neural networks making the world safe for Skynet David Levinthal Microsoft Azure Cloud Services Infrastructure Machine learning and Deep Neural Networks Machine learning works by building a network of simple

250 views • 20 slides
Is it difficult to create Intuitive user interfaces? Straight forward to do? user

Is it difficult to create Intuitive user interfaces? Straight forward to do? user

Introduction 8.10.2007 Motivation Unconventional User Interaction Design for creative use What is User Interface Engineering Technology trends User Interfaces in a Pervasive Computing World Examples LumiTouch Bed as

893 views • 10 slides
Safe Learning-Based Control using Gaussian Processes Prof. Angela Schoellig IFAC World Congress

Safe Learning-Based Control using Gaussian Processes Prof. Angela Schoellig IFAC World Congress

Safe Learning-Based Control using Gaussian Processes Prof. Angela Schoellig IFAC World Congress 2020 Learning for Control Tutorial The Future of Automation Large prior uncertainties. Active decision making. Expect safe and high-performance

310 views • 27 slides
Kantara F2F Berlin Closing Session Summary slides from: Business Cases for Trusted Federations

Kantara F2F Berlin Closing Session Summary slides from: Business Cases for Trusted Federations

Kantara F2F Berlin Closing Session Summary slides from: Business Cases for Trusted Federations Trust Framework Meta Model Telecommunications Identity Open Source Support Initiative Privacy Framework eGovernment Board of Trustees BCTF

322 views • 17 slides
Kantara Initiative Overview Spring 2009 Vision Ensure secure, identity-based, on- line

Kantara Initiative Overview Spring 2009 Vision Ensure secure, identity-based, on- line

Kantara Initiative Overview Spring 2009 Vision Ensure secure, identity-based, on- line interactions while preventing misuse of personal information so that networks will become privacy protecting and more natively trustworthy environments.

445 views • 19 slides
Tangible User Interface Ludovic GARREAU, Nadine COUTURE LIPSI-ESTIA (biarritz), LaBRI (bordeaux)

Tangible User Interface Ludovic GARREAU, Nadine COUTURE LIPSI-ESTIA (biarritz), LaBRI (bordeaux)

TUI ESKUA Design September, 8 th Monday 2003 : Physical interaction Workshop on Real World User Interfaces Sample Context Mobile HCI Conference 2003 in Udine Study of Tangible User H uman C omputer Interface for handling I

434 views • 5 slides
Making Safeguarding Personal 2017/18 Conferences 30 th Jan & 19 March 2018 Making user

Making Safeguarding Personal 2017/18 Conferences 30 th Jan & 19 March 2018 Making user

Making Safeguarding Personal 2017/18 Conferences 30 th Jan & 19 March 2018 Making user involvement effective in Safeguarding Adults Boards Aims of the Conference To identify the key factors that allow users to be involved in Safeguarding

643 views • 49 slides
Simpler World Due October 16 th Goal Recover the 3D structure of the world Problem 1: Making

Simpler World Due October 16 th Goal Recover the 3D structure of the world Problem 1: Making

COS 429 PS2: Reconstructing a Simpler World Due October 16 th Goal Recover the 3D structure of the world Problem 1: Making the World Simpler Simple World Assumptions: Flat surfaces that are either horizontal or vertical Objects

526 views • 17 slides
Radiation Safety Training PADEP Approved 2014 Presentation Objectives End User Safe Radiation

Radiation Safety Training PADEP Approved 2014 Presentation Objectives End User Safe Radiation

Radiation Safety Training PADEP Approved 2014 Presentation Objectives End User Safe Radiation Handling Educate end user on radiation and how to protect themselves. Cover the details of safe, proper analyzer operation. Provide

400 views • 23 slides
Understanding our world. 2013 Esri International User Conference July 812, 2013 | San Diego,

Understanding our world. 2013 Esri International User Conference July 812, 2013 | San Diego,

Understanding our world. 2013 Esri International User Conference July 812, 2013 | San Diego, California Technical Workshop Editing Versioned Geodatabases : An Introduction Cheryl Cleghorn Shawn Thorne Assumptions: Basic knowledge of

971 views • 67 slides
Safe Scouting for All It is a fundamental Scouting belief that Scouting must be fun and safe.

