[WG-UMA] Carlos Trigoso: introduction

Salvatore D'Agostino sal at idmachines.com
Tue Oct 23 09:08:37 EDT 2012


Susie,

 

Hope you are feeling better and look forward to the paper, sounds great,
certainly helps with UMA use case(s)

 

Keith did you "see" the #UMAedu demo last week?

 

Sal

 

 

From: wg-uma-bounces at kantarainitiative.org
[mailto:wg-uma-bounces at kantarainitiative.org] On Behalf Of
carlos.trigoso at accenture.com
Sent: Tuesday, October 23, 2012 7:10 AM
To: susan.morrow at avocosecure.com; wg-uma at kantarainitiative.org
Subject: Re: [WG-UMA] Carlos Trigoso: introduction

 

Susan,

 

Thank you for your message. Yes I remember the sessions with the DWP
security architect J

 

I like what you say regarding the value of UMA for any claims based
system/protocol. Once you publish this paper I would like to comment on it
if possible.

 

>From my current work, I still see a gap between public and private
solutions, but my prediction is that this will not be the case in the
future. In my view, if anything, citizen authentication from the beginning
was facing the challenge of the lack of a perimeter, a challenge that
national and global organisations confront now.

 

For sure, major organisations have large customer bases, but important
segments of users outside of the perimeter are not "consumers"  and actually
operate as close collaborators of the enterprise. UMA has a fantastic role
in this space.

 

Regards,

 

Carlos Trigoso

Accenture -  Security Practice

30 Fenchurch Street, London, EC3M 3BD, United Kingdom

Mobile: +44.7824896060 

Email:  <https://email.accenture.com/owa/UrlBlockedError.aspx>
carlos.trigoso at accenture.com
Blog: <http://carlos-trigoso.com/> http://carlos-trigoso.com

This message is for the designated recipient only and may contain
confidential, privileged, proprietary, or otherwise private information. If
you have received it in error, please notify the sender immediately and
delete the original. Any other use of this email by you is prohibited.
Communications with Accenture or any of its group companies ("Accenture
Group") including telephone calls and emails (including content), may be
monitored by us for the purposes of security and the assessment of internal
compliance with company policy. Accenture Group does not accept service by
e-mail of court proceedings, other processes or formal notices of any kind.
Accenture means Accenture (UK) Limited (registered number 4757301),
Accenture Services Limited (registered number 2633864), or Accenture HR
Services Limited (registered number 3957974), all registered in England and
Wales with registered addresses at 30 Fenchurch Street, London EC3M 3BD, as
the case may be. 

 

From: Susan Morrow [mailto:susan.morrow at avocosecure.com] 
Sent: 23 October 2012 10:57
To: Trigoso, Carlos; wg-uma at kantarainitiative.org
Subject: Re: [WG-UMA] Carlos Trigoso: introduction

 

Hi Carlos,

 

We met at the DWP technology WG a while back.

 

I have been involved with UMA for a while, but have had to bow out due to
ill health in recent months.

 

I agree entirely that UMA can be an important component of other protocol
bases systems such as SAML. In fact I am writing a paper at present as a
deliverable for a UK Gov, Technology Strategy Board project, that proffers
UMA as a user led policy engine component of a system that ties SAML based
identities (or in fact any claims based ID system, including OpenID Connect)
with personal data stores. 

 

The current project is nearing its end so we don't have time to actually do
an implementation, unfortunately, but this paper will suggest this is done
as a possible future extension.

 

Best

 

Susan

 

Susan Morrow

Head of R&D

Avoco Secure Ltd

@susiemorrow

 

E.  susan.morrow at avocosecure.com <mailto:gerry.obrien at avocosecure.com>  

W.  http://www.avocosecure.com <http://www.avocosecure.com/>  

 

Avoco Secure are providers of Cloud Identity, Security and Privacy
solutions.

