Versions Compared

Old Version 2

changes.mady.by.user Former user

Saved on

compared with

New Version 3

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

UMA telecon 2010-

...

05-13

Table of Contents
minLevel3
maxLevel4

...

  • Administrative
    • Roll call
    • Note: No telecon May 20 due to IIW/OAuth meeting
    • Nominations for vice-chair and spec editor are open
    • Approve minutes of 2010-04-22 and 2010-04-29 meetings
    • Action item review
    • Set up UMA chat room?
  • EIC workshop report
  • Review IIW-week plans
  • Discuss protocol issues
    • Any SMART project showstoppers
    • Christian's issues sent to the list
    • UX and interop for Step 2
    • Claims 2.0
    • Any others
  • Report from legal subteam on progress and next steps
  • AOB

Attendees

...

As of 13 May 2010 (pre-meeting), quorum is 6 of 10. (Brian Armstrong became non-voting, and Christian became voting, just before the meeting.)

  1. Adams, Trent
  2. Catalano, Domenico
  3. Fletcher, George
  4. Machulak, Maciej
  5. Maler, Eve
  6. Scholz, Christian

Non-voting participants:

  • Mark Lizar

Regrets:

  • Tom Holodnik
  • Thomas Hardjono
  • Lukasz Moren
  • Paul Bryan

    Minutes

...

TBS

Next Meeting: UMA telecon 2010-05-27

  • Day: Thursday, 27 May 2010
  • Time: 9:00am-10:30am PST | 12:00-1:30pm EST | 16:00-17:30 UTC (time chart)
  • Dial-In:
  • Skype: +9900827042954214
    • US: +1-201-793-9022 | Room Code: 295-4214 (other local country numbers available on request)

New AI summary

2010-05-13-1

Eve

Open

Incorporate Tom's TaxMonkey scenario into the Scenarios document.

 

2010-05-13-2

Eve

Open

Print the IEEE S&P poster in smaller form for distribution at IIW.

 

2010-05-13-3

Christian

Open

Spec out a "requester metadata" flow.

 

Roll call

Quorum achieved.

  • Note: No telecon May 20 due to IIW/OAuth meeting

Confirmed. No meeting next week.

Nominations for vice-chair and spec editor are open

We'll leave nominations open until our next telecon (May 27). Please feel free to send nominations to Eve or to the Kantara staff@ alias.

Approve minutes of 2010-04-22 and 2010-04-29 meetings

Minutes of 2010-04-22 and 2010-04-29 meetings APPROVED.

Action item review

  • 2009-12-03-4 Eve Open Add terms-negotiation scenarios to Scenarios document.
  • 2010-03-10-2 Maciej Open Do next round of spec editing. We'll target spec edits to catch up to implementations by the demonstration timeframe. Eve and Maciej will coordinate on this.
  • 2010-03-10-6 Joe Open Revise the protected inbox scenario for next week's call.
  • 2010-03-25-1 Paul/TomH Open Send email giving examples of how a resource-oriented scope approach is necessary. Now "overcome by events".
  • 2010-04-08-2 TomH Open Revise the tax scenario for inclusion in the Scenarios document. Let's consider this closed because he sent email on it.
  • 2010-04-29-1 Domenico? Open Revise Claims 2.0 and SAAC specs To be done by May 6. Consider this closed; Domenico will send his proposal to the list.

Set up UMA chat room?

Christian has done so! He will send email to the list about this. Trent suggests turning on logging, so that new entrants can get the context.

EIC workshop report

Domenico took some photos and video of the event, which he's preparing for next week (hmm!).

Review IIW-week plans

Maciej will be presenting an UMA poster both at IIW and at the IEEE Security and Privacy poster session on the Tuesday night in Oakland. Domenico prepared a (gorgeous) poster in A0 form, which Maciej has printed and will bring with him from the UK. He can display this at IIW too.

Lukasz is attending IIW as well. So are Mark, Eve, TomH, etc. We'll definitely sign up to host a "discussion session" (in which we should definitely do the SMART demo first, and then see where the discussion goes) of UMA, and we should be prepared to sign up for any demo speed-dating sessions. Should we show the Python prototype at all? We may not want to run it as a demo, but it may be valuable for people who learn best by reading Python.

Both the SMART and Python implementations use a "core" flow, without yet showing (e.g.) dynamic host/AM introduction or claims. So what's different from OAuth? Mainly that the user can craft policies that impact whether the requester can get a token – including requiring the requesting party to send (self-asserted for now) claims! So this is a major leap forward in user-driven policy, even without some of the fancier features.

The major differences between OAuth2 and UMA are:

  • Terminology: Resource Owner => Authorizing User
  • Terminology: Resource server => Host
  • Terminology: Authorization server => Authorization Manager
  • Terminology: Client => Requester
  • Protocol/trust: The auth and resource servers meet out of band => Host and AM can meet dynamically (using OAuth or UMA!)
  • Protocol/trust: The resource server and client meet out of band => Host and Requester can meet dynamically
  • Protocol: Authz is binary: you get a token or you don