[WG-UMA] Carlos Trigoso: introduction

Dave Coxe ID DCoxe at iddataweb.com
Tue Oct 23 09:32:18 EDT 2012


Keith, Susan,

We are one of the NSTIC Pilot awardees (see attached announcement), and our pilots will be operating on an Attribute Exchange Network (AXN) web services platform that uses UMA as part of the core transaction framework.  The AXN generates a federated User Managed Admin console that is only accessible to  the user for managing which attributes have (or can) be shared with participating RPs.  The AXN generates what we call a Personal Data Service (PDS) that is an encrypted token where the user attributes are stored with the user's IDP or at another location of the user's choosing.  The PDS is to be used by the user to manage their online account relationships via the User Managed Admin console and to simplify creating an account with another RP.

We've architected three types of PDS tokens in the AXN for user attributes including user Pii, RP specific preference attributes, and enterprise attributes (some of these attributes may be controlled by the enterprise with which the user is affiliated).  We'll be sharing results from the pilot implementation during Q1 2013.

Regards,

Dave

David Coxe, CEO
ID/DataWeb, Inc.
DCoxe at IDDataWeb.com<mailto:DCoxe at IDDataWeb.com>
571-332-2740 cell
571-723-4310 office

From: wg-uma-bounces at kantarainitiative.org [mailto:wg-uma-bounces at kantarainitiative.org] On Behalf Of Keith Hazelton
Sent: Tuesday, October 23, 2012 8:29 AM
To: wg-uma at kantarainitiative.org
Cc: scalepriv-ad-hoc-tac at internet2.edu
Subject: Re: [WG-UMA] Carlos Trigoso: introduction

Susan,

I'm very interested in this hybrid architecture as well.  I'm involved in the SAML-based US higher ed and research identity federation, InCommon.org<http://InCommon.org>, and am currently doing privacy work around the evolving NSTIC initiative in the US (http://www.idecosystem.org/).  If your paper is publicly released, I would very much appreciate receiving a copy.

       Thank you in advance,  --Keith Hazelton
__________________
On Oct 23, 2012, at 07:00:48, Susan Morrow Avoco Secure wrote:


Absolutely couldn't agree more - I see a 'hybrid' architecture emerging which offers both the consumer and the enterprise employee all of the features they need to perform the task on hand. And yes UMA is needed to permission the parties in  a nice user controlled manner - hav you read this paper on dat privacy and what the consumer expects:http://www.dma.org.uk/toolkit/data-privacy-what-consumer-really-thinks

Is an interesting research point for thinking about the design of such systems and incorporating what people want in terms of control of data sharing

And I guess this whole BYOD/BYOI will also dictate how enterprise directories, etc. are incorporated into the whole sphere

I'll find out if the paper is allowed out to others, I think it must be and I'll send you a copy once released.

Best

Susan

From: carlos.trigoso at accenture.com<mailto:carlos.trigoso at accenture.com> [mailto:carlos.trigoso at accenture.com]
Sent: 23 October 2012 12:10
To: susan.morrow at avocosecure.com<mailto:susan.morrow at avocosecure.com>; wg-uma at kantarainitiative.org<mailto:wg-uma at kantarainitiative.org>
Subject: RE: [WG-UMA] Carlos Trigoso: introduction

Susan,

Thank you for your message. Yes I remember the sessions with the DWP security architect :)

I like what you say regarding the value of UMA for any claims based system/protocol. Once you publish this paper I would like to comment on it if possible.

>From my current work, I still see a gap between public and private solutions, but my prediction is that this will not be the case in the future. In my view, if anything, citizen authentication from the beginning was facing the challenge of the lack of a perimeter, a challenge that national and global organisations confront now.

For sure, major organisations have large customer bases, but important segments of users outside of the perimeter are not "consumers"  and actually operate as close collaborators of the enterprise. UMA has a fantastic role in this space.

Regards,

Carlos Trigoso
Accenture -  Security Practice
30 Fenchurch Street, London, EC3M 3BD, United Kingdom
Mobile: +44.7824896060
Email: carlos.trigoso at accenture.com<https://email.accenture.com/owa/UrlBlockedError.aspx>
Blog:http://carlos-trigoso.com<http://carlos-trigoso.com/>
This message is for the designated recipient only and may contain confidential, privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of this email by you is prohibited. Communications with Accenture or any of its group companies ("Accenture Group") including telephone calls and emails (including content), may be monitored by us for the purposes of security and the assessment of internal compliance with company policy. Accenture Group does not accept service by e-mail of court proceedings, other processes or formal notices of any kind. Accenture means Accenture (UK) Limited (registered number 4757301), Accenture Services Limited (registered number 2633864), or Accenture HR Services Limited (registered number 3957974), all registered in England and Wales with registered addresses at 30 Fenchurch Street, London EC3M 3BD, as the case may be.

