Versions Compared

Old Version 5

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

...

  • Subject Registration, which is referring for creating trust relationships between the Subject towards AM, and Subject towards Host, and vice versa. 
  • Host Introduction, which is referring for establishing trust relationship between Host and AM, brokered by the Subject, in order to allow Host to delegate authorization decision to AM during the data sharing process.
  • Data Sharing constellations, which is referring for delegating a third-party (Requesting Party) to access web resource. Image Added

The first two phases can be consolidated in a unique and fundamental element that we call Bootstrapping Trust.

...

The following picture shows the possible alternative approaches applicable to UMA protocol:

  1. Self-Registration -> A
  2. Affiliate Registration through standard Identity technologies (SAML, OpenID, etc.) -> B
  3. Trusted Framework  Image RemovedFramework -> C Image Added

Bootstrapping Trust is the fundamental phase where the subject builds his (trust) mental state towards other agent (Host, AM), evaluating the trustworthiness factors.

...

Delegation can be represented as a vector in a Cartesian plan (X-axes: Level of trustworthiness between the delegator and delegated agent, Y-axes: level of delegation, based on the iterative process of the protocol), which has initial point (delegator), a terminal point (delegated agent), a length and a directionImage Added
The following picture shows the Cartesian plan representing a person-self sharing constellation:  Image Added

The level of trustworthiness of UMA actors is calculated based on trustworthiness factors. For instance, in the person-self sharing constellation, we assume that the distance between Authorization Manager (AM) and Authorizing User (AU) is equal to 0, this is the highest level of trust that AU relays on AM, considering all the trustworthiness factors (qualitative and quantitative), which are evaluated during the Bootstrapping trust phase.

In the picture are represented the following delegation’s vectors:

  • Vector V1 represents the delegation of the action “Access” from Authorizing User (delegator) to Requester (delegated agent).
  • Vector V2 represents the delegation of the action “Authorization” from the Host (delegator) to Authorization Manager (delegated agent).
  • Vector V3 represents the delegation of the action “Consent” from the Authorization Manager (delegator) to Authorizing User (delegated agent).

The degree of trust of the entire process of data sharing can be calculated as length of resulting vector from summing delegation’s vectors (V1+V2+V3):

Without direct Authorizing User Consent

V1+V2 = (2,1)+(-1,1) = (1,2)

Degree = Length (V1+V2) = 2.23

With direct Authorizing User Consent

V1+V2+V3= (2,1)(-1,1)(0,-2) = (1, 0)

Degree = Length (V1+V2+V3) =  1

  Image Added

Reference

 [1] T3 Trust theory http://www.istc.cnr.it/T3/trust/pages/delegation.html