A Federated Authorization Framework for Distributed Personal Data and Digital Identity
It addresses the digital identity and data privacy challenge for individuals and institutions, but appears incremental as it builds on existing federated authorization concepts.
The paper tackles the problem of managing access to distributed personal data by proposing the User Managed Access (UMA) architecture and protocols, which enable individuals to control consent and access policies across federated data holders.
The digital identity problem is a complex one in large part because it involves personal data, the algorithms which compute reputations on the data and the management of the identifiers that are linked to personal data. The reality of today is that personal data of an individual is distributed throughout the Internet, in both private and public institutions, and increasingly also on the user's devices. In order to empower individuals to have a say in who has access to their personal data and to enable individuals to make use of their data for their own purposes, a coherent and scalable access authorization architecture is required. Such an architecture must allow different data holders, data providers and user-content generators to respond to an individual's wishes with regards to consent in a federated fashion. This federation must allow an individual to easily manage access policies and provide consent as required by current and forthcoming data privacy regulations. This paper describes the User Managed Access (UMA) architecture and protocols that provide the foundation for scalable access authorization.