One of the interesting aspects of solid is actually the separation of apps and the data store and standardisation of the interface using semantic web formats. It solves the problem of each app defining its own api. In industry wide initiatives, such as open banking, this lowers the integration barriers significantly. Obviously the problem, however is adoption by developers and gaining critical mass. Taking such an approach does allow separation of customer experience and disparate backend systems. One of the solid team has written an good article on what the problem is they are trying to solve. See https://ruben.verborgh.org/blog/2017/12/20/paradigm-shifts-for-the-decentral... I could be wrong, but I thought the solid project supported multiple identity protocols, and that Webid-tls and Webid-oidc were just the initial protocols? I did think UMA would certainly complement the solid work. Adrian, is the Microsoft DIF identity hubs based on solid or separate? Looks like a very similar concept except they have used blockchain for identity rather that webid. Regards Paul ________________________________ From: WG-UMA <wg-uma-bounces@kantarainitiative.org> on behalf of Tim Reiniger <tsreiniger@gmail.com> Sent: Tuesday, April 9, 2019 12:53:27 AM To: Eve Maler Cc: wg-uma@kantarainitiative.org WG Subject: Re: [WG-UMA] Reinvigorating our business model work: a plan Interesting that the AP Reporter knew about UMA! I wonder how best to tease/nudge the Solid development team into integrating UMA. Tim On Mon, Apr 8, 2019 at 9:47 AM Eve Maler <eve@xmlgrrl.com<mailto:eve@xmlgrrl.com>> wrote: I've been trying to figure out how compatible they are with each other. Solid appears to be an open-source framework but not an open protocol per se, so there's no independent messaging "flows" I can look at to understand how they could hook together. Maybe I'm wrong and somebody could point me to this. An AP reporter doing a story on Solid actually called me a few weeks ago to ask about UMA and their relationship... Eve Maler Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl On Mon, Apr 8, 2019 at 8:06 AM Tim Reiniger <tsreiniger@gmail.com<mailto:tsreiniger@gmail.com>> wrote: You all might find this user-centric digital identity solution being developed by Solid (Tim Berniers-Lee with Mastercard seed funding) and that is a finalist with a World Bank competition. The mention of user-controlled permissions made me think that there might be a UMA 'play' with this: https://solve.mit.edu/challenges/id4d-mission-billion/solutions/5477 Tim On Mon, Apr 8, 2019 at 4:49 AM Cigdem Sengul <Cigdem.Sengul@nominet.uk<mailto:Cigdem.Sengul@nominet.uk>> wrote: Hello Eve, This sounds good. I would be interested in the Legal meetings. I also just received this workshop announcement, and think it would be good to disseminate the output here as well. What do you think? CALL FOR PARTICIPATION: Presenters and Posters Delivering Data Protection in Real-time: Transforming Privacy Law into Practice. University of Oxford/OASIS International Workshop 9-10 September 2019, Oxford Chairs: Jassim Happa<https://www.cs.ox.ac.uk/people/jassim.happa/> (Oxford), John Sabo<https://www.oasis-open.org/people/distinguished-contributor/john-sabo> (PMRM/OASIS) FOCUS (further details, including full list of topics, below) · Existing tools and standards that bridge data privacy control requirements to the technical functionality needed to assure data protection service delivery compliance in online systems. · R&D underway contributing to enhanced data protection service delivery. · Practices in implementing systems that comply with the law. · Benchmarking and demonstrating legal compliance, including active data protection test beds for run time compliance. · The emerging privacy engineering discipline and its limitations and potential. · Big thoughts: Advances in real-time, policy-configurable data protection controls and code. We want to help pull together a community of interest: come see what others are doing, get feedback on your approaches, and meet potential collaborators. Call for Presentations (10-15 minutes): ½-page abstract, together with an outline of the presentation. Email: katherine.fletcher@cs.ox.ac.uk<mailto:katherine.fletcher@cs.ox.ac.uk>. Deadline Friday, June 22nd, 2019 (anywhere on Earth) / acceptance 30 June Call for Posters: Abstract no longer than one page, together with a draft of the poster itself. Email: katherine.fletcher@cs.ox.ac.uk<mailto:katherine.fletcher@cs.ox.ac.uk>. Deadline Friday, August 16th, 2019 (anywhere on Earth) / acceptance 23 August =================== FURTHER DETAILS =================== =================== Call for Presentations =================== Presenting at this workshop is a great way for stakeholders to share insight in the state of the art in privacy and data protection compliance. We invite industry, government and academics alike. Presenters can discuss published and unpublished works related to privacy and data protection issues. Presentation submission is not a requirement for attendance. We are particularly interested in the following topics in data protection and privacy: - Automation (e.g. including making use of AI, machine learning or expert systems) - Business decisions impacting privacy implementations - Company post-mortems/lessons learnt in preparing