kantara workshop making the world safe for user managed
play

Kantara Workshop: Making the World Safe for User-Managed Access - PowerPoint PPT Presentation

Sep 27, 2022 •379 likes •985 views

Kantara Workshop: Making the World Safe for User-Managed Access Eve Maler Kantara UMA Work Group Chair 4 May 2010 1 About Kantara Initiative http://kantarainitiative.org Participation: Open global identity, web, and developer community

  1. Kantara Workshop: Making the World Safe for User-Managed Access Eve Maler Kantara UMA Work Group Chair 4 May 2010 1

  2. About Kantara Initiative http://kantarainitiative.org • Participation: Open global identity, web, and developer community of individuals and organizations, such as: • Deployers, operators, Web 2.0 service providers, eGovernment agencies, IT vendors, consumer electronics vendors • Developers and members of the open source, legal, and privacy communities • Goal: Harmonize identity community activities to help ensure secure, identity-based, online interactions • While preventing misuse of personal information so that networks will become privacy protecting and more natively trustworthy environments. • Work: 18 Work Groups and Discussion Groups (including UMA) and two certification oversight bodies (Assurance and Interop) 2

  3. How to participate • It’s absolutely free to participate in any group • You can also support the overall goals of the Initiative with an individual or organizational Membership • Today is a public workshop • You are invited to become an UMA WG participant (“UMAnitarian”!) to contribute actively to our work • To become a participant right now, visit kantarainitiative.org , select the User-Managed Access Group, and click on Join This Group • We operate under reciprocal royalty-free rules 3

  4. Suggested agenda for today • Introductions • UMA in a nutshell • The landscape and requirements • Scenarios, use cases, and user experiences • The UMA protocol • Policies, claims, and agreements 4

  5. Introductions 5

  6. UMA in a nutshell 6

  7. UMA is... • A web protocol that lets you control authorization of data sharing and service access made on your behalf • A Work Group of the Kantara Initiative that is free for anyone to join and contribute to • A set of draft specifications that is free for anyone to implement • Heading towards multiple implementation efforts • Going to be contributed to the IETF • Striving to be simple, OAuth-based, identifier-agnostic, RESTful, modular, generative, and developed rapidly 7

  8. The players (definitions come from core protocol spec) 8

  9. The players (definitions come from core protocol spec) a web user who configures an authorization manager with policies that control how it makes access decisions when a requester attempts to access a protected resource at a host 8

  10. The players (definitions come from core protocol spec) a web user who configures an authorization manager with policies that control how it makes access decisions when a requester attempts to access a protected resource at a host carries out an authorizing user's policies governing access to a protected resource 8

  11. The players (definitions come from core protocol spec) a web user who configures an authorization manager with policies that control how it makes access decisions when a requester attempts to access a protected resource at a host enforces access to the protected resources it hosts, as decided by an authorization manager carries out an authorizing user's policies governing access to a protected resource 8

  12. The players (definitions come from core protocol spec) a web user who configures an authorization manager with policies that control how it makes access decisions when a requester attempts to access a protected resource at a host enforces access to the protected resources it hosts, as decided by an authorization manager carries out an authorizing user's policies governing access to a protected resource seeks access to a protected resource 8

  13. The players (definitions come from core protocol spec) a web user who configures an authorization manager with policies that control how it makes access decisions when a requester attempts to access a protected resource at a host enforces access to the protected resources it hosts, as decided by an authorization manager carries out an authorizing user's policies governing access to a protected resource requesting party: a web user, or a corporation (or other seeks access to a legal person), that uses a protected resource requester to seek access to a protected resource 8

  14. Some starter scenarios Authorizing User Hi, I’m Alice Adams. user agent Authorize Store TravelIt.com Keep your itineraries here Host Grant Access Authorization Protected Protect PDP PEP Manager Resource Enforce Hi, I’m Bob Baker. Access Requester Schedewl AIRPLANR 9

  15. Landscape and requirements 10

  16. 11

  17. policy decision-making privacy informational self- determination user centricity 11

  18. policy decision-making valet keys privacy informational the “Open self- Stack” determination the “Connect” user phenomenon centricity 11

  19. volunteered personal personal datastores information policy decision-making valet keys privacy informational the “Open self- Stack” determination the “Connect” user phenomenon centricity 11

  20. volunteered personal personal datastores information policy decision-making valet keys privacy informational the “Open self- Stack” determination the “Connect” user phenomenon centricity intentional vs. digital footprint behaviorial data dashboard 11

