...
Eve believes the "automatic PAT issuance" use case will be particularly valuable in sector-specific use cases where a trust framework/broker situation requires use of a single AS (or short list of them). Is it worth profiling this formally? Yes, seemingly so, since this isn't a vanilla OAuth flow but an OpenID Connect-enhanced one. This logic would apply identically to the AAT issuance process and the requesting party, vs. the PAT issuance process and the resource owner. Essentially, since OpenID Connect-format user data is available through the federated login to the app (which may be an RS), this data can be leveraged for efficient PAT/AAT issuance.
See this github page for an example of the enhanced PAT request call .
Review of any action items we didn't already cover
tbs
If time: decide on issue 83
tbsto the Connect API.
AI: Maciej: Write up candidate spec/profile text to describe what's being done beyond current UMA spec text.
Attendees
As of 26 June 2013, quorum is 6 of 11.
...