for GDPR - Data protection auditing (e.g. run-time monitoring of data processing) - Decisions about cloud/distributed systems - Ethical issues impacting privacy delivery - Information flow - Interpreting privacy law - Manageability and compliance - Metrics and Key Performance Indicators - Policies - Practitioner experiences - Awareness programmes, including education - Privacy Enabling Technologies (PETs) - Protocol security - Research projects examining law and automation - Run-time Monitoring and auditing - Security composition across domains - Smart contracts and distributed ledgers - Software engineering experiences - Usability and Human Factors This list is not exhaustive, and we encourage other related topics as long as there is an obvious link to data protection and privacy. If you are unsure about whether your topic is appropriate, please email us and ask. The reviewing committee will place more emphasis on experiences and practices that address concrete privacy and data protection challenges directly, and less emphasis on abstract ideas, armchair-theorising and conceptual models. Examples may include (not an exhaustive list): proof of concept tool development, experiences in policy development, empirical evidence discussions. We are specifically after solution-centric insights that pushes the discussion forward, or bold ideas that shake the status quo in how we consider implementation of privacy and data protection. Call for Posters Presenting a poster at this workshop is a great way for students and academics alike to obtain valuable feedback from industry, other academics and law experts on their ongoing work in advancing the state of the art in privacy and data protection compliance. In this workshop we aim to get great ideas together with people who might need them. Posters can present published and unpublished works related to privacy and data protection issues. Posters presenting inter- and multidisciplinary work related to privacy and data protection are also welcome. Poster submission is not a requirement for attendance. Topics in privacy and data protection: - Access control - Accountability - Anonymity - Attacks and defences - Authentication - Automation - Big Data - Business - Cloud/distributed systems - Cryptography - Decision making - Economics - Data Subject control of their PII - Ethics - Forensics - Hardware - Internet of Things - Interpreting privacy law - Law - Manageability and compliance - Metrics - Misuse/anomaly detection and prevention (Intrusion detection and prevention) - Mobile and Web - Policies - Privacy and data protection awareness - Privacy Enabling Technologies (PETs) - Protocol security - Run-time Monitoring and auditing - Information flow - Security - Smart contracts and distributed ledgers - Usability and Human Factors This list is not exhaustive, and we encourage other related topics as long as there is an obvious link to data protection and privacy. If you are unsure about whether your topic is appropriate, please feel free to email us and ask. The reviewing committee will place more emphasis on methods that address concrete privacy and data protection challenges, and less emphasis on position papers, armchair-theorising and conceptual models. We are specifically after solution-centric ideas such as novel algorithms to ensure data protection, empirical/experimental studies that provide more evidence, or bold ideas that shake the status quo, about how we deliver privacy and data protection. All of which should advance the state of the art in legal compliance through code and automation. Posters will be reviewed by a poster jury with members drawn from the PC. They will be assessed based on relevancy, quality and value to the attendees. Poster abstracts are due end of Friday, August 16th, 2019. At least one author of each accepted poster will be required to attend the workshop to present the poster. Accepted poster abstracts will be posted on the workshop website. HOW TO: The abstract title should begin with the keyword "Poster: ". Please include all authors with contact information and institutional affiliation in your abstract. Abstracts should succinctly describe the particular problem being addressed, detailing the proposed solution and the value of the work. If the work was previously published, please include a reference to the existing publication. There is no template provided, but all submissions should be in PDF format. Presented posters can be sized up to A1 or A0, either portrait or landscape, but should be scaled down to letter or A4 for submission as a PDF. If accepted, at least one author must be registered and a final version of the poster abstract submitted by Friday August 29th, 2019. For more information, please contact us at katherine.fletcher@cs.ox.ac.uk<mailto:katherine.fletcher@cs.ox.ac.uk>. =================== ABOUT THE WORKSHOP =================== Demonstrating compliance of privacy law (including GDPR in information sharing or data processing) remains difficult for organisations today. It involves multiple stakeholders, including software engineers, policy makers and business owners. Despite a nascent data protection engineering discipline, comprehensive privacy engineering standards (such as the OASIS Privacy Management Reference Model, NIST’s Privacy Framework, MITRE’s