User-Managed Access technology for consented data sharing presented at MyData 2016

With personal data becoming a new economic asset class, Dr. Maciej Machulak (Senior Identity Architect at iWelcome) presents technological solutions that empower individuals with privacy and security controls for their online transactions.

The end of August/beginning of September was marked by an exceptional conference held in the beautiful city of Helsinki, Finland. The conference named MyData 2016 was an international conference that focused on human centric personal information management. It gathered technologists, entrepreneurs, policy makers, government representatives, developers and enthusiasts interested in bringing the necessary levels of control and privacy for individual users. It is pivotal that such control is handed back to individual users in today’s world where personal data is involved in nearly all kind of transactions. This relates to retail, banking, healthcare, social networks, among many others sectors.

Personal Data types

Figure 1. Personal Data has become ubiquitous (source: MyData Interoperability Model presentation – https://goo.gl/U75EFJ)

The conference was held in relation to the MyData initiative. MyData is a human-centered approach in personal data management that combines industry need to data with digital human rights. The core idea behind this initiative is to let individuals be in control of their own data. This can open new opportunities for businesses and organisations to develop innovative services that leverage personal data while also preserving privacy. One of the core principles of the MyData approach is: “Every person has the freedom to use, build on or share their personal data – and to determine who else gets to do that and how.”

iWelcome shares knowledge and experience during the Technical Horizons track

Dr. Maciej Machulak talking about the importance of User-Managed Access in providing individuals with control over their personal information.

Dr. Maciej Machulak talking about the importance of User-Managed Access in providing individuals with control over their personal information.

Dr. Maciej Machulak represented the iWelcome company at the conference. Maciej presented during the Technical Horizons track. He was part of the discussion panel, which was chaired by Kai Kuikkaniemi, on technical solutions that aim address the emerging security and privacy concerns around personal information on the Web. iWelcome considered it important to contribute with its technical knowledge and experience to that track.

The Technical Horizons track started with a presentation from Justin Richer who provided an overview of OAuth-related standards. Justin showed the importance of various technologies that are required for successfully implementing a secure and OAuth-compliant applications.

Maciej did the next presentation and he introduced UMA to the audience. Maciej first discussed the existing challenges of controlling access to online data. He then provided information about the importance of the UMA technology to address these challenges and then showed some details of award-winning UMA protocol itself. Maciej also shared a little bit about the future of UMA which is being shaped by the UMA WG at Kantara Initiative. Slides of the iWelcome presentation can be downloaded here.

Dr. Maciej Machulak presenting the high-level architecture of User-Managed Access.

Dr. Maciej Machulak presenting the high-level architecture of User-Managed Access.

The Technical Horizons track also included presentations from Markus Sabadello and Sean Bohan. During his presentation, Markus discussed XDI (eXtensible Data Interchange). XDI is a data model and protocol that envisions a global network of data. In such network, all aspects of individual and organisational identity can be connected and managed through so-called “link contracts”. Sean talked about the concept of Vendor Relationship Management (VRM). VRM reverses the traditional relationship between consumers and companies (traditional approach is called CRM – Customer Relationship Management). Sean’s talk included an overview on VRM and its connection to digital identity as well as Personal Data Stores. Sean also provided a quick introduction to an emerging protocol called JLINC. This protocol supports data exchange under user submitted terms, along with the logging of the activity on a distributed ledger.

The Technical Horizons track ended with a panel discussion with all four presenters. The panel discussed the role of different technologies in advancing the user-centric personal data management, how different technologies interoperate or interface with each other, and what technological solutions are still missing. The panel also provided companies and organisations with recommendations regarding the use or adoption of new technologies and services for effective personal data management.

Other tracks of the MyData 2016 conference focused also on the fundamental shift in how data management has to be done in today’s world – from companies being able to collect and process personal data as they aspire to the model where individuals can decide on the use of their data. Without a doubt, such shift requires effort and collaboration at the business, legal and technical levels in order to gain traction and be accepted at large scale. One notable presentation by Professor Irene Ng from University of Warwick introduced the Hub of All Things (HAT). HAT is marketed as the personal data platform created to trade and exchange user data for services in a standardised and structured manner. HAT includes a data schema which allows new mashups or new ways of putting together data for new services to be created to serve lives of individual users.

Interesting applications created during the Ultrahackathon

 In parallel to the core MyData 2016 programme, the conference also included an Ultrahackathon during which teams of developers implemented innovative ideas in the field of personal data management. The hackathon concluded with a pitch to potential investors. One of the winning teams implemented Mobility Profile – a personal repository for mobility data which can be used on smartphone devices. With data being aggregated in such a repository, users can monitor access relationships more easily. Such data could be also shared further according to user preferences (potentially with UMA as the underpinning protocol for consent management?).

Successful event in today’s world full of personal information

With estimations showing that digital identity applications can bring a quantifiable annual benefit of approximately €1 trillion in Europe by 2020, such events as the MyData 2016 conference are crucial for the industry. Importantly, iWelcome is the only Gartner-recognised Europe-based IDaaS (Identity-as-a-service) provider and hence is in a unique position to help European companies and organisations with their challenges relating to management of personal information. Combined with the upcoming GDPR regulations, such challenges may be even more apparent and may require specialised knowledge from expert companies.

 

To learn more about how iWelcome can help your organisation with data privacy and security, please contact us directly at sales@iwelcome.com.

Go back