...
Minutes
Roll call
Quorum was not ? reached.
Approve minutes
Approve minutes of UMA telecon 2017-03-02: tbs
Logistics
tbsDeferred.
UMA V2.0 work
Andrew's insight about #296 was that this "profile" was essentially "OAuth". :-) In other words, that's the typical way people use OAuth grants. So would having an inner and outer spec help? The inner would be just the UMA grant, or maybe the grant++: adding the set math, say, and whatever other logic is needed given that this grant includes a requesting party and so on. But it doesn't seem to need the addition of the resource ID concept, for example, because that's "private" between the AS and RS. The outer would include all the protection API elements.
Ishan notes Ping has (now 
) has struggled with finding the fit with all of the whole UMA proposition, so putting RS constraints on what the RO can share would help. Eve notes that, AS-RS tight or loose, the RS's dedicated client (in the realm of enterprise authorization rules -- whether that uses UMA or no) would be able to apply constraints before Alice can "share" some resource. Would consent receipts be the right place to capture Alice's intent in sharing a particular resource, e.g. payment amount, with Bob?
Ishan also mentions impacts of/on token binding. We discussed that last week as part of the PoP issue. Definitely worth the full analysis.
...