...
- Fridays, 8-9am PT
- Screenshare and audio: http://join.me/findthomas
- UMA calendar: http://kantarainitiative.org/confluence/display/uma/Calendar
2017-07-07
Attending: Eve, Kathleen, John, Ann, Mark, Tim
Tim sent definitions according to the "exercise" Eve set. He derived many of them from UCITA, and some from prior UMA materials, including the draft model clauses, and then "protected resource" is new and may need more work.
Let's treat these definitions, not as final model definitions, but our working draft that could be published in deliverable #3 (potentially accompanied by some diagrams showing mapping relationships) to show where the framework is headed. We can all review the document prior to the next call and send comments.
Access Contract: A contract or agreement to obtain by electronic means access to, or information from, an information processing system of another Person, or the equivalent of such access. What is the difference between an access contract and an information sharing agreement? The former is a term out of UCITA law, so that's why he grabbed it.
Resource Owner: A Person with legal authority to grant access rights to Protected Resources; authorized to delegate access control functions to an ASO and to license access and use rights (permissions) relating to Protected Resources; acts as licensor to the Resource Server Operator. Do both parts of the second clause relate to the ASO, or does licensing access and use rights pertain to the RO alone and not something the ASO mediates? The theory was that the ASO mediates this because it manages and executes/makes decisions on the RO's policies (which it does). Does taking out "and" in "and to license access" fix this, roughly? It seems so.
Note: In UMA, the policy does not inherently travel with the resource, without some other layer of technology ("sticky policy" technology or similar). Do we need to define Policy (or Authorization Policy) vs Business Policy somehow? Does that add value to what we're doing?
Person: An Individual or Legal Person. Great, same as before.
Legal Person: A legal entity means a corporation, business trust, estate, trust, partnership, limited liability company, association, joint venture, governmental subdivision, instrumentality, or agency, public corporation, or any other legal or commercial entity. This seems to need just a touch of wordsmithing, e.g., "A legal entity; a corporation...".
Protected Resources: All data, applications, or software in which a Person either has Informational Rights or gives the Person the ability to exercise Informational Rights. First, should this be singular? Second, regardless of singular or plural, the RSO has inherent authority in various aspects of "what counts as a resource" and "what types of access are possible to perform on a resource", as described here (so possibly it's worth breaking down into Resource and then Protected Resource, as the former is RS-related and the latter is AS-related?). Is it interesting to consider mentioning "URI" as the location of the resource somehow, or no?
2017-06-30
Attending: Eve, Tim, Kathleen, John W, Bjorn, Colin, Mark L, Sal, Mary
...