  21. Provisioning data “by hand and by value” is broken 12

  22. Comparing models Classic web form model 13

  23. Comparing models Classic web form model disclose site that consumes data 13

  24. Comparing models Classic federated identity model 14

  25. Comparing models Classic federated identity model identity provider, discovery service... (authorize) disclose store consumer, service provider, relying party, attribute authority, web service consumer... web service provider... 14

  26. Comparing models OAuth-style model 15

  27. Comparing models OAuth-style model disclose store client server authorize 15

  28. Comparing models OAuth-style model disclose store authz server resource client server server authorize 15

  29. Comparing models UMA model 16

  30. Comparing models UMA model disclose store requester host contract authorize authorization manager 16

  31. Comparing models UMA model disclose store requester host contract authorize authorization manager identity provider, discovery service 16

  32. Comparing models Classic access management model 17

  33. Comparing models Classic access management model requester PEP authorize PDP, PAP, PIP policy admin 17

  34. Design principles and requirements (see also requirements doc) • Original DPs: simple; OAuth; ID-agnostic; RESTful; modular; generative; fast • Emergent DPs: cryptography; privacy; complexity; authentication; user experience • Original reqs: access relationship service; user- driven policies and terms; user management of relationship; auditing; direct access; multiple hosts • Emergent reqs: host/AM separation; resource orientation; correlation of authorizing user by multiple hosts; representation-agnostic AM 18

  35. User experiences, scenarios, and use cases 19

  36. User experiences imagined – and real • Newcastle University SMART project (presented by Maciej Machulak) • “Vision wireframes” (thanks to Domenico Catalano) 20

  37. A sampling of scenarios (see also scenarios and use cases doc) • Sharing a Calendar with Vendors (Accepted) • Packaging Resources for E-Commerce Vendors (Accepted) • Online Personal Loan request scenario (Accepted) • Distributed Services (Pending) • Managing Information in Which Employers and Employees Both Have a Stake (Pending) • Delegating Access Management to Custodians (Pending) • Moving Resources Between Hosts (Pending) • Controlling Access to Health Data (Pending) 21

  38. The protocol 22

  39. First, a little bit about OAuth get a token use a token Classic Google Code diagram 23

  40. First, a little bit about OAuth The client has already “met” the server to get unique credentials get a token use a token Classic Google Code diagram 23

  41. First, a little bit about OAuth The client has already “met” the server to get unique credentials Along with user- delegation use cases, there are autonomous-client use cases without this part get a token use a token Classic Google Code diagram 23

  42. First, a little bit about OAuth The client has already “met” the server to get unique credentials Along with user- OAuth 2.0 has delegation use cases, there are unique flows per client/ autonomous-client use cases device type, and without this part no request token get a token use a token Classic Google Code diagram 23

  43. First, a little bit about OAuth The client has already “met” the server to get unique credentials Along with user- OAuth 2.0 has delegation use cases, there are unique flows per client/ autonomous-client use cases device type, and without this part no request token get a token use a token Classic Google Code diagram OAuth 1.0 relies on signed messages over insecure channels; OAuth2.0 relies on (mostly short-lived) opaque bearer tokens, borne by client over SSL 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Drexel University College of Medicine Proofpoint Anti-SPAM User-Managed Features User Managed

Drexel University College of Medicine Proofpoint Anti-SPAM User-Managed Features User Managed

Drexel University College of Medicine Proofpoint Anti-SPAM User-Managed Features User Managed Features Email is filtered Scanned for viruses and scored for liklihood of SPAM Messages are delivered, quarantined or blocked

313 views • 10 slides
Users and security Authentication Making sure a user is who they say they are ...on

Users and security Authentication Making sure a user is who they say they are ...on

Users and security Authentication Making sure a user is who they say they are ...on every request! Authorization Making sure a user can only get to information they are supposed to see Making sure a user can only perform

801 views • 30 slides
Mapping the Global Virome Making the Unknown Known. And the World Safe From a Future

Mapping the Global Virome Making the Unknown Known. And the World Safe From a Future

Mapping the Global Virome Making the Unknown Known. And the World Safe From a Future of Viral Threats If you know your enemies and know yourself, you will not be imperiled in a hundred battles; ..if you do not know your enemies

266 views • 22 slides
Patient ID Service http://design.patientidservice.us/ * Kantara Initiative * Healthcare Identity

Patient ID Service http://design.patientidservice.us/ * Kantara Initiative * Healthcare Identity

Patient ID Service http://design.patientidservice.us/ * Kantara Initiative * Healthcare Identity Assurance Work Group, Chairs: John Fraser, Pete Palmer, Rick Moore * Open ID Foundation of Japan, Nat Sakimura * My Partners at eCitizen *

