ForgeRock initiative to accelerate UMA adoption
31 July, 2015
category: Corporate, Digital ID, Health
ForgeRock, a provider of identity management solutions, announced a new digital consent and privacy initiative, led alongside other open-source technology companies and experts, to accelerate developer adoption of the User-Managed Access (UMA) standard.
ForgeRock will help spearhead the new Kantara Initiative UMA Developer Resources Work Group to release new open-source UMA implementation toolkits for web applications and the Internet of Things (IoT).
UMA, launched by the Kantara Initiative in 2009, is an OAuth-based protocol that gives a web user a single control point for authorizing who and what can get access to their online personal data. The UMA standard has already received support from government and health care organizations such as the Government of New Zealand and Philips.
ForgeRock’s forthcoming addition of OpenUMA support to the ForgeRock Identity Platform is designed to help deliver “Consent 2.0” experiences to customers and citizens who are increasingly more concerned about their ability to manage their digital privacy. According to recent Pew Research, 91 percent of Americans agree or strongly agree that consumers have lost control over collection and use of personal information.
The UMA standard enables both consumer privacy scenarios and next-generation business authorization scenarios. For example, instead of making copies of a child’s healthcare records at the beginning of the school year and walking it into the school office where it will be “filed,” a parent could give the school access to the online record for one week at the start of the school year.
Once the school confirms the child’s health status and vaccinations, access to the digital record can be revoked, eliminating the need to duplicate personal healthcare records and maintaining privacy. In a similar fashion, financial records can be shared with tax accountants and loan officers and healthcare records can be shared with medical specialists. With UMA, individuals can grant access to digital records on a need-to-know basis and for only an appropriate length of time.
The new Kantara Initiative Work Group will provide free and open-source software for developers incorporating UMA enablement and protection into applications, services and devices. The software, which will be available in languages such as Java, C++ and Python, will make it easy to add interoperable authorization, access control, privacy and consent features to application ecosystems.
