Skip to end of metadata
Go to start of metadata

Case Studies

This page collects case studies. If you'd like to submit your own case study, consider using the case study worksheet (PowerPoint) and sending your writeup to uma-dev@kantarainitiative.org.

For additional detail on OAuth-specific use cases, see the draft-ietf-oauth-use-cases document. For use cases related to the OASIS cloud authorization TC work, see its Context-Driven Entitlements draft. 

Case studyAuthorStatusSummary

Subscribing to a Friend's Personal Cloud

Eve MalerStablePhil Windley's conception of a personal cloud includes not only a fully distributed personal data store composed of many data sources, but also a fully distributed CloudOS that includes an authorization management function. This case study describes how an UMA authorization server can serve in this role for letting Alice subscribe to elements of Bob's cloud, and vice versa.
Management and Sharing of Personal Accessibility Needs and PreferencesKeith HazeltonStableBy and large, purveyors of online services and resources have fallen short in accommodating the accessibility requirements of many of the people they want to serve. The problem is challenging but its urgency  is undeniable. This case study suggests that UMA could address one of the core challenges: Providing users the ability to express personal accessibility needs and preferences and to control the release of subsets of that information so that online services can tailor themselves accordingly.
Secure sharing of Higher Education Achievement Reports (HEARs) at Newcastle University using SMARTMaciej MachulakStableThe very first UMA scenario accepted was “Sharing Trustworthy Personal Data with Future Employers”. This scenario overlaps greatly with the concept of Higher Education Achievement Reports (HEARs) that are planned to be introduced at Newcastle University. The HEAR is intended to provide a single comprehensive record of a learner’s achievement at a higher education institution such as Newcastle University. It will be an electronic document, which will adhere to a common structure and can be verified by the academic registrar or equivalent officer. However, HEAR leaves unspecified how such document is shared outside of the institution. The SMART Authorization Manager (SMART AM), the first UMA-compliant authorization server that allows end-users to easily compose very flexible sharing settings for their online data, has presented an opportunity to solve the HEAR challenge.
Online Personal LoanDomenico CatalanoStablePersonal information sharing is an emerging trend for online daily life activities, including interactions with financial credit institutions. This case study analyzes a specific scenario for a financial credit interaction for an online personal loan request. An individual can fill out a loan application by authorizing the release of trustworthy financial information from multiple sources.
State Health Information ExchangeAdrian GropperDraftState health information exchanges (HIEs), having adopted standardized secure (Direct) email for their providers are now drafting RFPs for patient-authorized aggregation, discovery and transfer of health records. They will seek identity management, record location and access management services that are simple, cost-effective and likely to be supported by EHR vendors either voluntarily or as a result of federal mandates. Some momentum in favor of UMA comes from the significant likelihood that OAuth will be part of EHR incentive regulations in future years.
Healthcare relationship locator serviceAdrian Gropper, Eve Maler, et al.Draft

Today the emphasis is on data aggregation; in future we assume it will switch to controlled access to distributed data instead (where sometimes data will be distributed in upstream form but aggregated in downstream form). Patients in question will have an online presence (e.g., can log in to patient portals etc.) in future. Even in cases where patients can’t control sharing of their data by others, they must retain the right and ability to monitor it. UMA can play a role in solving some problems of a Relationship Locator Service, and can aid other more complete solutions by providing common access control and authorization plumbing. (Working document is visible here.)

Sharing Among Parent GroupsThomas HardjonoInitial thoughts

A school (or school coalition) wishes to make available an resource sharing infrastructure to parents that would allow them to share their personal/family resources as well as create "digital communities" consisting of a group of parents.

Access Management 2.0 for the EnterpriseEve MalerDraftAlthough UMA's primary use cases have centered on individual people, the "users" who managed access to their own online resources, the UMA notion of authorization as a service also has relevance to modern enterprises that must secure APIs and other web resources in a developer-friendly way.
When the Resource Server and Client Are the SameEve MalerInitial thoughtsWhen multiple people need to use the same web app, meaning that the resource server and the client are the same application, there are both optimization opportunities (because of the colocated entity) and interesting use cases (for example, household accounts representing multiple people/identities).

IoT - Intelligent Refrigerated Shipping Containers

Marcelo Da CruzDraftThis case study involves a ship hauling intelligent “reefers” (refrigerated containers) and tracking environmental factors (e.g., temperature, humidity) to ensure that the contents arrive in good conditions to their destination. Ship system needs to access reefer resources for en route tracking/monitoring.
  • No labels