From: Susan Morrow [mailto:susan.morrow at avocosecure.com]
Sent: 23 October 2012 10:57
To: Trigoso, Carlos; wg-uma at kantarainitiative.org<mailto:wg-uma at kantarainitiative.org>
Subject: Re: [WG-UMA] Carlos Trigoso: introduction

Hi Carlos,

We met at the DWP technology WG a while back.

I have been involved with UMA for a while, but have had to bow out due to ill health in recent months.

I agree entirely that UMA can be an important component of other protocol bases systems such as SAML. In fact I am writing a paper at present as a deliverable for a UK Gov, Technology Strategy Board project, that proffers UMA as a user led policy engine component of a system that ties SAML based identities (or in fact any claims based ID system, including OpenID Connect) with personal data stores.

The current project is nearing its end so we don't have time to actually do an implementation, unfortunately, but this paper will suggest this is done as a possible future extension.

Best

Susan

Susan Morrow
Head of R&D
Avoco Secure Ltd
@susiemorrow

E.  susan.morrow at avocosecure.com<mailto:gerry.obrien at avocosecure.com>
W.  http://www.avocosecure.com<http://www.avocosecure.com/>

Avoco Secure are providers of Cloud Identity, Security and Privacy solutions.

Registered Office: Avoco Secure Ltd., 16 St. Martin's-le-Grand, London EC1A 4EE. Company number : 04778206 - Registered in England and Wales.

This email including any attachments is confidential and may be legally privileged. This email is  intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error, please advise the sender IMMEDIATELY by return email and then DELETE it from your system. The unauthorised use, distribution, dissemination, copying or alteration of this email is strictly FORBIDDEN.


From: <carlos.trigoso at accenture.com<mailto:carlos.trigoso at accenture.com>>
Date: Tue, 23 Oct 2012 08:34:57 +0000
To: <wg-uma at kantarainitiative.org<mailto:wg-uma at kantarainitiative.org>>
Subject: [WG-UMA] Carlos Trigoso: introduction

Hello,

I just joined the UMA initiative work group. As you will see from my affiliation (I work for Accenture), I come from the technology consulting industry. I discovered UMA through the work from Eve Maler.

A fundamental reason for approaching this Kantara work group is direct experience with evolving requirements in the industry, where we see the need to complement/extend the standard federation patterns with user-centric capabilities.

My reading of the UMA papers and specifications tells me that this is the way to go. I hope to adopt the UMA patterns, test them in my own projects and perhaps contribute to this initiative with some interesting implementations.

The goal is to investigate the viability of implementing the UMA protocol outside of the OAuth authorisation transfer model, and also independently of the OAuth technology itself. I know that this may sound strange but my sense is that  UMA can and should stand alongside and complete/complement "old" standards like SAML and XACML.

I hope that this makes some sense to the UMA team.

Thank you and congratulations for your excellent initiative.

Regards,
Carlos Trigoso
Senior Manager
Accenture -  Security Practice
30 Fenchurch Street, London, EC3M 3BD, United Kingdom
Mobile: +44.7824896060
Email: carlos.trigoso at accenture.com<https://email.accenture.com/owa/UrlBlockedError.aspx>
Blog:http<http://carlos-trigoso.com/>://carlos-trigoso.com

This message is for the designated recipient only and may contain confidential, privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of this email by you is prohibited. Communications with Accenture or any of its group companies ("Accenture Group") including telephone calls and emails (including content), may be monitored by us for the purposes of security and the assessment of internal compliance with company policy. Accenture Group does not accept service by e-mail of court proceedings, other processes or formal notices of any kind. Accenture means Accenture (UK) Limited (registered number 4757301), Accenture Services Limited (registered number 2633864), or Accenture HR Services Limited (registered number 3957974), all registered in England and Wales with registered addresses at 30 Fenchurch Street, London EC3M 3BD, as the case may be.<http://carlos-trigoso.com/>
 <http://carlos-trigoso.com/>
<http://carlos-trigoso.com/>
<http://carlos-trigoso.com/>
________________________________


This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited.

Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.

______________________________________________________________________________________

<http://carlos-trigoso.com/>www.accenture.com<http://www.accenture.com>
_______________________________________________ WG-UMA mailing list  <http://www.accenture.com> WG-UMA at kantarainitiative.org<mailto:WG-UMA at kantarainitiative.org>  http://kantarainitiative.org/mailman/listinfo/wg-uma
_______________________________________________
WG-UMA mailing list
WG-UMA at kantarainitiative.org<mailto:WG-UMA at kantarainitiative.org>
http://kantarainitiative.org/mailman/listinfo/wg-uma

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-uma/attachments/20121023/c8f5a53e/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NSTIC Pilot Grant - 9-24-12.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 24175 bytes
Desc: NSTIC Pilot Grant - 9-24-12.docx
Url : http://kantarainitiative.org/pipermail/wg-uma/attachments/20121023/c8f5a53e/attachment-0001.bin 


More information about the WG-UMA mailing list