Privacy Engineering Framework), the necessary tools have not been available to support the design and implementation of integrated technical functionality necessary for systemic data protection assurance. Chains of systems, data flows and repositories, with heterogeneous data management, with sometimes incompatible practices and non-standardised data protection controls present huge challenges to organisations attempting to meet their real-time data protection obligations for business applications as well as visibility into their own data protection systems. This workshop brings together software engineers, policy makers, lawyers, practitioners, technologists and independent data protection/privacy experts from industry, standards communities, regulators, government, and academia to share lessons learnt about data protection, discuss how to address challenges in today’s society from a multistakeholder perspective. In this workshop, we hope to bring together new insights on the state of the art in real-time data protection service delivery, by identifying clear gaps common across various stakeholders that need to be filled, and promising industry and research initiatives attempting to build solutions to hard problems. The workshop will include expert presentations, panels, poster sessions and technical demonstrations addressing such issues as: privacy engineering, run-time compliance monitoring, means and methods to go from law to code. We will invite several panels but also encourage submissions for presentations and posters. Day 1 agenda: · Reviewing the problem statement. · State of the art review: o Presentations outlining lessons learnt from industry, government and academia. o Poster session - showing the state of the art in research. · Identify capability and capacity gaps across various sectors and use cases from multi-panel, multi-stakeholder discussions. Day 2 agenda: · Identify possible solutions (both planned and in development now) across various sectors from multi-panel, multi-stakeholder discussions. · Discuss feasibility of proposed solutions and their testability. · Identify approaches for collaboration and fora going forward. Topics to be discussed · Existing tools and standards that bridge data privacy control requirements to the technical functionality needed to assure data protection service delivery compliance in online systems. · R&D underway contributing to enhanced data protection service delivery. · Practices in implementing systems that comply with the law. · Benchmarking and demonstrating legal compliance, including active data protection test beds for run time compliance. · The emerging privacy engineering discipline and its limitations and potential. · Big thoughts: Advances in real-time, policy-configurable data protection controls and code. Outcome & take-aways This workshop aims to provoke a discussion on present day and future challenges and solutions, and spark collaboration opportunities to take forward. Participants become part of an actively engaged community sounding board that generates productive ideas, activities, and alliances during the event. A white paper will be circulated after the event outlining identified issues and work towards charting a clear path forward. This may include the creation of new technical committees and/or working group chartered to develop relevant standards, specifications, profiles, and/or best practices. Future workshops may also be organised to continue achieving objectives. Intended audience Those responsible for developing, influencing and managing data protection and risk management in the public and private sectors are welcome to attend. This may include IT security practitioners, senior security policy and risk management practitioners, security and privacy managers, researchers, representatives from industry, government, the academic community, etc. Food and beverage Coffee breaks, luncheons and a workshop dinner on the 9th September are included in the conference fee. From: WG-UMA <wg-uma-bounces@kantarainitiative.org<mailto:wg-uma-bounces@kantarainitiative.org>> on behalf of Eve Maler <eve@xmlgrrl.com<mailto:eve@xmlgrrl.com>> Date: Friday, 5 April 2019 at 22:54 To: "wg-uma@kantarainitiative.org<mailto:wg-uma@kantarainitiative.org> WG" <wg-uma@kantarainitiative.org<mailto:wg-uma@kantarainitiative.org>> Subject: [WG-UMA] Reinvigorating our business model work: a plan Tim (our Legal Editor) and I have just met, and I'd like to propose a way forward for producing our second business model report. We'd like to: * Focus it on use cases that illustrate each of our mappings from business relationships (and changes in those relationships) to UMA technical artifacts -- we can refine as necessary * Publish it by September -- moving quickly is a priority * Find a time when interested parties can meet apart from the main Thursday WG flow -- like our old Legal meeting series As a reminder, here is the main "Legal role definitions<https://docs.google.com/presentation/d/1I12agEsfaJK3LEiJyROrJV3PCEmhlCzCxYS7wSfzDjU/edit?usp=sharing>" deck. Please respond in this thread or directly to me and Tim with your interest and questions. Eve Maler Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org<mailto:WG-UMA@kantarainitiative.org> https://kantarainitiative.org/mailman/listinfo/wg-uma