User-Access Manager: Key to Life Management Platform presentation at European Identity Conference (EIC) 2014. http://www.id-conf.com/sessions/1268

1. User-Managed Access: key to
Life Management Platform
Domenico Catalano, Oracle Italy
Maciej Machulak, Cloud Identity Limited
European Identity Conference 2014
1

2. Agenda
Personal Data and EmergingTrends
Life Management Platforms
UMA Concepts
Use Cases
Demo
Q&A
2

3. 3
What is Personal Data…

4. Personal Data is the Life Blood of
the Information Age
3
What is Personal Data…

5. Personal Data is the Life Blood of
the Information Age
3
Personal Data is the New “Oil of
the Internet”
What is Personal Data…

6. Personal Data is the Life Blood of
the Information Age
3
Personal Data is the New “Oil of
the Internet”
Personal Data is the new currency
What is Personal Data…

7. Personal Data and new forms of
economic and social value
4
Big Data
Explosive growth
of Personal
Data
New forms
of economic
and social
value
Quantity and quality
Mobile
Computing
Social
Networking
Internet of
THINGS

8. How to measure the value of
Personal Data
•Market capitalization
•Revenue per record/user
•Market Price
•Cost of data breach
•Pay to protect
5
Streat address
Data of Birth
Social Number
Military record
0 10 20 30 40
Source: OECD (2013),“Exploring the Economics of Personal Data:A Survey of Methodologies for Measuring MonetaryValue”
$112 per user record
USD 1.7 per record
Data breach cost $171M
USD

9. Externalities: Socio-economic
impact
•Personal data to avoid duplicative testing/
misdiagnosis, etc., in healthcare.
6
Electronic Health Record
Financial BenefitsPatientValue SocialValue
Improved treatment Reduced Cost research into new drugs,
improved medical protocols
Source: OECD (2013),“Exploring the Economics of Personal Data:A Survey of Methodologies for Measuring MonetaryValue”

10. Risks about Personal Data
7
Individual Organization
“72% of European citizens are concerned that their personal data may be misused…”
Individuals have little visibility into the practices of the organizations they are putting
their trust in – until their data is breached or misused.
EU commission survey 2012
Risks: Loss of Trust
Personal Data
…t e n s i o n…

11. Challenges to mitigate Risks
• Protection and Security
‣ New approaches for decentralized and distributed network environment.
• Accountability
‣ Who has data about you? Where is the data about you located?
• Right and Responsibility for using personal data
‣ New approaches that help individuals understand how and when data is
collected.
‣ How the data is being used and the implications of these actions.
‣ Empower individual more effectively and efficiently.
‣ Context aware.
8
Source:World Economic Forum 2013 Report: Unlocking theValue of Personal Data: From Collection to Usage

12. Personal Data Ecosystem
Emerging Trends: Data Lockers
9
Personal
Data Store
Personal Clouds
Life Management Platforms
Native Data Store
App App
Informed
Pull
Controlled
Push

13. Life Management Platforms
10

14. Life Management Platforms
•The concept of Life Management Platforms
(LMPs) was introduced in 2012 by Kuppinger-
Cole.
10

15. Life Management Platforms
•The concept of Life Management Platforms
(LMPs) was introduced in 2012 by Kuppinger-
Cole.
•LMP allows individual to consolidate all relevant
data from life, e.g. bank account information,
insurance information, health information, etc.
10

16. Life Management Platforms
•The concept of Life Management Platforms
(LMPs) was introduced in 2012 by Kuppinger-
Cole.
•LMP allows individual to consolidate all relevant
data from life, e.g. bank account information,
insurance information, health information, etc.
•The platform concept provides the tools to
manage the essential information of every
person’s life and making it usable for other
parties.
10

17. Life Management Platform: Key
features
11
AccessLMP
Requesting
Party
Data
Stores
Data
Control
Informed Pull
Controlled Push
Data Sharing
Policy
Individual
ControlBank
healthcare
Home
Car

