Seguridad Mania.com - España y América Latina

PISCATAWAY, NJ -- (Marketwired) -- 05/05/15 -- Kantara Initiative announces that the User-Managed Access (UMA) Version 1.0 specifications have achieved the status of Kantara Initiative Recommendations through an overwhelming show of support from the organization's Members. To mark this milestone, Kantara will be holding a free live webcast on May 14 at 9am Pacific.

Developed through an open and transparent standards-based approach, the UMA web protocol enables both privacy-enhancing consumer-controlled scenarios for release of personal data and next-generation business scenarios for access management. The UMA Work Group has identified a growing variety of use cases, including patient-centric health data sharing, citizen-to-government attribute control, student-consented data sharing, corporate authorization-as-a-service, API security, Internet of Things access control, and more.

"UMA has been generating industry attention with good reason. UMA bridges a critical gap by focusing on customer and citizen engagement to transform privacy considerations in to real business development opportunities," said Joni Brennan, Executive Director, Kantara Initiative.

UMA is an OAuth-based protocol designed to give a web user a unified control point for authorizing who and what can get access to their online personal data. By letting a user lodge policies with a central authorization service that requires a requester "trust elevation" (for example, proving who they are or promising to adhere to embargoes) before that requester can access data, UMA enables privacy controls that are individual-empowering -- an idea that has perhaps gotten lost in the rush to corporate privacy practices that have focused on compliance.

This model enables individuals interacting with the web to conveniently reuse "sharing circles" and set up criteria for access at a single place, referred to as the UMA authorization server, and then go about their lives. For enterprises, deploying UMA allows applications to be loosely coupled to authorization methods, significantly reducing complexity, and to make the process of access decision-making more dynamic.

"Existing notice-and-consent paradigms of privacy have begun to fail, as evidenced by the many consumers and citizens who feel they have lost control of how companies collect and use their personal information," said Eve Maler, ForgeRock's VP of Innovation & Emerging Technology and UMA Work Group Chair. "We're excited that UMA's features for asynchronous and centralized consent have matured to reach V1.0 status."

"The future Internet is very much about consumer personal data as an important part of the broader data-driven economy ecosystem. If personal data is truly a digital asset, then consumers need to 'own' and control access to their various data repositories on the Internet. The UMA protocol provides this owner-centric control for sharing of data and resources at Internet scale," says Thomas Hardjono, Executive Director of the MIT Kerberos & Internet Trust Consortium and UMA Work Group specification editor.

"With the growing importance of personal data on the Internet, there is a clear need for new ways to allow individual users be in control of their data as an economic asset," says Dr. Maciej Machulak, Chief Identity Architect of Synergetics and UMA Work Group Vice-Chair. "UMA can become the very basis for the profound trust assurance and notably the trust perception with end-users and organizations, that is required to finally introduce end-users as genuine stakeholders in their own processes and the integration point of their own data."

Companies, organizations, and individuals can get involved by joining Kantara Initiative and the UMA Work Group, taking part in planned interoperability testing, and attending the webcast.

Kantara Initiative provides strategic vision and real world innovation for the digital identity transformation. Developing initiatives including: Identity Relationship Management, User-Managed Access (EIC Award Winner for Innovation in Information Security 2014), Identities of Things, and Minimum Viable Consent Receipt, Kantara Initiative connects a global, open, and transparent leadership community. Luminaries from organizations including: CA Technologies, Experian, ForgeRock, IEEE-SA, Internet Society, Radiant Logic and SecureKey drive strategic insights to progress the transformational elements needed to leverage borderless Identity for IoT, access control, context, and consent.