Pardon the Disruption

Business Innovation Through Disruption: User Managed Access (UMA)

Eve Maler is perhaps best known as the co-creator of XML. Currently, she is vice president of Innovation & Emerging Technology in ForgeRock’s Office of the CTO, driving privacy and consent innovation for the ForgeRock Identity Platform.


She founded and chairs the User-Managed Access (UMA) work group and co-founded and co-chairs the Health Relationship Trust (HEART) work group. She is also the co-inventor of XML.

How would you define disruption?

Eve Maler: To succeed, smaller businesses need to find ways to punch above their weight while facing market leaders. Disruptive innovation is one of the key strategies they can use to do so. It might involve building a surprising new technology, sometimes in plain sight of dismissive competitors. Or it could mean inventing a radical new business model that upends a market. Or it might involve manufacturing an original item out of familiar parts.

Back when you helped create XML, what were some of your biggest challenges in having others accept your new technology?

EM: New standards face incredible barriers even if everything goes right. We were aware that our work had positive implications for machine-to-machine communication along with a write-once, publish-everywhere document publishing paradigm, but we also knew that XML’s predecessor, SGML, was not particularly favored for its performance or simplicity characteristics. One decision we made was a particular concern: We required usage of Unicode 2.0 to ensure international compatibility. Keep in mind that this was 1998, when Unicode support was not yet universal.

How did you overcome these challenges?

EM: Our committee worked hard to make XML as simple as possible while addressing real-world use cases, reaching out to a well-informed community of SGML experts for feedback. We adopted an informal goal that we called the DPH: A “desperate Perl hacker” should be able to code a conforming XML parser within a week; this helped us ensure adoption. We strove to ensure that XML was backwards-compatible with SGML. Many of us developed our own software, and we also hit the speaking circuit to advocate and educate.

How do you think User-Managed Access (UMA) can change the landscape of our everyday lives in business?

EM: UMA is, in some ways, a technology similar to XML because it’s a standard that gives control over data. In the case of UMA, the purpose is access control. For example, an employee or admin in a small or midsize business might need to delegate access to sensitive data, such as HR, CRM, or customer service records, to a colleague or partner. If the data is held in a cloud-based service, often the impulse is simply to share a password to the cloud account. But with employee turnover, now you’ve got a big problem. UMA provides a federated authorization architecture that allows the APIs fronting the sensitive data, the client applications accessing the data, and a central sharing management hub protecting the data to collaborate in a totally standardized way. UMA-enabled services would let employees and partners safely delegate access to each other, in a constrained manner, to sensitive online resources and even Internet of Things devices.

What are some of the trends in disruptive technologies that you see currently that could be helpful to small and midsize businesses?

EM: The most exciting thing I see is the concept of identity relationship management, or IRM. It’s not your father’s enterprise IAM, where identity and access management focused most heavily on employees! Customers, mobile devices, and internet-connected things are increasingly in the mix for identity solutions, and that means it’s often an environment where growing the number of identities is a goal. Technologies and techniques in this world can be dramatically different. For example, you can tell employees they’re not allowed to use, say, Android devices on the corporate network because they’re insecure—but you can’t tell customers they can’t buy the latest whizzy phone. Techniques such as contextual authentication, where you check the fingerprint of returning devices to help authenticate users, can become especially important.

How about some key takeaways for our readers?

EM: They are:

  • There is always room for innovation in any industry.
  • Don’t be afraid of not being stealthy: Sometimes innovating in front of competition or dismissive audiences leads to helpful feedback and attention from their customers.
  • Improve things that are not traditionally favored. Find the solution to why the things that aren’t working, aren’t working.
  • Build, advocate, and network. Be your biggest supporter of your innovation; get out and start evangelizing; grow a supportive community around your product to help you get the word out.