18. Life Management Platform: Key
features
11
AccessLMP
Requesting
Party
Data
Stores
Data
Control
Informed Pull
Controlled Push
Data Sharing
Policy
Individual
ControlBank
healthcare
Home
Car
Secure Store
of Information

19. Life Management Platform: Key
features
11
AccessLMP
Requesting
Party
Data
Stores
Data
Control
Informed Pull
Controlled Push
Data Sharing
Policy
Individual
ControlBank
healthcare
Home
Car
Secure Store
of Information
Information control
remains with
Individual

20. Life Management Platform: Key
features
11
AccessLMP
Requesting
Party
Data
Stores
Data
Control
Informed Pull
Controlled Push
Data Sharing
Policy
Individual
ControlBank
healthcare
Home
Car
Secure Store
of Information
Information control
remains with
Individual
Granular Access Control
for Data

21. Life Management Platform: Key
features
11
AccessLMP
Requesting
Party
Data
Stores
Data
Control
Informed Pull
Controlled Push
Data Sharing
Policy
Individual
ControlBank
healthcare
Home
Car
Secure Store
of Information
Advanced
Data Sharing
Models
Information control
remains with
Individual
Granular Access Control
for Data

22. User-Managed Access (UMA)
UMA defines how an individual can control
protected-resource access by clients operated by
arbitrary requesting parties, where the resources
reside on any number of resource servers, and
where a centralized authorization server governs
access based on individual policy.
12

23. tinyurl.com/umawg
UMA is...
• A web protocol that lets you control access by anyone to
all your online stuff from one place
• A set of draft specifications, free for anyone to implement
• Undergoing multiple implementation efforts
• A Work Group of the Kantara Initiative, free for anyone to
join and contribute to
• Simple, OAuth-based, identifier-agnostic, RESTful, modular,
generative, and developed rapidly
• Contributed to the IETF for consideration:
draft-hardjono-oauth-umacore
• Currently undergoing interop testing and increased
OpenID Connect integration
13

24. UMA Architecture
14

25. User-Managed Access for LMP
15
AccessLMP
Requesting
Party
Data
Stores
Data
Control
Informed Pull
Controlled Push
Data Sharing
Policy
Individual
ControlBank
healthcare
Home
Car

26. User-Managed Access for LMP
15
LMP Requesting
Party
Data
Stores
Bank
healthcare
Home
Car

27. User-Managed Access for LMP
15
LMP Requesting
Party
Data
Stores
Bank
healthcare
Home
Car
Resource
Owner
Client
UMA AS

28. User-Managed Access for LMP
15
LMP Requesting
Party
Data
Stores
Bank
healthcare
Home
Car
Resource
Owner
Client
manage
control
protect UMA AS

29. User-Managed Access for LMP
15
LMP Requesting
Party
Data
Stores
Bank
healthcare
Home
Car
Resource
Owner
Client
manage
consentcontrol
protect negotiate
manage
UMA AS

30. User-Managed Access for LMP
15
LMP Requesting
Party
Data
Stores
Bank
healthcare
Home
Car
Resource
Owner
Client
manage
consentcontrol
protect
authorize
negotiate
manage
access
UMA AS

31. UMA for LMP Use Cases
•Personal Loan (Informed Pull)
•CV Sharing (Controlled Push)
16

32. UMA for LMP Use Case:
Informed Pull
•An Individual issues a request for information (RFI) to
a group of financial services to obtain the best offer
for a personal loan.
•Life Connections represent the Individual’s Personal
Information requested (i.e Bank Account and Credit
Score), for issuing the RFI, protected by UMA AS.
•LMP provides the Apps for typical Life events (i.e.
Personal Loan Request).
17

33. Informed Pull Model
18
LMP Financial
Service
Bank
Credit Score
!
Request for Information
!
Authorize/Access
!
Offer
!
UMA-Enabled
Loan
App

34. Life Connections Request
www.uma4lmp.com/am/informed_pull
Life Management Platform
Life ApplicationsRequest for Information
UMA4LMP: Informed Pull
19
Home
Bank
Healthcare
Car
Credit Score
Loan
Application
healthcare
Insurance
Drag request template here

