...
Eve's thoughts for her UMA section run in this direction: UMA's primary goal is empowerment for a particular type of transaction, which is sharing of digital resources. In the course of coming up with an architecture for that, UMA invented an interestingly powerful service (the AS), which is, however, a centralized entity that must be trusted. (Adrian's "pure" form requires this to be chosen by the individual, akin to a public blockchain that is completely decentralized, whereas most initial deployments are expected to be akin to a permissioned blockchain that we could consider less "pure".) The work on UMA Legal attempts to mitigate the risk of having central services matching up to distributed APIs. More brainstorming on UMA section ideas:
Adrian's formulation of requirements sent to the list:
...
- Identifying the resource subject
- Identifying claims about the user requesting access
- (something about authorization itself??)
- Recording and auditing the authorization to access the resource
- Establishing the authenticity of the resource that was accessed
- Paying for the service that delivered the resource
- Controlling and auditing that the resource was used as expected
We made a few changes in the report itself as well.
Tuesday, October 4
Agenda:
...