[WG-UMA] Carlos Trigoso: introduction

carlos.trigoso at accenture.com carlos.trigoso at accenture.com
Tue Oct 23 07:10:15 EDT 2012


Susan,

Thank you for your message. Yes I remember the sessions with the DWP security architect J

I like what you say regarding the value of UMA for any claims based system/protocol. Once you publish this paper I would like to comment on it if possible.

>From my current work, I still see a gap between public and private solutions, but my prediction is that this will not be the case in the future. In my view, if anything, citizen authentication from the beginning was facing the challenge of the lack of a perimeter, a challenge that national and global organisations confront now.

For sure, major organisations have large customer bases, but important segments of users outside of the perimeter are not "consumers"  and actually operate as close collaborators of the enterprise. UMA has a fantastic role in this space.

Regards,

Carlos Trigoso
Accenture -  Security Practice
30 Fenchurch Street, London, EC3M 3BD, United Kingdom
Mobile: +44.7824896060
Email: carlos.trigoso at accenture.com<https://email.accenture.com/owa/UrlBlockedError.aspx>
Blog:http://carlos-trigoso.com<http://carlos-trigoso.com/>
This message is for the designated recipient only and may contain confidential, privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of this email by you is prohibited. Communications with Accenture or any of its group companies ("Accenture Group") including telephone calls and emails (including content), may be monitored by us for the purposes of security and the assessment of internal compliance with company policy. Accenture Group does not accept service by e-mail of court proceedings, other processes or formal notices of any kind. Accenture means Accenture (UK) Limited (registered number 4757301), Accenture Services Limited (registered number 2633864), or Accenture HR Services Limited (registered number 3957974), all registered in England and Wales with registered addresses at 30 Fenchurch Street, London EC3M 3BD, as the case may be.

From: Susan Morrow [mailto:susan.morrow at avocosecure.com]
Sent: 23 October 2012 10:57
To: Trigoso, Carlos; wg-uma at kantarainitiative.org
Subject: Re: [WG-UMA] Carlos Trigoso: introduction

Hi Carlos,

We met at the DWP technology WG a while back.

I have been involved with UMA for a while, but have had to bow out due to ill health in recent months.

I agree entirely that UMA can be an important component of other protocol bases systems such as SAML. In fact I am writing a paper at present as a deliverable for a UK Gov, Technology Strategy Board project, that proffers UMA as a user led policy engine component of a system that ties SAML based identities (or in fact any claims based ID system, including OpenID Connect) with personal data stores.

The current project is nearing its end so we don't have time to actually do an implementation, unfortunately, but this paper will suggest this is done as a possible future extension.

Best

Susan

Susan Morrow
Head of R&D
Avoco Secure Ltd
@susiemorrow

E.  susan.morrow at avocosecure.com<mailto:gerry.obrien at avocosecure.com>
W.  http://www.avocosecure.com<http://www.avocosecure.com/>

Avoco Secure are providers of Cloud Identity, Security and Privacy solutions.

Registered Office: Avoco Secure Ltd., 16 St. Martin's-le-Grand, London EC1A 4EE. Company number : 04778206 - Registered in England and Wales.

This email including any attachments is confidential and may be legally privileged. This email is  intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error, please advise the sender IMMEDIATELY by return email and then DELETE it from your system. The unauthorised use, distribution, dissemination, copying or alteration of this email is strictly FORBIDDEN.


From: <carlos.trigoso at accenture.com<mailto:carlos.trigoso at accenture.com>>
Date: Tue, 23 Oct 2012 08:34:57 +0000
To: <wg-uma at kantarainitiative.org<mailto:wg-uma at kantarainitiative.org>>
Subject: [WG-UMA] Carlos Trigoso: introduction

Hello,

I just joined the UMA initiative work group. As you will see from my affiliation (I work for Accenture), I come from the technology consulting industry. I discovered UMA through the work from Eve Maler.

A fundamental reason for approaching this Kantara work group is direct experience with evolving requirements in the industry, where we see the need to complement/extend the standard federation patterns with user-centric capabilities.

My reading of the UMA papers and specifications tells me that this is the way to go. I hope to adopt the UMA patterns, test them in my own projects and perhaps contribute to this initiative with some interesting implementations.

The goal is to investigate the viability of implementing the UMA protocol outside of the OAuth authorisation transfer model, and also independently of the OAuth technology itself. I know that this may sound strange but my sense is that  UMA can and should stand alongside and complete/complement "old" standards like SAML and XACML.

I hope that this makes some sense to the UMA team.

Thank you and congratulations for your excellent initiative.

Regards,
Carlos Trigoso
Senior Manager
Accenture -  Security Practice
30 Fenchurch Street, London, EC3M 3BD, United Kingdom
Mobile: +44.7824896060
Email: carlos.trigoso at accenture.com<https://email.accenture.com/owa/UrlBlockedError.aspx>
Blog:http<http://carlos-trigoso.com/>://carlos-trigoso.com
This message is for the designated recipient only and may contain confidential, privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of this email by you is prohibited. Communications with Accenture or any of its group companies ("Accenture Group") including telephone calls and emails (including content), may be monitored by us for the purposes of security and the assessment of internal compliance with company policy. Accenture Group does not accept service by e-mail of court proceedings, other processes or formal notices of any kind. Accenture means Accenture (UK) Limited (registered number 4757301), Accenture Services Limited (registered number 2633864), or Accenture HR Services Limited (registered number 3957974), all registered in England and Wales with registered addresses at 30 Fenchurch Street, London EC3M 3BD, as the case may be. <http://carlos-trigoso.com/>
 <http://carlos-trigoso.com/>
 <http://carlos-trigoso.com/>
<http://carlos-trigoso.com/>
________________________________
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited.

Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.

______________________________________________________________________________________

www.accenture.com<http://carlos-trigoso.com/>
_______________________________________________ WG-UMA mailing list WG-UMA at kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-uma <http://www.accenture.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-uma/attachments/20121023/068ee5e0/attachment-0001.html 


More information about the WG-UMA mailing list