ForgeRock Identity Platform recognized with a Silver Medal for the User-Managed Access capabilities in its OpenUMA project
Last week the ForgeRock Identity Platform was recognized by the fifth annual Best in Biz Awards, taking home a silver medal in the category of Most Innovative Product of the Year for its open-source OpenUMA project, which implements the User-Managed Access (UMA) standard.
It’s really great to see OpenUMA getting the mainstream recognition it deserves. This year the event’s organizers received more than 600 entries from the U.S. and Canada. The Best in Biz Awards is the only independent business awards program judged by members of the press and industry analysts. The full list of gold, silver and bronze winners can be found here.
ForgeRock’s CTO and one of its founders, Lasse Andresen, conceived the OpenUMA project. He had this to say: “We’re proud to be in such good company receiving this Best in Biz award. OpenUMA complements the rest of our open-source ForgeRock Identity Platform, representing innovative consent and authorization thinking to match our groundbreaking work in scalable and RESTful identity technologies for access, provisioning, gateway, and storage.”
To give you some background on the technology, UMA is an OAuth-based protocol that enables an individual to control the authorization of data sharing and service access made by others. OAuth is a security mechanism first popularized by Facebook and Twitter in the mid-2000s, and has been widely adopted as a very powerful tool that reaches beyond the edges of the traditional consent conversation. OAuth allows users to consent to connecting third-party apps with APIs serving up sensitive and personal information in a constrained fashion, and to withdraw that consent as well.
The consented data sharing challenge becomes exponentially more difficult when trying to share – and then subsequently withdraw consent for sharing – information generated from myriad “Internet of Things” devices such as a pacemaker, connected car, utility meter, or light bulb. And information access isn’t just about sharing with software applications – we need to share data with other people and organizations as well.
The UMA standard was layered on top of OAuth to meet this challenge. I launched UMA at the Kantara Initiative in 2009, where our Work Group has built a powerful protocol that enables an individual – end-user, enterprise or other – to control the authorization of data sharing and access to information by others. ForgeRock’s OpenUMA project has made significant progress this year in building an UMA-compatible implementation, in the context of the overall open-source community involved in informing, improving, and extending the entire ForgeRock Identity Platform.
OpenUMA gives organizations new tools for customer satisfaction and privacy compliance by offering convenient central control over multiple personal data services. Users can select specific data and permissions to share, and parties requesting access must prove that they are who they say they are before access is granted.
Some examples: With ForgeRock OpenUMA, a citizen could delegate access to an online visa application to a social worker or family member for assistance, and then revoke that delegation as appropriate. Another use case enables an individual, in the role of both a consumer and a patient, to share data from fitness wearables, personal health records, and Internet-connected health devices, in a constrainable fashion with only the professionals or personal trainers they authorize.
OpenUMA fosters a concept called the “Share paradigm,” where individuals can delegate access proactively through a Share button, and need never be confronted with an all-or-nothing opt-in consent button labeled “Agree” without a corresponding option to give fine-grained access approval choices. One selects the scope of sharing from a drop-down menu: “Can they disable the video doorbell camera, or just view the image and move the camera from side to side?” “Can they see free/busy times or all calendar details?”
My colleague Andy Hall, director of product management at ForgeRock and a key contributor to OpenUMA, commented when he heard the award news: “The OpenUMA project is all about openness and transparency. It lets API ecosystems achieve delegation, consent, and revocation of data sharing quickly because its open-source nature lets implementers get started quickly. We’re thrilled to be recognized for our cutting-edge work on a solution that moves well past the state of consent tools in the world today.”
We believe OpenUMA is ushering in a new era of consent management for those moving rapidly to take advantage of new technologies such as IoT in the digitally connected world. We already know that privacy isn’t made up of encryption alone, and it’s certainly not made up of pure secrecy. With User-Managed Access at its core, OpenUMA is executing to a radical vision of privacy that is based on context, control, choice and respect.
Here’s to winning the gold next year!
Ed. note: Here’s Eve presenting on Consent 2.0 at our Identity Summit Half Moon Bay from earlier in 2015.