/Docs/G/UMA-Use-Cases-CmA/0.md
  Source views: Source JSON(ish) on GitHub (VSCode)   Doc views: Document (&k=3.r00t): Visual Print Technical: OpenParameters Xray

---

UMA Use Cases by Networked-Access Environment

1. Consumer-Facing Smart, Connected Products
   Alice has an implanted Medronic blood glucose meter installed and also uses a fitness wearable (Ralph Lauren Polo Tech Shirt) to manage her health. She lives in California but frequently travels on business to the United Kingdom, so she uses several doctors’ medical portals as resource servers. Alice uses a generic data sharing manager (AS) offered by her former university to manage health data flow. She and her doctors are RqPs who between them use a variety of clients. Some of her devices both generate (RS) and consume (as the Client) data. When traveling, Alice also gives her cardiologist’s office temporary access to her personal calendar to make it easier to schedule a series of checkup appointments upon her return.
   Salient Factors
   1. • A.1.
   2. • A.3.
   3. • A.6.
   4. • A.7.
   5. • B.1.
   6. • C.1.
   7. • C.3.
   8. • D.1.
   9. • D.3.
   10. • E.3.
   11. • E.6.
2. Consumer-Facing Smart Meters
   Alice (RO) has digitized her entire home temperature-control process by installing a Nest digital thermostat and smoke detector (RS). At the time of purpose, she accepted an invitation from Nest to share data for marketing purposes. In addition, Alice has permitted her local utility company (RO and RS) to install a smart meter for water usage in her home. She also has set up her home computer, printer, and mobile phone as part of a Home Area Network. She lives in a California community that has drought mandated restrictions on lawn watering. She has recently received a fine in the mail for exceeding her water usage limit. In the last month, she has also been barraged with telephone and mail solicitations for Whirlpool laundry systems (RqP) as well as Jawbone wearable technology (RqP), the products of each of which can easily integrate with the Nest platform.
   Salient Factors
   1. • A.1.
   2. • A.3.
   3. • A.5.
   4. • B.1.
   5. • C.1.
   6. • C.5.
   7. • D.2
   8. • E.1.
   9. • E.4.
   10. • E.5.
   11. • E.6.
3. Consumer-Facing Mobile Phone Applications
   Verizon (RO and RS) would like to leverage the identity attribute data collected inperson at its large network of stores to become an identity provider. However, Verizon is required by federal law to obtain the account-holder’s consent before giving access or sharing the identity attributes for the purpose of identity transactions. To obtain the consumer consents for this purpose, Verizon uses a third-party intermediary, Erikson (AS), which is contractually bound to the GSMA Mobile Connect Standard. At the same time, Erikson serves as a broker of online identity attributes for CITI (RqP) in completing commercial transactions. Though living in the United State, Alice (RO) routinely conducts online commercial transactions with entities in China and the United Kingdom. When an RqP needs to authenticate Alice in an online transaction, the RqP requests the AS to confirm or verify selected identity attribute information that has been collected by Verizon, her mobile phone account provider. The AS has contractual arrangements with Alice, the RS, and the RqP that enable the AS to broker the consents and confirm Alice’s digital identity attributes for authentication purposes. The AS then reports the fact of a confirmation to the RqP. In compliance with federal law, the AS also informs Alice about each authentication request and retains a log of all such requests.
   Salient Factors
   1. • A.2.
   2. • A.3.
   3. • A.6.
   4. • B.1.
   5. • C.2.
   6. • C.3.
   7. • C.4.
   8. • D.2.
   9. • D.3.
   10. • E.2
4. Consumer-Facing Online/Cloud Applications
   Alice wants to share, for a limited length of time, access to the data about how much income she made last year with her chartered accountant Bob. Alice is the RO and Bob is the RqP. Her paycheck application is an RS that exposes an API and scopes for accessing her income data. A central data-sharing hub application (AS) helps her manage her data exposure to Bob and others. Bob uses a tax return preparation Client APP.
   Salient Factors
   1. • A.3.
   2. • A.6.
   3. • B.1.
   4. • B.3.
   5. • C.3.
   6. • C.4.
   7. • C.5.
   8. • D.1.
   9. • D.3.
   10. • E.1.
   11. • E.6.
5. Employee-Facing in Enterprise
   Alice is employed as an attorney within the Santa Clara County Counsel’s office where she handles employee/labor-related matters. As an employee herself, Santa Clara County (RO and RS) has given Alice (RO) the ability to manage the access to and sharing permissions of all of her employment data by means of a UMA data sharing platform contractually provided by ForgeRock (AS) as part of the County’s overall application access management. She is able to authorize sharing of her employment with Wells Fargo (RqP) when applying for a home mortgage loan. On an unrelated note, Alice has a minor nephew (Resource Subject) who is in the child dependency system and for whom she has been appointed a guardian. She is able to access confidential records relating to her nephew and authorize sharing of his medical records using the AS platform. All of the access and sharing policies offered by the AS strictly follow the evolving information privacy and security requirements of California state law and Santa Clara regulations.
   Salient Factors
   1. • A.4.
   2. • B.1
   3. • B.2.
   4. • B.3.
   5. • C.5.
   6. • D.2.
   7. • D.3.
   8. • E.1.
   9. • E.3.
   10. • E.6.
6. Citizen-Facing Government Services
   Alice would like for the Virginia DMV (RO and RS) to share her identity attributes with an identity brokering service offered by Signicat (AS) for purposes of completing banking transactions as well as participating in the Health Information Exchange (HIE). When a hospital system or other RqP needs Alice to share identity attributes to prove who she is, the RqP requests the AS to confirm or verify selected identity attribute information that has been collected by the Virginia DMV. The AS has a contractual arrangement with the DMV that enables the AS to present Alice’s digital identity attributes to the DMV for yes/no confirmation. The AS then reports the fact of a confirmation to the RqP. In compliance with Virginia law, the AS also informs Alice about the authentication request and retains a record of all such requests.
   Salient Factors
   1. • A.3.
   2. • A.5.
   3. • A.6.
   4. • B.1.
   5. • B.3.
   6. • C.3.
   7. • C.5.
   8. • D.2.
   9. • D.3.
   10. • E.2.