Page Comparison

...

• Roll call

• Approve minutes of UMA telecon 2016-12-01

• Logistics

  • Hold WG votes on specs this month (as often as we like?), with and add publicity
  • WG vote on proceeding to Public Review no later than Feb 9 (Feb 16 is RSAC; no meeting)
  • Refer to telecon 2016-12-01 minutes to see how voting/balloting process goes

• UMA V2.0 work

  • 2016 roadmap / GitHub issues for V2.0 (all issues to be kept here for the duration!) / dynamic swimlane
  • Core is up to 10 and RReg is up to 03
  • Dynamic swimlane
  • Current issues to consider: tbs
  ...
  
  • Complete set math decisions today: see email proposal
  • Proposal for "the rest of the issues to consider/take out of the backlog"; let's decide the final list by our first meeting in January and figure out our completion roadmap:
  • Use Cases for FHIR Security Authorization with Patient Consent ("cascading authorization servers")
  • Shoebox endpoint/"audit whether RS gave access per permissions" (issues 24, 224)
  • Hashed claims discovery (issue 254)
  Issues that came up in editing:
  • What is the proper way to complete the specification of the UMA grant? e.g., how do the client's credentials actually get used in the flow?
  • Remove policy-specific resource/scope description properties from RReg and add as extensions in Core?
  • claim_token_profiles_supported: Provide real profiles for OIDC and maybe SAML?
  • What to do with the extensibility profiles?
  Need to have IANA registry entries for both old uma-configuration and uma2-configuration?Issues to discuss in the telecon:
  • 266: Set math
  • 264: Authentication-related error details
  • 254: Hashed claims discovery
  • 263: Claim token profiling / 119: Create an IANA registry for URIs that stand for claim token formats
  • Shoebox (stretch goal; let's make assignments for proposals for next week):
    • 246: Endpoint for collection of "receipts" and notifications of RS action in case of extraordinary behavior / 245: Location Constraints / 224: RS Notifies AS or RO of Access / 63: Audit logs to support legal enforceability / 24: Possible to audit host's compliance in giving access based on a legitimate active permission from the AM?
  • 260: Cascading authorization servers (stretch goal; let's plan to study this and decide whether it's in the WG's scope by next week)
  • Issues that will close with no action if no one brings them up for discussion by next week:
    • 261: Caching token inspection results
    • 249: Is there a way to elevate trust in Client Operators further, with a claims-like mechanism?
    • 108: Protection and authorization scopes implicit/recommended vs. MUST? 
• AOB

Minutes

Roll call

Quorum was not? reached.

...

Approve minutes of UMA telecon 2016-12-01: tbs?

Logistics

• Hold WG votes on specs this month (as often as we like?), with and add publicity
• WG vote on proceeding to Public Review no later than Feb 9 (Feb 16 is RSAC; no meeting)
• Refer to telecon 2016-12-01 minutes to see how voting/balloting process goes

...