 

Registered Office: Avoco Secure Ltd., 16 St. Martin's-le-Grand, London EC1A
4EE. Company number : 04778206 - Registered in England and Wales.

 

This email including any attachments is confidential and may be legally
privileged. This email is  intended solely for the use of the individual to
whom it is addressed. If you are not the intended recipient, be advised that
you have received this email in error, please advise the sender IMMEDIATELY
by return email and then DELETE it from your system. The unauthorised use,
distribution, dissemination, copying or alteration of this email is strictly
FORBIDDEN.

 

 

From: <carlos.trigoso at accenture.com>
Date: Tue, 23 Oct 2012 08:34:57 +0000
To: <wg-uma at kantarainitiative.org>
Subject: [WG-UMA] Carlos Trigoso: introduction

 

Hello,

 

I just joined the UMA initiative work group. As you will see from my
affiliation (I work for Accenture), I come from the technology consulting
industry. I discovered UMA through the work from Eve Maler.

 

A fundamental reason for approaching this Kantara work group is direct
experience with evolving requirements in the industry, where we see the need
to complement/extend the standard federation patterns with user-centric
capabilities.

 

My reading of the UMA papers and specifications tells me that this is the
way to go. I hope to adopt the UMA patterns, test them in my own projects
and perhaps contribute to this initiative with some interesting
implementations.

 

The goal is to investigate the viability of implementing the UMA protocol
outside of the OAuth authorisation transfer model, and also independently of
the OAuth technology itself. I know that this may sound strange but my sense
is that  UMA can and should stand alongside and complete/complement "old"
standards like SAML and XACML.

 

I hope that this makes some sense to the UMA team. 

 

Thank you and congratulations for your excellent initiative.

 

Regards,

Carlos Trigoso

Senior Manager 

Accenture -  Security Practice

30 Fenchurch Street, London, EC3M 3BD, United Kingdom

Mobile: +44.7824896060 

Email:  <https://email.accenture.com/owa/UrlBlockedError.aspx>
carlos.trigoso at accenture.com
Blog: <http://carlos-trigoso.com/> http://carlos-trigoso.com

 

 <http://carlos-trigoso.com/> This message is for the designated recipient
only and may contain confidential, privileged, proprietary, or otherwise
private information. If you have received it in error, please notify the
sender immediately and delete the original. Any other use of this email by
you is prohibited. Communications with Accenture or any of its group
companies ("Accenture Group") including telephone calls and emails
(including content), may be monitored by us for the purposes of security and
the assessment of internal compliance with company policy. Accenture Group
does not accept service by e-mail of court proceedings, other processes or
formal notices of any kind. Accenture means Accenture (UK) Limited
(registered number 4757301), Accenture Services Limited (registered number
2633864), or Accenture HR Services Limited (registered number 3957974), all
registered in England and Wales with registered addresses at 30 Fenchurch
Street, London EC3M 3BD, as the case may be. 

 <http://carlos-trigoso.com/>  

 <http://carlos-trigoso.com/> 

 <http://carlos-trigoso.com/> 
  _____  


 

 <http://carlos-trigoso.com/> This message is for the designated recipient
only and may contain privileged, proprietary, or otherwise private
information. If you have received it in error, please notify the sender
immediately and delete the original. Any other use of the e-mail by you is
prohibited.

Where allowed by local law, electronic communications with Accenture and its
affiliates, including e-mail and instant messaging (including content), may
be scanned by our systems for the purposes of information security and
assessment of internal compliance with Accenture policy.

____________________________________________________________________________
__________

www.accenture.com

 <http://www.accenture.com> _______________________________________________
WG-UMA mailing list  WG-UMA at kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-uma/attachments/20121023/f2ac98ea/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6085 bytes
Desc: not available
Url : http://kantarainitiative.org/pipermail/wg-uma/attachments/20121023/f2ac98ea/attachment-0001.bin 


More information about the WG-UMA mailing list