Safe Scouting for All It is a fundamental Scouting belief that Scouting must be fun and safe.

Safe Scouting for All It is a fundamental Scouting belief that Scouting must be fun and safe. Camping and high adventure activities within the Boy Scouts are done with the concept of managed risk within the guidelines set forth by BSA and

558 views • 33 slides
Making Medicaid and CHIP Part of a Safe & Healthy Summer May 21, 2015 3:00 PM Agenda

Making Medicaid and CHIP Part of a Safe & Healthy Summer May 21, 2015 3:00 PM Agenda

Making Medicaid and CHIP Part of a Safe & Healthy Summer May 21, 2015 3:00 PM Agenda Overview and Introductions Including Health Insurance Enrollment in Summer Food Service Programs Safe Kids Worldwide: Keeping Kids Safe and

632 views • 45 slides
Data Visualization with R Data Visualization with R Workshop Day 2 Workshop Day 2 Making maps

Data Visualization with R Data Visualization with R Workshop Day 2 Workshop Day 2 Making maps

Data Visualization with R Data Visualization with R Workshop Day 2 Workshop Day 2 Making maps Making maps Presented by Di Cook Department of Econometrics and Business Statistics 12th Nov 2020 @ Statistical Society of Australia | Zoom

669 views • 35 slides
Introducing Sterling Managed Accounts Managed Accounts Like a managed fund (and fund of funds)

Introducing Sterling Managed Accounts Managed Accounts Like a managed fund (and fund of funds)

Introducing Sterling Managed Accounts Managed Accounts Like a managed fund (and fund of funds) Managed by a professional, skilled investment team Manager invests pursuant to their mandate Yet, like a direct equity portfolio Your

542 views • 26 slides
Traditional Home Garden and Rice Agro-Ecosystems in Sri Lanka: An Integrated Managed Lanka: An

Traditional Home Garden and Rice Agro-Ecosystems in Sri Lanka: An Integrated Managed Lanka: An

Traditional Home Garden and Rice Agro-Ecosystems in Sri Lanka: An Integrated Managed Lanka: An Integrated Managed Landscape that Sustains a Rich Biodiversity Channa N.B. Bambaradeniya IUCN IUCN The World Conservation Union, The World

404 views • 13 slides
Making code thread-safe Kyle J. Knoepfel 25 June 2019 LArSoft Workshop 2019 So youre going

Making code thread-safe Kyle J. Knoepfel 25 June 2019 LArSoft Workshop 2019 So youre going

Making code thread-safe Kyle J. Knoepfel 25 June 2019 LArSoft Workshop 2019 So youre going to make your code thread-safe 2 6/25/19 Kyle J. Knoepfel | LArSoft Workshop 2019 So youre going to make your code thread-safe The

1.21k views • 61 slides
Promote use of high-quality real-world data (RWD) in decision making Underlying actions EMAs

Promote use of high-quality real-world data (RWD) in decision making Underlying actions EMAs

Promote use of high-quality real-world data (RWD) in decision making Underlying actions EMAs Regulatory Science Strategy to 2025 Human Stakeholder Workshop Chaired by Sabine Straus, PRAC, Violeta Stoyanova-Beninska, COMP on 18 November

482 views • 18 slides
Remotely managed patient care : better outcomes in less time We combine a world of new information

Remotely managed patient care : better outcomes in less time We combine a world of new information

Remotely managed patient care : better outcomes in less time We combine a world of new information from patients, devices, and apps with existing clinical data to help individuals and healthcare professionals engage and empower each other

279 views • 16 slides
INTERACT2015 W04: IFIP WG 13.2 Workshop on User Experience and User-Centered Development

INTERACT2015 W04: IFIP WG 13.2 Workshop on User Experience and User-Centered Development

Integrating Human-Centered and Model-Driven Methods in Agile UI Development INTERACT2015 W04: IFIP WG 13.2 Workshop on User Experience and User-Centered Development Processes Holger Fischer September 14th, 2015 Motivation

625 views • 9 slides

More recommend