Re: [DG-BCTF] [WG-UMA] [WG-HealthIDAssurance] UMA & Kantara Cloud BestPractices

4 Dec 2011

      Thanks Eve.

To clarify the Cloud group I'm looking to start, it's where you say these 
facilities should be available as cloud services. I'd like to define the 
specifications for managed services that providers like eg. AT&T or Savvis, 
could use to invest and build the required platform to present these as 
commercial offerings, ie. they can offer a module like 'Relying 
Party-as-a-Service', that are in line with the models proposed by Kantara.

Many have healthcare divisions and so there's also opportunity to define 
this via industry-specific scenarios too, like Health ID.

Kind regards Neil.

----- Original Message ----- 
From: "Eve Maler" 
To: "Rich Furr" 
Cc: ; ; 
"Kantara Group" 
Sent: Sunday, December 04, 2011 5:49 PM
Subject: Re: [WG-UMA] [WG-HealthIDAssurance] UMA & Kantara Cloud 
BestPractices

Hi folks-- Belatedly weighing in on this thread… Glad to have this 
opportunity to collaborate between groups. A couple of thoughts that may get 
some juices flowing…

UMA is about giving a person the ability to coordinate, from one place, the 
access rights to their "online stuff" -- hosted in potentially many 
places -- that they grant to other parties. One difference between UMA and 
classic loosely coupled (federated) identity systems is that it's focused on 
authorization vs. identification and authentication. There are many 
touchpoints among all these, of course.

In an UMA-enabled ecosystem, we anticipate that "authorization managers" 
(AMs) and "hosts" would be operated as cloud services. They need to be 
always-on and accessible by "requesters". Fortunately, because an AM 
functions as a kind of authorization power-of-attorney for the user, she 
herself doesn't have to be online all the time, even when someone else (say, 
an emergency room physician) asks for access to health records or whatever.

We've currently got a Trust Model sub-team working out some best practices 
for how an UMA ecosystem could be deployed so as to ensure adherence to 
trust-framework-type layers of agreements. (For example, how can we build 
legally enforceable trust between operators of AMs, operators of hosts, 
operators of requester apps, and people who use UMA to protect their stuff?) 
This will ultimately turn into a User Guide (using that same healthcare use 
case mentioned below). For now, it may be interesting for folks new to UMA 
to read our initial Trust Model doc:

http://kantarainitiative.org/confluence/display/uma/UMA+Trust+Model

By the way, we're holding a public webinar on December 14. If you're 
interested to join us, you can register here:

http://tinyurl.com/umawg

Best regards,

Eve

On 21 Nov 2011, at 3:22 AM, Rich Furr wrote:
...
Not as far as I am concerned.  We do not deal with citizens at all, but
only with licensed medical professionals.
Rich Furr
Head, Global Regulatory Affairs, Policy & Compliance
SAFE-BioPharma Assn - The Biopharmaceutical & Healthcare Identity
Management Standard
Cell: 704-575-1680
Office:  980-236-7576
On 11/20/11 9:01 AM, "ankit gurung"  wrote:
...
Fork in UMA???
On 11/18/11, Rich Furr  wrote:
...
Agree and we, SAFE-BioPharma, are completely focused on healthcare
identity
management, federation and strong auth as our primary focus.
Rich Furr
Head, Global Regulatory Affairs, Policy & Compliance
SAFE-BioPharma Assn - The Biopharmaceutical & Healthcare Identity
Management
Standard
Cell: 704-575-1680
Office:  980-236-7576
From: Neil McEvoy
mailto:neil.mcevoy@l5consulting.net>
Date: Fri, 18 Nov 2011 08:47:39 -0500
To: Salvatore D'Agostino
mailto:sal@idmachines.com>,
"wg-uma@kantarainitiative.orgmailto:wg-uma@kantarainitiative.org"
mailto:wg-uma@kantarainitiative.org>
Cc:
"dg-bctf@kantarainitiative.orgmailto:dg-bctf@kantarainitiative.org"
mailto:dg-bctf@kantarainitiative.org>,
Kantara Group
>
Subject: Re: [WG-HealthIDAssurance] [WG-UMA] UMA & Kantara Cloud Best
Practices
Thank you Salvatore.
Yes I'd like to focus on a use case too, and actually this cuts across a
number of WG's and provides a common focus for how Cloud might apply to
them.
Recently EHealth Ontario joined our 'Canadian Cloud Best Practices
Council'
(http://canadacloud.biz/cloud-best-practices-council/), with a view to
collaborating on developing new innovations.
They have their own Federated Identity program called 'ONE ID' -
http://www.ehealthontario.on.ca/programs/one_id.asp, which is more
theory
than it is reality at the moment, and so I'd like to propose Kantara is
the
ideal way to implement it. They're focused just on the authentication
function at the moment, but I think ONE ID is the ideal metaphor for a
broader citizen-centric identity architecture, and so how we might
additionally incorporate UMA principles would be very productive.
I'd also like to explore how this would correlate with a single
identifier,
like XDI i-names et al.
Kind regards,
Neil.
----- Original Message -----
From: Salvatore D'Agostino
To: 'Neil McEvoy' ; wg-uma@kantarainitiative.org
Sent: Friday, November 18, 2011 5:58 AM
Subject: RE: [WG-UMA] UMA & Kantara Cloud Best Practices
Neil,
Speaking for myself it would be good to move ahead a use case.  Is
there a
particular vertical, I was thinking that given the needs around health
care
that we could actually serve eGov and Health IT folks as well.
As you will see we UMAnitarians are a cooperative lot, so curious about
others ideas.
We (UMA) also have a need to progress our trust model so maybe this can
help
focus on use case as well.
Thanks for the interest.
Sal
From:
wg-uma-bounces@kantarainitiative.org
[mailto:wg-uma-bounces@kantarainitiative.org] On Behalf Of Neil McEvoy
Sent: Friday, November 18, 2011 12:45 AM
To: wg-uma@kantarainitiative.orgmailto:wg-uma@kantarainitiative.org
Subject: [WG-UMA] UMA & Kantara Cloud Best Practices
Greetings UMAnitarians
I'm new to the list, and by way of introduction I'd like to highlight
I'm in
process of setting up a new Kantara WG, called Kantara Cloud Identity
and
Security Best Practices - This will define the intersection between
Cloud
Computing and Kantara Federated Identity standards.
As part of this process I'm seeking to identify complimentary
relationships
with other WGs.
Concerns over data privacy and controls is the #1 concern over Cloud
hosting, so it would seem protocols like UMA are fundamental to success
of
the Cloud, and given the evolution of IT applications, vice versa.
I'd love to hear any ideas for collaboration in this area..
Kind regards,
---
Neil McEvoy
Founder and President
Level 5 Consulting
http://L5Consulting.net
neil.mcevoy@l5consulting.net
Eve Maler                                  http://www.xmlgrrl.com/blog
+1 425 345 6756                         http://www.twitter.com/xmlgrrl

_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma