Versions Compared

Old Version 1

changes.mady.by.user Eve Maler

Saved on

compared with

New Version 2

changes.mady.by.user Eve Maler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Roll call
  • Minutes approval
  • Quick hits:
    • Webinar report
  • Binding Obligations next steps
  • AOB

Minutes

Roll call

Quorum was reached.

Minutes approval

MOTION: Approve the minutes of UMA telecon 2015-04-16. APPROVED by unanimous consent.

Binding Obligations ad hoc report/review

We're not sure if all who are interested are getting the notifications, so we recommend sending them to the whole list.

One question in this general area: Are we paying any attention to the cyberinsurance area? Is that worth a Kantara DG, perhaps? Adrian is looking for benchmarks for privacy-preserving and security technologies. Would that field provide monetary metrics/valuation around this? Mike observes that UMA might or might not ameliorate a person's risk, and it's implementation-dependent. CISWG is another place where risk could be mitigated: a company gets a safe harbor by getting a receipt.

Personal discovery discussion/next steps

George walked us through his swimlane that proposes how to use UMA to protect a webfinger-based discovery service. In his scenario, a patient walks into a doctor's office, where the office app (autonomous?) is an UMA client, starting out without credentials, and the discovery service is an UMA RS. The client has to dynamically register for credentials. As an optimization – assuming that any access controls applying to discovery of the resource also apply equally to the resource itself – the JRD can reveal either something like a standalone RPT that the client can present at the actual resource, or maybe claims that can be presented to get access to the resource, or something similar.

Adrian notes that patient matching is a huge issue, and this swimlane potentially solves some big challenges. However, it uses "foreign language" with respect to patient ID and such. Where is the identity perspective in this picture?

What's the right forum and form for doing something about this? Is it a profile where UMA protects webfinger? Is it the UMA WG? A number of events are coming up, such as EIC and CIS, where we could push this forward. Should we hold BOFs? Maybe this should be a high-priority wishlist/backlog item. Andi notes, with his CIS hat on, that there's an opportunity for people to do this there. And George is doing a talk on exactly this, so a BOF right after would be perfect.

Webinar planning and advertising

Joni is publishing a press release on the occasion of the V1.0 publication of the UMA Recommendations. All those on the WG who wish to have a quote published as part of the blog post containing the press release should submit the quote to her by Monday morning. Eve, Maciej, and Thomas (being the leadership team) can submit quotes for the short pushed press release.

Eve and Maciej will draft webinar content while at EIC together next week.

...

    • Virtual plenary in late June
    • Should we keep up the APAC-friendly meeting times the first week of every month in June++?
  • Binding Obligations review and next steps:
    • Real-life use cases
    • MVCR/OTTO liaison activities
    • Legal analysis
    • "Commitments"
  • AI review and AOB

Minutes

Roll call

tbs

Minutes approval

tbs

AIs

Outstanding AIs:

  • AI: Sal: Investigate IP implications of formal liaison activities with other Kantara groups with the LC, and ultimately draft an LC Note as warranted.
  • AI: Gil: Edit the UIG to add Ishan's content and excerpt it for Eve to add to the FAQ, pointing everyone to the UIG.
  • AI: Sal: Fill out IDESG form to have UMA adopted as a recommended standard for use in the IDESG framework.
  • AI: Mike: Rework UIG section on organizations as ROs and RqPs.AI: Eve: Edit UIG (Mike's input, Zhanna/Andi's input).
  • AI: Eve: Update GitHub.
  • AI: Maciej: Write as many sections for the UIG as he can.
  • AI: Justin: Write a UIG section on default-deny and race conditions.
  • AI: Eve: Send suggested Wikipedia updates to Will at Gluu for English page updating, and to Domenico for Italian page updating, and to Rainer for hoped-for German page updating, and to Riccardo Abeti for the Spanish page, and to Mark for a Dutch translation.

...

As of 23 Apr 2015, quorum is 8 of 15. (Dom, Sal, Mark, Thomas, Andrew, Robert, Maciej, Eve, Mike S, Jin, Ishan, Ravi, John, Mike F, Chris)

  1. Eve
  2. Chris Shawn - works for US VA in healthcare security and compliance requirements
  3. Andi
  4. Mike S
  5. Domenico
  6. Maciej
  7. Ishan
  8. Sal
  9. Jintbs

Non-voting participants:

  • Rene Mulder - IAM architect in NL - also in IRM WG
  • Colin
  • Zhanna
  • Jin
  • Marcelo
  • George
  • Adrian

 

...

  • tbs