Data security is without doubt one of the biggest problems cloud businesses face, but what if you didn’t have to worry about the data? What if you only borrowed the data for a short period, and control of the data and hence the security of the data belonged with the owner? That’s the plan for user managed access (UMA) however work has been slow and so a new coalition the Kantara Initiative UMA Developer Resources Work Group (UMA Dev WG) fronted by identity management business ForgeRock has been created to speed things up.
The plan for the work group is to “accelerate developer adoption of the User-Managed Access (UMA) standard” and to create open-source UMA implementation toolkits for web applications and the Internet of Things (IoT).
UMA, actually dates back to 2009, and the current OAuth-based protocol UMA standard has already received support from major government and healthcare organisations such as the Government of New Zealand and Philips. However with the growth in big data and the internet of things just around the corner the standard needed to move faster. For example, instead of making copies of a child’s healthcare records at the beginning of the school year and walking it into the school office where it will be “filed,” a parent could give the school access to the online record for one week at the start of the school year. Once the school confirms the child’s health status and vacci2015nations, access to the digital record can be revoked, eliminating the need to duplicate personal healthcare records and maintaining privacy. In a similar fashion, financial records can be shared with tax accountants and loan officers and healthcare records can be shared with medical specialists. With UMA, individuals can grant access to digital records on a need-to-know basis and for only an appropriate length of time.
The purpose of the new UMA Dev WG is to design and develop free and open-source software (FOSS) in several popular programming languages such as Java, C++ and Python, will make it easy to add interoperable authorisation, access control, privacy and consent features to application ecosystems as Eve Maler, ForgeRock vice president of innovation, UMA Work Group founder and chair, and convener of the new UMA Dev Work Group explains. “We’re taking the next exciting step, building free and open-source software with like-minded vendors, end-user organizations, and individual experts so we can foster truly open application ecosystems that give individuals greater control of their data.”
ForgeRock’s forthcoming addition of OpenUMA support to the ForgeRock Identity Platform is designed to help deliver “Consent 2.0” experiences to customers and citizens who are increasingly more concerned about their ability to manage their digital privacy.