Versions Compared

Old Version 2

changes.mady.by.user Eve Maler

Saved on

compared with

New Version 3

changes.mady.by.user Eve Maler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Roll call
  • Approve minutes
  • Note: Joint consent receipt ad hoc call happening in the next hour (see calendar)
  • Legal update
  • 2018 charter and roadmap discussion
    • Joint consent receipt work
    • Legal/business/trust (related to the above) (see relevant issues)
    • Extension opportunities (see relevant issues)
    • What else?
  • Updates on auxiliary material editing if any
  • AOB

Minutes

Roll call

Quorum was not? reached.

Approve minutes

Approve minutes of UMA telecon 2018-01-18: tbsAPPROVED.

Note: Joint consent receipt ad hoc call happening in the next hour

Note! (see calendar)

Legal update

tbsThe Draft Report will be up shortly. Tim introduced Eve to an attorney who is interested in this work.

2018 charter and roadmap discussion

  • Joint consent receipt work
  • Legal/business/trust (related to the above) (see relevant issues)
  • Extension opportunities (see relevant issues)
  • What else?

Mike has mentioned an extension idea around JSON Logic, which describes a simple way to get AND/OR logic and has a lot of libraries. See this use of it; the idea is that the RS could express that the user could have (or the resource is associated with?) scope X OR scope Y (or something like that). Mohammad Jafari has recently release a new UMA server called Pauldron that implements some extension ideas. Eve and James have been discussing UMA requirements with some customers that may result in some extension proposals. We have saved off a variety of issues that might be interesting to look at once again. Justin notes that protected discovery may need some work.

Profiles are also interesting. Many probably want to remain third-party, but it would be nice to point off to them. Financial use cases are interesting. The Pensions Dashboard use case starts with a phase that's "mostly plain OAuth" with a bit of stuff where UMA is helpful, but then proceeds to a classic Alice-to-Bob sharing flow.

AI: Eve: Reach out to find what happened to the Pensions Dashboard profile doc and see if the WG should be pointing to it.

So what's our list of anticipated activities?

  • Joint work with consent receipts
  • Legal/business/trust (consider changing subgroup name?)
  • Extension opportunities – decide which become work items as required
  • Promote adoption – could offer guidance on profiling and extension creation by third parties in various sectors (gov, fintech, healthcare...)
  • Promote interop? – known that it's challenging

Our familiar discussion about interop: Cross-matrix testing is not that great an experience or productive. A test framework is better. UMA, like OAuth itself, is more challenging to test than something like OIDC (it can protect any API, and more, it has more moving parts that have to interoperate). Assumption: Only AS conformance testing would be on the table first, as only OP conformance testing was done for the first long while.

Justin is involved in the OB testing effort. A lot of community members would be interested to throw in on a broader conformance testing effort.

AI: Eve: Produce charter draft for review.

Updates on auxiliary material editing if any

tbsNo updates.

Attendees

As of 7 Mar 2017, quorum is 4 of 7. (Domenico, Sal, Andi, Maciej, Eve, Mike, Cigdem)

...

  1. Domenico
  2. Sal
  3. Maciej
  4. Eve
  5. Mike

Non-voting participants:

  • James
  • tbsJustin
  • Mark