A Federated Authorization Framework for Distributed Personal Data and Digital Identity

The digital identity problem is a complex one in large part because it involves personal data, the algorithms which compute reputations on the data and the management of the identifiers that are linked to personal data. The reality of today is that personal data of an individual is distributed throughout the Internet, in both private and public institutions, and increasingly also on the user's devices. In order to empower individuals to have a say in who has access to their personal data and to enable individuals to make use of their data for their own purposes, a coherent and scalable access authorization architecture is required. Such an architecture must allow different data holders, data providers and user-content generators to respond to an individual's wishes with regards to consent in a federated fashion. This federation must allow an individual to easily manage access policies and provide consent as required by current and forthcoming data privacy regulations. This paper describes the User Managed Access (UMA) architecture and protocols that provide the foundation for scalable access authorization.