[WG-InfoSharing] [WG-UMA] UMA paper from the recent Rebooting Web of Trust

Mark Lizar mark at openconsent.com
Sun Oct 15 16:29:20 UTC 2017


Hi Adrian, 

I like the context ticket, which  seems to be a receipt, this is something that might be a great topic point for a joint UMA CIS call.  We have a stack of things we want to do with the consent receipt work.  In particular the use of receipt to capture the context of the transition and to auto generate the permissions/rights based operations for that context. 

A top task and priority for the work is the expansion of the use of aa receipt (not only a consent receipt) as well as the use of a receipt forrights and preferences at aggregate.  In a perfect world we  would be able to put this in the right (multi-wg output in Kantara) structure and use it for bridging work for future use cases   


Mark Lizar
CEO & Founder | Open Consent | 
Trust is the new currency and its measured in the quality of Consent 
+44 (0) 208 123 2476
Twitter @Smartopian





> On 15 Oct 2017, at 17:13, Adrian Gropper <agropper at healthurl.com> wrote:
> 
> Well, since you brought up healthcare, I’d like to share the current state of our self-sovereign technology stack as a 2:25 min. video https://youtu.be/N_3DbDZUTIg <https://youtu.be/N_3DbDZUTIg>
> 
> Notice that we’re using pre-HEART access to the institutional health record. Also notice how self-sovereign identity tech allows both credentials and auditable transactions to occur directly between individual people without any institution or federation. Behind the scenes, there’s a lot of work being done around W3C and Rebooting Web of Trust to standardize the credential handler API. 
> 
> From a person’s perspective, the credential handler and the authorization server are twins separated at birth. In healthcare, at least, federation is just a drag on innovation. UMA might do better by embracing the self-sovereign model.
> 
> Adrian
> 
> 
> 
> On Sun, Oct 15, 2017 at 9:30 AM Eve Maler <eve at xmlgrrl.com <mailto:eve at xmlgrrl.com>> wrote:
> Just wanted to mention that the profiles from the HEART WG define a mechanism for handling the sensitive data (e.g. "STD metadata") described in the use case in this paper. The slide deck <https://www.slideshare.net/xmlgrrl/health-relationship-trust-heart-working-group-22-june-2017> linked from the HEART wiki home page <http://openid.net/wg/heart/> describes it briefly (see also the links to the specs).
> 
> It works like this in the UMA case. If the RS registers a scope corresponding to a sensitivity code when it's registering a resource*, if a client brings back an RPT without that scope for the resource, then the RS has to filter (redact) any of that kind of sensitive information out of the resource before giving access to it. It doesn't necessarily mean Alice has that kind of sensitive data (being sensitive to Alice's privacy), but registering the scope is essentially a declaration of ability to filter it.
> 
> *The HEART profiles are still UMA1, of course, so it's "resource sets", but I've just provided some info to help us step up to UMA2 profiling as soon as the time is right. :)
> 
> 
> Eve Maler
> Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
> 
> 
> On Sat, Oct 14, 2017 at 2:01 PM, Eve Maler <eve at xmlgrrl.com <mailto:eve at xmlgrrl.com>> wrote:
> Thanks for sharing all this, Adrian!
> 
> 
> Eve Maler
> Cell +1 425.345.6756 <tel:(425)%20345-6756> | Skype: xmlgrrl | Twitter: @xmlgrrl
> 
> 
> On Sat, Oct 14, 2017 at 10:36 AM, Adrian Gropper <agropper at healthurl.com <mailto:agropper at healthurl.com>>wrote:
> The DIF http://identity.foundation <http://identity.foundation/> has a lot of sponsors you will recognize. They could be an important ally in bringing UMA to the masses.
> 
> https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/final-documents/identity-hubs-capabilities-perspective.pdf <https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/final-documents/identity-hubs-capabilities-perspective.pdf> 
> 
> -- 
> 
> Adrian
> 
> _______________________________________________
> WG-UMA mailing list
> WG-UMA at kantarainitiative.org <mailto:WG-UMA at kantarainitiative.org>
> https://kantarainitiative.org/mailman/listinfo/wg-uma <https://kantarainitiative.org/mailman/listinfo/wg-uma>
> 
> 
> 
> -- 
> 
> Adrian Gropper MD
> 
> PROTECT YOUR FUTURE - RESTORE Health Privacy!
> HELP us fight for the right to control personal health data.
> DONATE: https://patientprivacyrights.org/donate-3/ <https://patientprivacyrights.org/donate-3/>_______________________________________________
> WG-UMA mailing list
> WG-UMA at kantarainitiative.org <mailto:WG-UMA at kantarainitiative.org>
> https://kantarainitiative.org/mailman/listinfo/wg-uma <https://kantarainitiative.org/mailman/listinfo/wg-uma>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20171015/f1827db7/attachment.html>


More information about the WG-InfoSharing mailing list