At the beginning of May 2011, the SMART team attended the Internet Identity Workshop in Mountain View, CA. This was a great opportunity to present our work and to discuss it with other people from the community. The team scheduled to give three presentations and a demo of the newly released SMARTAM application. During our presentations, we talked about User-Managed Access (UMA) and SMARTAM (an UMA-based Authorisation Manager).
We’re pleased to announce that the SMART project has won the prestigious Identity Deployment of the Year (IDDY) 2011 award, in the Emerging Applications/Proof of Concept Category. The IDDY is awarded yearly by the Kantara Initiative, for deployment and development of identity management software. Previous winners include Google, US DoD, Vodafone, NTT and Oracle. This year’s winners were US National Institute for Health and Newcastle University. The Newcastle award was presented to Maciej Machulak during the Identity Collaboration Day in San Francisco.
The end of 2010 was very intense and interesting for the SMART project. We have attended three big events: Internet Identity Workshop 11, Devoxx and Middleware 2010 Conference. It was a great opportunity to get feedback on our current work as well as hear news from the Internet identity and the developers world.
At the beginning of November we went from windy and rainy Newcastle to Mountain View for the 11-th Internet Identity Workshop (IIW). Even though it takes about 15 hours to get there, we never regret meeting great people and hearing what new things are happening at Facebook, Google, Yahoo and within the whole identity ecosystem. Among many interesting presentations, personally I really liked the Janrain’s talk about social login and sharing for online retailers as well as Google’s presentation of results of their research on OpenID usability. Of course there was Eve Maler presenting User Managed Access. I am very happy that with every next IIW there are more people asking about UMA. We definitely need to speed up with our prototype implementation. Together with Maciej we did a session on our Java implementation of OAuth 2.0 – leeloo library. We discussed how to use leeloo to build OAuth clients, authorization and resource servers. Apart from that, there was a really great discussion with session attendees about good patterns of building OAuth enabled applications.
We hardly had time to rest after IIW because just a week later we went to Antwerp. This Belgium city hosted Devoxx, the biggest in Europe and world’s second conference for Java developers. With more than 100 speakers and 3000 attendees it is great place to discuss technical issues and hear opinions on UMA from the developer community. The SMART project did two presentation describing the UMA flow and showing prototype of UMA/j – a Java framework for building UMA compliant Web applications.
UMA/j framework was also a topic of our paper: Implementation of User-Managed Access Framework for Web 2.0 Applications that has been accepted for the Middleware for Service Oriented Computing (MW4SOC) Workshop at Bangalore, – the Sillicon Valley of India. Bangalore is a really crazy city, completely different from what I’ve seen in US or Europe. I made there a presentation, as well as showed a poster, explaining design and main components of the UMA/j framework. There were many people interested in how UMA tries to solve a problem of authorization and data sharing in the cloud.
We’re looking forward to 2011 when we hope to have at least the same amount of opportunities to present our work, get feedback and learn new things that will be beneficial for our research and the SMART project.
We’re pleased to announce that our talk titled “Introduction to UMA/j – User Managed Access framework” has been approved for the Devoxx conference that is taking place in Metropolis Antwerp in Belgium in November this year. We’ve submitted two proposals – one for the BoF session (1h long) and one for the Tools in Action session (30min session). Both proposals have been accepted.
It”s really great to be given the opportunity to discuss development with some of the best Java developers out there. We hope to increase interest in the UMA protocol and the library that we’re building here at Newcastle University as part of the SMART project. We’ll definitely appreciate the feedback of developers as well. So if you haven’t registered for Devoxx 2010 yet, now you have one more (great) reason to do so!
Last Friday, I presented the paper that I wrote with Prof. Aad van Moorsel on User-Controlled Access Management (aka User-Managed Access Control) at the ICDCS-SPCC 2010: The First Workshop On Security And Privacy In Cloud Computing. The workshop took place in the beautiful city of Genoa in Italy. I didn’t know what to expect from the event but it turned out to be very good! It started with a keynote by Prof. Pierangela Samarati (University of Milano) on “Protecting confidentiality in external data storage” followed by other really good presentations and the “New Research Directions of Security and Privacy in Cloud Computing” panel by Krishna Kant (Intel Research & NSF), Sabrina De Capitani di Vimercati (University of Milano) and Jack Brassil (HP Labs).
After the workshop I had a chance to talk to Prof. Samarati about her recent paper “”. We discussed the proposed approach to including credentials in access control policies. Most importantly, we talked about dialog management for which support within XACML has been discussed extensively. User-Managed Access supports dialog management with claims (see “Claims 2.0” specification). However, it leaves unspecified few crucials things that we need to discuss and incorporate into the specification. What I like in the approach that Prof. Samarati describes in her paper is that anyone can specify required attributes within access control policies but the types of these attributes may not be necessarily communicated to the Requester (and eventually Requesting Party). For example, the policy may define that anyone who can prove themselves to be over 18 years old should be able to access a particular resource. However, this information may not be communicated to the Requester. Rather than that, the authorization server may ask “What’s your age?” and decide based on the provided information. It can even ask “Hey! Tell me about yourself.” and then make an access control decision. The SMART team is planning to look at these features closely and to contribute to the Claims 2.0 specification. And of course, we’ll implement that!
BTW, the slides from my presentation and the final draft of the paper are available here. Want to provide feedback? Let me know!
Aad will be giving a presentation on “User Managed Access Control for Web 2.0 Applications” at Alcatel Lucent (US) on Wednesday. We should upload the slides shortly to http://bitbucket.org/smartproject/smart-resources. Me and Lukasz made some significant improvements to our demo application and applied some of the bits that are not yet in the UMA Core Protocol so we hope folks at Alcatel-Lucent enjoy the talk!