35. Life Connections Request
www.uma4lmp.com/am/informed_pull
Life Management Platform
Life ApplicationsRequest for Information
UMA4LMP: Informed Pull
19
Home
Bank
Healthcare
Car
Credit Score
Loan
Application
healthcare
Insurance

36. Life Connections Request
www.uma4lmp.com/am/informed_pull
Life Management Platform
Life ApplicationsRequest for Information
UMA4LMP: Informed Pull
19
Home
Bank
Healthcare
Car
Credit Score
healthcare
Insurance
+ +
Bank Account Credit Score
Personal Information
Request Info
Loan amount:
Period:
Data sharing Policy
Claim-based authorization
Validity:
Cancel Run NowSave as Template
Data Purpose:
/ /
Requesting Party Marketing related use
Only for this request

37. Life Connections Request
www.uma4lmp.com/am/informed_pull
Life Management Platform
Life ApplicationsRequest for Information
UMA4LMP: Informed Pull
19
Home
Bank
Healthcare
Car
Credit Score
healthcare
Insurance
+ +
Bank Account Credit Score
Personal Information
Request Info
Loan amount:
Period:
Data sharing Policy
Claim-based authorization
Validity:
OnlineBank.com
Shareable Bank Account
Privacy impact: Medium
Data Access: Read
View Data
Cancel Run NowSave as Template
Data Purpose:
/ /
Requesting Party Marketing related use
Only for this request

38. Life Connections Request
www.uma4lmp.com/am/informed_pull
Life Management Platform
Life ApplicationsRequest for Information
UMA4LMP: Informed Pull
19
Home
Bank
Healthcare
Car
Credit Score
healthcare
Insurance
+ +
Bank Account Credit Score
Personal Information
Request Info
Loan amount:
Period:
Data sharing Policy
Claim-based authorization
Validity:
Cancel Run NowSave as Template
Data Purpose:
/ /
Requesting Party Marketing related use
Only for this request

39. Life Connections Request
www.uma4lmp.com/am/informed_pull
Life Management Platform
Life ApplicationsRequest for Information
UMA4LMP: Informed Pull
19
Home
Bank
Healthcare
Car
Credit Score
healthcare
Insurance
+ +
Bank Account Credit Score
Personal Information
Request Info
Loan amount:
Period:
Data sharing Policy
Claim-based authorization
Validity:
Cancel Run NowSave as Template
Data Purpose:
/ /
Requesting Party Marketing related use
Only for this request

40. Life Connections Request
www.uma4lmp.com/am/informed_pull
Life Management Platform
Life ApplicationsRequest for Information
UMA4LMP: Informed Pull
19
Home
Bank
Healthcare
Car
Credit Score
healthcare
Insurance
+ +
Bank Account Credit Score
Personal Information
Request Info
Loan amount:
Period:
Data sharing Policy
Claim-based authorization
Validity:
10000
24
Cancel Run NowSave as Template
Data Purpose:
/ /
Requesting Party Marketing related use
Only for this request

41. UMA4LMP: Informed Pull
20
Personal Loan App Results
www.uma4lmp.com/am/informed_pull
Life Management Platform
Vendor
10.000
10.000
Interest Rates
View details
View details
View details6.00%
5.30%
10.000
5.25%
OnlineLoan.com 5.1%
View details
Bestloan.com
FinancialOne.com 10.000
10.000
Amount
ConsumerBank.com
6.70%
Details
View detailsCreditMarket.com

42. UMA4LMP: Informed Pull
20
Personal Loan App Results
www.uma4lmp.com/am/informed_pull
Life Management Platform
Vendor
10.000
10.000
Interest Rates
View details
View details
View details6.00%
5.30%
10.000
5.25%
OnlineLoan.com 5.1%
View details
Bestloan.com
FinancialOne.com 10.000
10.000
Amount
ConsumerBank.com
6.70%
Details
View detailsCreditMarket.com

