The User Managed Access (UMA) Working Group is taking to the Twitterverse.
The group, operated out of the Kantara Initiative, will hold its first-ever chat on Twitter this Wednesday.
UMA founder and group chair Eve Maler (@xmlgrrl) and Maciej Machulak, UMA group vice-chair (@mmachulak) will host the hour long event from 9-10am Pacific time. The UMA pair plan to focus on the specification and on UMA implementations, interoperability testing, best practices and development advice.
Those interested in the protocol only need a Twitter account to participate. Those who don't want to sign up for Twitter can read the chat transcript but can't post questions or contribute to the discussion. The Twitter hashtag to contribute and follow the discussion is #umachat.
UMA promises to give users and corporate policy makers tight access controls over their personal or sensitive data housed in online social, sharing and business sites. User-managed data access controls such as UMA potentially could put a dagger in the privacy and usage debates burning around social networking sites such as Facebook and Google, and solve questions about control over more sensitive data stores such as health-care records and government databases.
Just last week, UMA submitted revision three of its Internet-Draft (I-D) to the Internet Engineering Task Force (IETF). The group hopes to update the draft a few more times with resolutions to open issues before the next IETF meeting, which begins March 25. The original I-D submission was made in July 2011, calling for a draft recommendation on a user-managed data access protocol that had been three years in the making.
There are several active UMA implementers looking to resolve outstanding issues as quickly as possible to support interop activities in the spring and summer timeframe, Maler says. In addition, a number of business use cases are emerging and being collected within the UM working group.
The Center for Cybercrime and Computer Security at Newcastle University in the UK is one organization already testing UMA and believes it can be used to control sharing of sensitive data, such as employment history, exam results and health information.
At its core, UMA is an authorization mechanism. UMA authorization hubs provide an interface to set consent policies for access to cloud-based application resources. Requests for data access are routed through the UMA hub and checked against policies. UMA is built on the emerging Internet Engineering Task Force (IETF) standard OAuth 2.0.
For example, an online resume could be protected and only viewed by those who have permission from the owner. Rights to view the resume are exchanged on the wire using OAuth access tokens.
From the business angle, UMA is exploring small business use cases where employers could control access to cloud application resources used by contractors or temporary employees.
Maler said last year that UMA could also function as a lightweight RESTful interface for the authorization decision protocol called the Extensible Access Control Markup language (XACML). The protocol is gaining interest from enterprise IT staffs looking for standards-based centralized authorization.