Our website makes use of cookies like most of the websites. In order to deliver a personalised, responsive and improved experience, we remember and store information about how you use it. This is done using simple text files called cookies which sit on your computer. These cookies are completely safe and secure and will never contain any sensitive information. By clicking continue here, you give your consent to the use of cookies by our website.

Thursday, 30 July 2015 12:03

User managed access redefines data security

Written by 

New coalition forms to speed up the User-Managed Access (UMA) Standard to create a new solution to the problem of data security and to develop toolkits for web applications and the internet of things

Data security is without doubt one of the biggest problems cloud businesses face, but what if you didn’t have to worry about the data? What if you only borrowed the data for a short period, and control of the data and hence the security of the data belonged with the owner?  That’s the plan for user managed access (UMA) however work has been slow and so a new coalition the Kantara Initiative UMA Developer Resources Work Group (UMA Dev WG) fronted by identity management business ForgeRock has been created to speed things up.

The plan for the work group is to “accelerate developer adoption of the User-Managed Access (UMA) standard” and to create open-source UMA implementation toolkits for web applications and the Internet of Things (IoT).

UMA, actually dates back to 2009, and the current OAuth-based protocol UMA standard has already received support from major government and healthcare organisations such as the Government of New Zealand and Philips.  However with the growth in big data and the internet of things just around the corner the standard needed to move faster. For example, instead of making copies of a child’s healthcare records at the beginning of the school year and walking it into the school office where it will be “filed,” a parent could give the school access to the online record for one week at the start of the school year. Once the school confirms the child’s health status and vacci2015nations, access to the digital record can be revoked, eliminating the need to duplicate personal healthcare records and maintaining privacy. In a similar fashion, financial records can be shared with tax accountants and loan officers and healthcare records can be shared with medical specialists. With UMA, individuals can grant access to digital records on a need-to-know basis and for only an appropriate length of time.

The purpose of the new UMA Dev WG is to design and develop free and open-source software (FOSS) in several popular programming languages such as Java, C++ and Python, will make it easy to add interoperable authorisation, access control, privacy and consent features to application ecosystems as Eve Maler, ForgeRock vice president of innovation, UMA Work Group founder and chair, and convener of the new UMA Dev Work Group explains. “We’re taking the next exciting step, building free and open-source software with like-minded vendors, end-user organizations, and individual experts so we can foster truly open application ecosystems that give individuals greater control of their data.”

ForgeRock’s forthcoming addition of OpenUMA support to the ForgeRock Identity Platform is designed to help deliver “Consent 2.0” experiences to customers and citizens who are increasingly more concerned about their ability to manage their digital privacy.   


Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.



255x635 banner2-compressed