...
- Administrative
- Roll call
- Approve minutes of UMA F2F 2009-11-02, UMA telecon 2009-11-12, and UMA telecon 2009-11-19
- Action item review
- Discussion of spring/summer opportunities for F2F meetings and interops
- Terms negotiation (see email proposals: Eve's, Paul's)
- Minimum scenarios to achieve victory
- Proposal for claims-based mechanism to handle them
- General [spec| wrangling
- Build scenario review calendar
- AOB
...
Eve: Until we get more input from people representing requesters, should we take Paul's current proposal as a strawman? Paul: We should make it a separate modular spec. And there's an argument to be made for pushing a common signing solution across all of JSON usage, not just for UMA or WRAP purposes.
General spec wrangling
Paul analyzed WRAP a lot more closely in the last couple of weeks. An issue it doesn't address (something we were already aware of) is scoping the access token. If a WRAP client needs to ask for access to a Protected Resource at the Authorization Server, it needs to scope it in some reasonable way in order to get a token that will work. If WRAP "replaces" OAuth, this isn't as big an issue. But if you try and use WRAP to satisfy UMA use cases, it's significant. Our authorization resource on the AM is our mechanism for this, at the "cost" of not allowing the UMA AM to hand an opaque token to the UMA Requester to just convey over to the UMA Host.
...