...
- Special Wednesday time, 8-9am PT
- Screenshare and dial-in: http://join.me/findthomas
- UMA calendar: http://kantarainitiativekantara.atlassian.orgnet/confluencewiki/display/uma/Calendar
Agenda
Roll call
Approve minutes of UMA telecon 2017-08-17
- Schedule for upcoming weeks
- No meeting Aug 30; use this time to review forthcoming specs preparatory to voting in a WG e-ballot for Draft Recommendations
- Candidate motion when we're ready: "Approve UMA 2.0 Grant rev nn and FedAuthz rev nn as amended by the instructions of UMA telecon 2017-xx-xx as Draft Recommendations and forward them to the Kantara Leadership Council to request immediate certification for an All-Member Ballot as Recommendations."
- No meeting Aug 30; use this time to review forthcoming specs preparatory to voting in a WG e-ballot for Draft Recommendations
- UMA V2.0 work:
- Disposition of Comments/GitHub issues for V2.0/Grant swimlane/FedAuthz swimlane/Release Notes/UIG/Wikipedia/Grant rev 06/FedAuthz rev 06
- Issue #348: No means no: see issue thread and also new email: decide today (related to issue #349 regarding invalid/expired RPTs – okay to upgrade them?)
- Issue #347: We say it's not an error when client doesn't pre-register for a scope it requests, but should this be left flexible or made a definite error? See issue thread
- Optional on issue #335d: add new swimlanes to spec or UIG?
- UMA2 logo discussion (defer till we're in All-Member Ballot)
- AOB
...
Approve minutes of UMA telecon 2017-08-17: Deferred.
Schedule for upcoming weeks
...
- We choose this option: Clarify the current wording to explicitly prohibit the AS from re-evaluating policy: "The authorization server MUST NOT perform an authorization assessment calculation on receiving the client's request to refresh an RPT."
- We want to move 99% of FedAuthz Sec 1.4.1 to Grant Privacy Considerations (except for the PAT part). The PAT part should remain in FedAuthz, and it should be part of the Privacy Considerations.
- Currently it says "Supplying an existing RPT gives the authorization server the option of upgrading that RPT instead of issuing a new one (see Section 3.3.5.1 for more about this option)." We should add "Supplying an existing RPT (which MAY be expired) ..." This is sufficient for indicated indicating that this isn't an error condition.
- Create a new issue for James's idea of making the permission ticket optional when upgrading the RPT, and put the "extension" label on it.
...