[WG-UMA] Carlos Trigoso: introduction

Susan Morrow susan.morrow at avocosecure.com
Tue Oct 23 05:56:42 EDT 2012

Hi Carlos,

We met at the DWP technology WG a while back.

I have been involved with UMA for a while, but have had to bow out due to
ill health in recent months.

I agree entirely that UMA can be an important component of other protocol
bases systems such as SAML. In fact I am writing a paper at present as a
deliverable for a UK Gov, Technology Strategy Board project, that proffers
UMA as a user led policy engine component of a system that ties SAML based
identities (or in fact any claims based ID system, including OpenID Connect)
with personal data stores.

The current project is nearing its end so we don't have time to actually do
an implementation, unfortunately, but this paper will suggest this is done
as a possible future extension.



Susan Morrow
Head of R&D
Avoco Secure Ltd

E.  susan.morrow at avocosecure.com <mailto:gerry.obrien at avocosecure.com>
W.  http://www.avocosecure.com <http://www.avocosecure.com/>

Avoco Secure are providers of Cloud Identity, Security and Privacy

Registered Office: Avoco Secure Ltd., 16 St. Martin's-le-Grand, London EC1A
4EE. Company number : 04778206 - Registered in England and Wales.

This email including any attachments is confidential and may be legally
privileged. This email is  intended solely for the use of the individual to
whom it is addressed. If you are not the intended recipient, be advised that
you have received this email in error, please advise the sender IMMEDIATELY
by return email and then DELETE it from your system. The unauthorised use,
distribution, dissemination, copying or alteration of this email is strictly

From:  <carlos.trigoso at accenture.com>
Date:  Tue, 23 Oct 2012 08:34:57 +0000
To:  <wg-uma at kantarainitiative.org>
Subject:  [WG-UMA] Carlos Trigoso: introduction

I just joined the UMA initiative work group. As you will see from my
affiliation (I work for Accenture), I come from the technology consulting
industry. I discovered UMA through the work from Eve Maler.
A fundamental reason for approaching this Kantara work group is direct
experience with evolving requirements in the industry, where we see the need
to complement/extend the standard federation patterns with user-centric
My reading of the UMA papers and specifications tells me that this is the
way to go. I hope to adopt the UMA patterns, test them in my own projects
and perhaps contribute to this initiative with some interesting
The goal is to investigate the viability of implementing the UMA protocol
outside of the OAuth authorisation transfer model, and also independently of
the OAuth technology itself. I know that this may sound strange but my sense
is that  UMA can and should stand alongside and complete/complement ³old²
standards like SAML and XACML.
I hope that this makes some sense to the UMA team.
Thank you and congratulations for your excellent initiative.
Carlos Trigoso
Senior Manager 
Accenture -  Security Practice
30 Fenchurch Street, London, EC3M 3BD, United Kingdom
Mobile: +44.7824896060
Email: carlos.trigoso at accenture.com
Blog:http://carlos-trigoso.com <http://carlos-trigoso.com/>
This message is for the designated recipient only and may contain
confidential, privileged, proprietary, or otherwise private information. If
you have received it in error, please notify the sender immediately and
delete the original. Any other use of this email by you is prohibited.
Communications with Accenture or any of its group companies (³Accenture
Group²) including telephone calls and emails (including content), may be
monitored by us for the purposes of security and the assessment of internal
compliance with company policy. Accenture Group does not accept service by
e-mail of court proceedings, other processes or formal notices of any kind.
Accenture means Accenture (UK) Limited (registered number 4757301),
Accenture Services Limited (registered number 2633864), or Accenture HR
Services Limited (registered number 3957974), all registered in England and
Wales with registered addresses at 30 Fenchurch Street, London EC3M 3BD, as
the case may be. 

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you have
received it in error, please notify the sender immediately and delete the
original. Any other use of the e-mail by you is prohibited.

Where allowed by local law, electronic communications with Accenture and its
affiliates, including e-mail and instant messaging (including content), may
be scanned by our systems for the purposes of information security and
assessment of internal compliance with Accenture policy.


_______________________________________________ WG-UMA mailing list
WG-UMA at kantarainitiative.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-uma/attachments/20121023/a1eded71/attachment-0001.html 

More information about the WG-UMA mailing list