43. UMA for LMP Use Case:
Controlled Push
•A student interacts with online job
application system.
•Student shares their exam marks, certificates
references, etc.
•Data is stored at their various Higher
Education institution.
•Employers can ask for additional information
to be provided during the application
process.
21

44. UMA4LMP: Controlled Push
22

45. UMA4LMP: Controlled Push
23

46. UMA4LMP: Controlled Push
24
Student, Job Seeker

47. UMA4LMP: Controlled Push
25
Student, Job Seeker
Employer

48. 26
DEMO

49. Why UMA
•UMA provides a new approach to protect personal
information in a decentralized and distributed network.
•UMA provides a new way to create a trust
relationship in a distributed environment.
•UMA provides a new way to control of what is
happening to personal data.
•UMA provides a new way to help individuals
understand how personal data is used.
27

50. Benefits of UMA applied to LMP
28
Authorize
Client Resource
Server
Authorization
Server
Protect
Access
(on behalf of
Requesting Party)
Resource
Owner
Protection and Security Accountability
Right and Responsibility
for using personal data

51. Benefits of UMA applied to LMP
28
Authorize
Client Resource
Server
Authorization
Server
Protect
Access
(on behalf of
Requesting Party)
Resource
Owner
Individual protects the
distributed resource which is
collecting the personal data
with a centralized Authorization
Server.
Protection and Security Accountability
Right and Responsibility
for using personal data

52. Benefits of UMA applied to LMP
28
Authorize
Client Resource
Server
Authorization
Server
Protect
Access
(on behalf of
Requesting Party)
Resource
Owner
Individual is active part of defining
the how the personal information
will be handled in the data sharing
process (Controlled Push or
Informed Pull).
Individual protects the
distributed resource which is
collecting the personal data
with a centralized Authorization
Server.
Protection and Security Accountability
Right and Responsibility
for using personal data

53. Benefits of UMA applied to LMP
28
Authorize
Client Resource
Server
Authorization
Server
Protect
Access
(on behalf of
Requesting Party)
Resource
Owner
Individual is active part of defining
the how the personal information
will be handled in the data sharing
process (Controlled Push or
Informed Pull).
Individual is able to define
sharing policy for what
purposes the personal data is
shared (or collected)
Individual protects the
distributed resource which is
collecting the personal data
with a centralized Authorization
Server.
Protection and Security Accountability
Right and Responsibility
for using personal data

54. Benefits of UMA applied to LMP
28
Authorize
Client Resource
Server
Authorization
Server
Protect
Access
(on behalf of
Requesting Party)
Resource
Owner
Individual is active part of defining
the how the personal information
will be handled in the data sharing
process (Controlled Push or
Informed Pull).
Individual is able to define
sharing policy for what
purposes the personal data is
shared (or collected)
Individual protects the
distributed resource which is
collecting the personal data
with a centralized Authorization
Server.
Protection and Security Accountability
Right and Responsibility
for using personal data
Individual can selectively
share personal data with
Requesting Party through a
Claim-based authorization
system

55. Benefits of UMA applied to LMP
28
Authorize
Client Resource
Server
Authorization
Server
Protect
Access
(on behalf of
Requesting Party)
Resource
Owner
Individual is active part of defining
the how the personal information
will be handled in the data sharing
process (Controlled Push or
Informed Pull).
Individual is able to define
sharing policy for what
purposes the personal data is
shared (or collected)
Policy Enforcement Point at Resource
Server allows to intercept any request to
access to personal data
Individual protects the
distributed resource which is
collecting the personal data
with a centralized Authorization
Server.
Protection and Security Accountability
Right and Responsibility
for using personal data
Individual can selectively
share personal data with
Requesting Party through a
Claim-based authorization
system

56. Questions?
29

57. 30
Eve L. Maler
UMA WG Chair
emaler@forrester.com
!
Thomas Hardjono
UMA WG Specification Editor
hardjono@mit.edu
!
Members of the UMA WG
ThankYou /Acknowledgement

58. Thanks!
31
@UMAWG
tinyurl.com/umawg |tinyurl.com/umafaq