UMA telecon 2010-03-25
| Table of Contents | ||||||
|---|---|---|---|---|---|---|
|
Date and Time
N.B.: U.S. Daylight Savings Time is in force for this meeting, and UTC correspondingly "shifts". Locations that have not yet shifted to summertime will have a meeting-time skew.
- Day: Thursday, 25 Mar 2010
- Time: 9:00am-10:30am PST | 12:00-1:30pm EST | 16:00-17:30 UTC (time chart)
- Dial-In:
- Skype: +9900827042954214
- US: +1-201-793-9022 | Room Code: 295-4214 (other local country numbers available on request)
Agenda
- Roll call
- Approve minutes of 2010-03-18 meeting
- Action item review
- Eve report on IETF77 OAuth meeting
- Maciej report on paper submissions and plans
- Domenico report on UX progress and plans
- A user-experience testing victim has stepped forward! What next?
- TomH walkthrough of small-business scenarios
- Spec issues:
- OAuth's "three use cases" for signatures: what are UMA's use cases?
- Token profile questions (see also the Lexicon)
- Any hard need for refresh tokens to be issued in all cases, due to positioning of claims-required?
- Token validation models
- Greater modularity given potential wider interest in selected pieces of our functionality?
- Resource-oriented scoping and how to expand scope (as discussed on 2010-03-18)
- Needs for "identity tokens" as previously proposed by George et al. for access authorization claims?
- If time, discuss custodian scenario input received
- AOB
Attendees
...
- Hasan ibne Akram
- Iain Henderson
Minutes
New AI Summary
Paul | Open | Send email giving examples of how a resource-oriented scope approach is necessary. |
| |
Eve | Open | Add security consideration section to the spec with a placeholder for the "TurboTax use case". |
| |
Eve | Open | Create fresh protocol issues list based on 2010-03-25 agenda items. |
|
Roll call
Quorum was reached.
Approve minutes of 2010-03-18 meeting
Minutes of 2010-03-18 meeting APPROVED.
Action item review
Everything is under way.
...
Resource-oriented scoping and how to expand scope (as discussed on 2010-03-18)
Can we actually force the scope parameter in UMA to be resource-oriented? Paul would like to, but Eve would feel more comfortable making our scheme advisory and hoping it will spread ("catching flies with honey" and appealing to those who are already practiced in thinking RESTfully). There's a concern about artificially limiting our audience.
...
- Token profile questions (see also the Lexicon)
- Any hard need for refresh tokens to be issued in all cases, due to positioning of claims-required?
- Token validation models
- Greater modularity given potential wider interest in selected pieces of our functionality?
- Needs for "identity tokens" as previously proposed by George et al. for access authorization claims?
...