611 views • 33 slides
when sex was safe and motor racing was dangerous (Jack Brabham, World Champion 59 60

when sex was safe and motor racing was dangerous (Jack Brabham, World Champion 59 60

when sex was safe and motor racing was dangerous (Jack Brabham, World Champion 59 60 & 66) Vincent REPOUX, the creator of ARPIEM, is a race fan, and his emotions are mainly driven by sounds, colors and smells , making of him a true

322 views • 9 slides
neural networks making the world safe for Skynet David Levinthal Microsoft Azure Cloud Services

neural networks making the world safe for Skynet David Levinthal Microsoft Azure Cloud Services

Performance analysis of deep neural networks making the world safe for Skynet David Levinthal Microsoft Azure Cloud Services Infrastructure Machine learning and Deep Neural Networks Machine learning works by building a network of simple

250 views • 20 slides
Is it difficult to create Intuitive user interfaces? Straight forward to do? user

Is it difficult to create Intuitive user interfaces? Straight forward to do? user

Introduction 8.10.2007 Motivation Unconventional User Interaction Design for creative use What is User Interface Engineering Technology trends User Interfaces in a Pervasive Computing World Examples LumiTouch Bed as

893 views • 10 slides
Safe Learning-Based Control using Gaussian Processes Prof. Angela Schoellig IFAC World Congress

Safe Learning-Based Control using Gaussian Processes Prof. Angela Schoellig IFAC World Congress

Safe Learning-Based Control using Gaussian Processes Prof. Angela Schoellig IFAC World Congress 2020 Learning for Control Tutorial The Future of Automation Large prior uncertainties. Active decision making. Expect safe and high-performance

310 views • 27 slides
Kantara F2F Berlin Closing Session Summary slides from: Business Cases for Trusted Federations

Kantara F2F Berlin Closing Session Summary slides from: Business Cases for Trusted Federations

Kantara F2F Berlin Closing Session Summary slides from: Business Cases for Trusted Federations Trust Framework Meta Model Telecommunications Identity Open Source Support Initiative Privacy Framework eGovernment Board of Trustees BCTF

322 views • 17 slides
Kantara Initiative Overview Spring 2009 Vision Ensure secure, identity-based, on- line

Kantara Initiative Overview Spring 2009 Vision Ensure secure, identity-based, on- line

Kantara Initiative Overview Spring 2009 Vision Ensure secure, identity-based, on- line interactions while preventing misuse of personal information so that networks will become privacy protecting and more natively trustworthy environments.

445 views • 19 slides
Tangible User Interface Ludovic GARREAU, Nadine COUTURE LIPSI-ESTIA (biarritz), LaBRI (bordeaux)

Tangible User Interface Ludovic GARREAU, Nadine COUTURE LIPSI-ESTIA (biarritz), LaBRI (bordeaux)

TUI ESKUA Design September, 8 th Monday 2003 : Physical interaction Workshop on Real World User Interfaces Sample Context Mobile HCI Conference 2003 in Udine Study of Tangible User H uman C omputer Interface for handling I

434 views • 5 slides
Making Safeguarding Personal 2017/18 Conferences 30 th Jan & 19 March 2018 Making user

Making Safeguarding Personal 2017/18 Conferences 30 th Jan & 19 March 2018 Making user

Making Safeguarding Personal 2017/18 Conferences 30 th Jan & 19 March 2018 Making user involvement effective in Safeguarding Adults Boards Aims of the Conference To identify the key factors that allow users to be involved in Safeguarding

643 views • 49 slides
Simpler World Due October 16 th Goal Recover the 3D structure of the world Problem 1: Making

Simpler World Due October 16 th Goal Recover the 3D structure of the world Problem 1: Making

COS 429 PS2: Reconstructing a Simpler World Due October 16 th Goal Recover the 3D structure of the world Problem 1: Making the World Simpler Simple World Assumptions: Flat surfaces that are either horizontal or vertical Objects

526 views • 17 slides
Radiation Safety Training PADEP Approved 2014 Presentation Objectives End User Safe Radiation

Radiation Safety Training PADEP Approved 2014 Presentation Objectives End User Safe Radiation

Radiation Safety Training PADEP Approved 2014 Presentation Objectives End User Safe Radiation Handling Educate end user on radiation and how to protect themselves. Cover the details of safe, proper analyzer operation. Provide

400 views • 23 slides
Understanding our world. 2013 Esri International User Conference July 812, 2013 | San Diego,

Understanding our world. 2013 Esri International User Conference July 812, 2013 | San Diego,

Understanding our world. 2013 Esri International User Conference July 812, 2013 | San Diego, California Technical Workshop Editing Versioned Geodatabases : An Introduction Cheryl Cleghorn Shawn Thorne Assumptions: Basic knowledge of

971 views • 67 slides
Safe Scouting for All It is a fundamental Scouting belief that Scouting must be fun and safe.

