Just wanted to mention that the profiles from the HEART WG define a mechanism for handling the sensitive data (e.g. "STD metadata") described in the use case in this paper. The slide deck linked from the HEART wiki home page describes it briefly (see also the links to the specs).

It works like this in the UMA case. If the RS registers a scope corresponding to a sensitivity code when it's registering a resource*, if a client brings back an RPT without that scope for the resource, then the RS has to filter (redact) any of that kind of sensitive information out of the resource before giving access to it. It doesn't necessarily mean Alice has that kind of sensitive data (being sensitive to Alice's privacy), but registering the scope is essentially a declaration of ability to filter it.

*The HEART profiles are still UMA1, of course, so it's "resource sets", but I've just provided some info to help us step up to UMA2 profiling as soon as the time is right. :)

Eve Maler
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl

On Sat, Oct 14, 2017 at 2:01 PM, Eve Maler <eve@xmlgrrl.com> wrote:

Thanks for sharing all this, Adrian!

Eve Maler
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl

On Sat, Oct 14, 2017 at 10:36 AM, Adrian Gropper <agropper@healthurl.com> wrote:
The DIF http://identity.foundation has a lot of sponsors you will recognize. They could be an important ally in bringing UMA to the masses.

https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/final-documents/identity-hubs-capabilities-perspective.pdf

--

Adrian

_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
https://kantarainitiative.org/mailman/listinfo/wg-uma