Subscribing to a Friend's Personal Cloud
|Eve Maler||Stable||Phil Windley's conception of a personal cloud includes not only a fully distributed personal data store composed of many data sources, but also a fully distributed CloudOS that includes an authorization management function. This case study describes how an UMA authorization server can serve in this role for letting Alice subscribe to elements of Bob's cloud, and vice versa.|
|Management and Sharing of Personal Accessibility Needs and Preferences||Keith Hazelton||Stable||By and large, purveyors of online services and resources have fallen short in accommodating the accessibility requirements of many of the people they want to serve. The problem is challenging but its urgency is undeniable. This case study suggests that UMA could address one of the core challenges: Providing users the ability to express personal accessibility needs and preferences and to control the release of subsets of that information so that online services can tailor themselves accordingly.|
|Secure sharing of Higher Education Achievement Reports (HEARs) at Newcastle University using SMART||Maciej Machulak||Stable||The very first UMA scenario accepted was “Sharing Trustworthy Personal Data with Future Employers”. This scenario overlaps greatly with the concept of Higher Education Achievement Reports (HEARs) that are planned to be introduced at Newcastle University. The HEAR is intended to provide a single comprehensive record of a learner’s achievement at a higher education institution such as Newcastle University. It will be an electronic document, which will adhere to a common structure and can be verified by the academic registrar or equivalent officer. However, HEAR leaves unspecified how such document is shared outside of the institution. The SMART Authorization Manager (SMART AM), the first UMA-compliant authorization server that allows end-users to easily compose very flexible sharing settings for their online data, has presented an opportunity to solve the HEAR challenge.|
|Online Personal Loan||Domenico Catalano||Stable||Personal information sharing is an emerging trend for online daily life activities, including interactions with financial credit institutions. This case study analyzes a specific scenario for a financial credit interaction for an online personal loan request. An individual can fill out a loan application by authorizing the release of trustworthy financial information from multiple sources.|
|State Health Information Exchange||Adrian Gropper||Draft||State health information exchanges (HIEs), having adopted standardized secure (Direct) email for their providers are now drafting RFPs for patient-authorized aggregation, discovery and transfer of health records. They will seek identity management, record location and access management services that are simple, cost-effective and likely to be supported by EHR vendors either voluntarily or as a result of federal mandates. Some momentum in favor of UMA comes from the significant likelihood that OAuth will be part of EHR incentive regulations in future years.|
|Healthcare relationship locator service||Adrian Gropper, Eve Maler, et al.||Draft|
Today the emphasis is on data aggregation; in future we assume it will switch to controlled access to distributed data instead (where sometimes data will be distributed in upstream form but aggregated in downstream form). Patients in question will have an online presence (e.g., can log in to patient portals etc.) in future. Even in cases where patients can’t control sharing of their data by others, they must retain the right and ability to monitor it. UMA can play a role in solving some problems of a Relationship Locator Service, and can aid other more complete solutions by providing common access control and authorization plumbing. (Working document is visible here.)
|Sharing Among Parent Groups||Thomas Hardjono||Initial thoughts|
A school (or school coalition) wishes to make available an resource sharing infrastructure to parents that would allow them to share their personal/family resources as well as create "digital communities" consisting of a group of parents.
|Access Management 2.0 for the Enterprise||Eve Maler||Draft||Although UMA's primary use cases have centered on individual people, the "users" who managed access to their own online resources, the UMA notion of authorization as a service also has relevance to modern enterprises that must secure APIs and other web resources in a developer-friendly way.|
|Centralizing Business Logic for SaaS Services||Eve Maler, Mike Schwartz||Draft||It is valuable to enable enterprises to centralize their policies and entltlements (scope generation) in an authorization server that they run, letting each SaaS vendor with which they contract run a resource server that respects those entitlements.|
|When the Resource Server and Client Are the Same||Eve Maler||Initial thoughts||When multiple people need to use the same web app, meaning that the resource server and the client are the same application, there are both optimization opportunities (because of the colocated entity) and interesting use cases (for example, household accounts representing multiple people/identities).|
IoT - Intelligent Refrigerated Shipping Containers
|Marcelo Da Cruz||Draft||This case study involves a ship hauling intelligent “reefers” (refrigerated containers) and tracking environmental factors (e.g., temperature, humidity) to ensure that the contents arrive in good conditions to their destination. Ship system needs to access reefer resources for en route tracking/monitoring.|
|Giving K-12 Students Control of Their Data||Erwin Bomas, Mark Dobrinic||Draft|
Kennisnet investigates the user-centric approach of data management for education using UMA. Kennisnet created a mock-up of an UMA based dashboard for end users.
|Users Managing Delegated Access to Online Government Services||New Zealand Government||Final||The New Zealand office of the GCIO ran a Proof of Concept (POC) project to test the concept of a Common Delegations Capability for shared government use.|
|Origo||Origo, a not-for-profit FinTech company in the UK, has developed an UMA-based solution for the Pensions Dashboard Prototype Project. It lets a UK resident use a discovery service that finds "pension pots" left behind from previous jobs and view all the results as a high-assurance self-requesting party in an application that functions as an UMA client, and then share that aggregated information with other high-assurance requesting parties, such as accountants. This use case was also highlighted in this presentation about UMA2.|
Lush Group's HealthMePHR implementation explores usage of UMA, the HEART profiles, and OpenID Connect for a series of concrete scenarios. For more information about this implementation, see the Implementations page.