Safe Scouting for All It is a fundamental Scouting belief that Scouting must be fun and safe.

Safe Scouting for All It is a fundamental Scouting belief that Scouting must be fun and safe. Camping and high adventure activities within the Boy Scouts are done with the concept of managed risk within the guidelines set forth by BSA and

558 views • 33 slides
Cada Da - Welsh Meeting Template Social Language Learning Program - Template - Wednesday - Dydd

Cada Da - Welsh Meeting Template Social Language Learning Program - Template - Wednesday - Dydd

Web Meeting SET UP Cada Da - Welsh Meeting Template Social Language Learning Program - Template - Wednesday - Dydd Mercher July 6 - Wednesday UTC 15:30 [Wales 4:30pm, Argentina 12:30pm, Eastern US 11:30am] Launch Meeting and Countdown Time

878 views • 54 slides
A Rendezvous-based Paradigm A Rendezvous-based Paradigm for Analysis of Solicited and for

A Rendezvous-based Paradigm A Rendezvous-based Paradigm for Analysis of Solicited and for

A Rendezvous-based Paradigm A Rendezvous-based Paradigm for Analysis of Solicited and for Analysis of Solicited and Unsolicited Traffic Unsolicited Traffic DUST 2012 May 15, 2012 David Plonka & Paul Barford {plonka,pb}@cs.wisc.edu

490 views • 30 slides
Automatic MySQL Schema Management with Skeema Evan Elias Percona Live, April 2017 What is

Automatic MySQL Schema Management with Skeema Evan Elias Percona Live, April 2017 What is

Automatic MySQL Schema Management with Skeema Evan Elias Percona Live, April 2017 What is Schema Management? Organize table schemas in a repo Execution of all DDL, on the correct MySQL instances, with the correct OSC flags Not

813 views • 64 slides
How to Host Your Own Instructor Training: For Project AWARE-SEA and MHAT Grantees Chayla Lyon ,

How to Host Your Own Instructor Training: For Project AWARE-SEA and MHAT Grantees Chayla Lyon ,

How to Host Your Own Instructor Training: For Project AWARE-SEA and MHAT Grantees Chayla Lyon , Manager of Instructor Trainings, Mental Health First Aid Stephanie Pozuelos , Project Coordinator, Mental Health First Aid Mental Health First Aid USA

360 views • 17 slides
Scalability and Availability Ryan Eberhardt and Armin Namavari May 19, 2020 Logistics Project 1

Scalability and Availability Ryan Eberhardt and Armin Namavari May 19, 2020 Logistics Project 1

Scalability and Availability Ryan Eberhardt and Armin Namavari May 19, 2020 Logistics Project 1 due tonight Week 6 exercises coming out today Project 2 coming out end of this week Let us know how we can help! This week

892 views • 74 slides
Golden Gate Bridging The Resource-Efficiency Gap Between ASICs and FPGA Prototypes Albert Magyar

Golden Gate Bridging The Resource-Efficiency Gap Between ASICs and FPGA Prototypes Albert Magyar

Golden Gate Bridging The Resource-Efficiency Gap Between ASICs and FPGA Prototypes Albert Magyar , David Biancolin, Jack Koenig, Sanjit Seshia, Jonathan Bachrach, Krste Asanovi Two major challenges of FPGA simulation FireSim

621 views • 37 slides
TC-CIM: Empowering Tensor Comprehensions for Computing In Memory Andi Drebes 1 Lorenzo Chelini 2,3

TC-CIM: Empowering Tensor Comprehensions for Computing In Memory Andi Drebes 1 Lorenzo Chelini 2,3

TC-CIM: Empowering Tensor Comprehensions for Computing In Memory Andi Drebes 1 Lorenzo Chelini 2,3 Oleksandr Zinenko 4 Albert Cohen 4 Henk Corporaal 2 Tobias Grosser 5 Kanishkan Vadivel 2 Nicolas Vasilache 4 1 Inria and erieure 2 TU Eindhoven 3

599 views • 41 slides
Dynamic Near Data Processing Framework for SSDs Gunjae Koo *, Kiran Kumar Matam*, Te I ,

Dynamic Near Data Processing Framework for SSDs Gunjae Koo *, Kiran Kumar Matam*, Te I ,

Dynamic Near Data Processing Framework for SSDs Gunjae Koo *, Kiran Kumar Matam*, Te I , H.V. KrishinaGiri Nara*, Jing Li , Hung-Wei Tseng , Steven Swanson , Murali Annavaram* *University of Southern California North

853 views • 35 slides

More recommend