Just wanted to mention that the profiles from the HEART WG define a
mechanism for handling the sensitive data (e.g. "STD metadata") described
in the use case in this paper. The slide deck
https://www.slideshare.net/xmlgrrl/health-relationship-trust-heart-working-g...
linked from the HEART wiki home page http://openid.net/wg/heart/ describes
it briefly (see also the links to the specs).
It works like this in the UMA case. If the RS registers a scope
corresponding to a sensitivity code when it's registering a resource*, if a
client brings back an RPT *without* that scope for the resource, then the
RS has to filter (redact) any of that kind of sensitive information out of
the resource before giving access to it. It doesn't necessarily mean Alice
*has* that kind of sensitive data (being sensitive to Alice's privacy), but
registering the scope is essentially a declaration of ability to filter it.
*The HEART profiles are still UMA1, of course, so it's "resource sets", but
I've just provided some info to help us step up to UMA2 profiling as soon
as the time is right. :)
*Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
On Sat, Oct 14, 2017 at 2:01 PM, Eve Maler
Thanks for sharing all this, Adrian!
*Eve Maler*Cell +1 425.345.6756 <(425)%20345-6756> | Skype: xmlgrrl | Twitter: @xmlgrrl
On Sat, Oct 14, 2017 at 10:36 AM, Adrian Gropper
wrote: The DIF http://identity.foundation has a lot of sponsors you will recognize. They could be an important ally in bringing UMA to the masses.
https://github.com/WebOfTrustInfo/rebooting-the-web-of- trust-fall2017/blob/master/final-documents/identity-hubs- capabilities-perspective.pdf
--
Adrian
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma