User- Managed Access

From IIW

Convener: Eve Maler

Notes-taker: Jeff Stollman

Tags: UMA, Kantara Initiative, user-managed access work group

Discussion notes:

Goal is to create support for user-permissioned data sharing.

Three domains IDM, VRM, and Social Web 2.0 have desire to share data to make life better.

Avoid digital shadow (data that gets out about you that you don’t want out there). For example, data that is stolen and used for Identity Theft.

Three elements: Host (site that hosts person’s data – a use can have many hosts for different data or the same data)

Requesters (sites that want your data) E.g., requester may be someone who wants to access your calendar feed to keep updated access to your calendar. Requester might be you, someone else or company

Authorization Manager (broker agent that manages transaction between Host and Requestor. Serves as Policy Decision Point and Policy Access Point. Enforces terms and conditions, not just policies.

Benefit to user: You can set something once and it will persist. It will also provide auditability of whom you have authorized and what transactions have taken place. has lots more data on what has been documented. Go to groups and selected “User Managed Access.

Nat: his research shows 2% remember everything that they authorize; 50% remember only first few authorizations

Paul Bryan gave a detailed walk through of a generic scenario. Detailed scenarios are detailed on the Kantara Initiative site. Provides claims-based negotiation between the Requester and the Authorization Manager.

ID Report gets verified identity of both parties to support a transaction.

Eve's Notes

Convener: Eve Maler

Notes-taker: Eve Maler

Tags: #UMA #UMAF2F #identity #privacy #policy

Discussion notes:

We reviewed the basic proposition of User-Managed Access as captured by the ongoing work of the Kantara Initiative’s UMA Work Group ( The WG held a F2F meeting yesterday, and we also reported on the very latest protocol design decisions and got feedback on them.

We invite interested people to join the group and contribute; it’s free to join. Just visit the UMA site for the group participation form, background materials, requirements and use cases documents, and fledgling spec text.