Sunday, March 20, 2011

UMA meets EEMA

Lat week I was on a PR-mission in Leuven, Belgium at the EEMA eID interoperability Conference.
Together with 2 members of the Kantara inititative I presented UMA to the EEMA-delegates, investigated the possible use of UMA as a part of the eID (electronic ID) and the possible cooperation of Kantara and EEMA. We succeeded in all.
This EEMA conference was organized to discuss specific areas of importance in the digital identity arena and exchange ideas amongst its delegates.
This year it was mainly about Industry,Business and Administrations dealing with privacy, which was for me not surprisingly given the enormous amount of attention paid to this difficult issue the last year.
Companies like SafeNet, Verizon, IBM and CA shared their vision and solution for eID-issues, while institutions like Novay and the Fraunhofer Institute gave insight in their e-ID-research.
Administrations were also represented by different countries ,EU-consortia and agencies(eg. ENISA, STORK, SSEDIC), giving the conference a diverse crowd consuming the latest intel on eIDs.
And in this crowd I was present with my UMA-session, which was well-received by the delegates and new fruitful contacts were made.
UMA was a bit of an outsider, because most issues dealt with authentication, in contrast to the authorization-protocol UMA.
However, UMA is user-centric,and interoperable, so much discussion was about its use in trust frameworks between authentication protocols like OpenID, SAML and other authorization protocols like OAuth. After all, in an enterprise it's very important if you know if the person sharing data with you online is really that person (authenticated) and also is authorized by his company to share these things. Missing both functions makes this person useless to you, costing only time, effort and at the end profit of your enterprise.
With UMA you have a 'doorman', dealing with the sharing of your data with 3rd parties, relieving you from the hassle of doing this yourself.

Together with my fellow UMAnitarians I look forward to future implementations of UMA in online identity-solutions build together by industry, business and administrations.
All in favor of the person UMA is build for: the user who wants to control the access of his online data!

No comments: