...
- Roll call
- Approve minutes
- Approve minutes of UMA telecon 2018-01-18
- Note: Joint consent receipt ad hoc call happening in the next hour (see calendar)
- Legal update
- 2018 charter and roadmap discussion
- Updates on auxiliary material editing if any
- AOB
Minutes
Roll call
Quorum was not? reached.
Approve minutes
Approve minutes of UMA telecon 2018-01-18: tbsAPPROVED.
Note: Joint consent receipt ad hoc call happening in the next hour
Note! (see calendar)
Legal update
tbsThe Draft Report will be up shortly. Tim introduced Eve to an attorney who is interested in this work.
2018 charter and roadmap discussion
- Joint consent receipt work
- Legal/business/trust (related to the above) (see relevant issues)
- Extension opportunities (see relevant issues)
- What else?
Mike has mentioned an extension idea around JSON Logic, which describes a simple way to get AND/OR logic and has a lot of libraries. See this use of it; the idea is that the RS could express that the user could have (or the resource is associated with?) scope X OR scope Y (or something like that). Mohammad Jafari has recently release a new UMA server called Pauldron that implements some extension ideas. Eve and James have been discussing UMA requirements with some customers that may result in some extension proposals. We have saved off a variety of issues that might be interesting to look at once again. Justin notes that protected discovery may need some work.
Profiles are also interesting. Many probably want to remain third-party, but it would be nice to point off to them. Financial use cases are interesting. The Pensions Dashboard use case starts with a phase that's "mostly plain OAuth" with a bit of stuff where UMA is helpful, but then proceeds to a classic Alice-to-Bob sharing flow.
AI: Eve: Reach out to find what happened to the Pensions Dashboard profile doc and see if the WG should be pointing to it.
So what's our list of anticipated activities?
- Joint work with consent receipts
- Legal/business/trust (consider changing subgroup name?)
- Extension opportunities – decide which become work items as required
- Promote adoption – could offer guidance on profiling and extension creation by third parties in various sectors (gov, fintech, healthcare...)
- Promote interop? – known that it's challenging
Our familiar discussion about interop: Cross-matrix testing is not that great an experience or productive. A test framework is better. UMA, like OAuth itself, is more challenging to test than something like OIDC (it can protect any API, and more, it has more moving parts that have to interoperate). Assumption: Only AS conformance testing would be on the table first, as only OP conformance testing was done for the first long while.
Justin is involved in the OB testing effort. A lot of community members would be interested to throw in on a broader conformance testing effort.
AI: Eve: Produce charter draft for review.
Updates on auxiliary material editing if any
tbsNo updates.
Attendees
As of 7 Mar 2017, quorum is 4 of 7. (Domenico, Sal, Andi, Maciej, Eve, Mike, Cigdem)
...
- Domenico
- Sal
- Maciej
- Eve
- Mike
Non-voting participants:
- James
- tbsJustin
- Mark