UMA telecon 2018-12-06

Date and Time

• Thursdays 9am PT
  • Screenshare and dial-in: https://global.gotomeeting.com/join/857787301
  • See UMA calendar for additional details: http://kantara.atlassian.net/wiki/display/uma/Calendar

Agenda

• Roll call
• Approve minutes of UMA telecon 2018-11-15 
• Identiverse call for presentations is open
• FYI, the Implementations page has been updated
• Meeting logistics
  • Doodle poll is open for new meeting time in the new year
  • Meeting at the usual time (Thursdays 9am Pacific) on Dec 13 and 20; not meeting on Dec 27
• 180 degrees / decoupled / CIBA use cases
  
  • Secure, trusted sharing in both directions
  • Use case doc from Nancy
  • Latest CIBA specs: MODRNA status page, FAPI profile
• AOB

Minutes

Roll call

Quorum was reached.

FYI, the Implementations page has been updated

In about two months (that's the HIMSS timeframe -- Feb 11-15 in Orlando), there may be an update to the HIE of One listing reflecting the product side (Trustee). Adrian could be interested to attend HIMSS if there is someone willing to pay his way. And perhaps we should look at interop testing at HIMSS.

Mike will update the Gluu listing to reflect the upcoming December ship date of the Gluu Gateway and the "Swaggerization" of the RS and (updated) client code. Swagger (technically OpenAPI is what they're using) is a kind of machine-readable API documentation that allows automated stubbing-out of applications. It's not the only API description language but it's pretty much the most popular. Since oxd is basically middleware (using Lua), its Swagger isn't that interesting for a larger Swaggerization project. They changed it a lot, taking out "mix mode".

What would it take to add an UMA module into Swagger? Then infrastructure would already be available to the online testing tools. If you could document which UMA scopes are required, security provisioning could be automated. Mike will share what they've already done. It may or may not be that helpful given the need to customize.

Meeting logistics

• Doodle poll is open for new meeting time in the new year – this is a sample week, and likely the first week we would start the new time if we pick one
• Meeting at the usual time (Thursdays 9am Pacific) on Dec 13 and 20; not meeting on Dec 27

Approve minutes

• Approve minutes of UMA telecon 2018-11-15 

APPROVED.

Identiverse call for presentations is open

Here. Deadline is 11 Jan 2019.

180 degrees / decoupled / CIBA use cases

• Secure, trusted sharing in both directions
• Use case doc from Nancy
• Latest CIBA specs: MODRNA status page, FAPI profile

We analyzed the use case doc. The "group X" parties seem to be a species of requesting part that have a motivation to share an UMA resource owner's data that they are a custodian of (they are in an UMA resource server role, we think), but they carry some liability for inappropriate sharing so they are going to want to be extra-careful about "group Y" (Alice) being who they say they are (the UMA resource owner) and also about others (Joe and Erica, the UMA requesting parties) being who they say they are – meeting Alice's policy.

In previous discussions, we noted that the requesting party wants to ensure that it's truly Alice who is the resource owner. Is there also a need for the resource owner to know that Alice is the RO?

Is authentication (of Alice/the RO particularly) something that we can connect to auditability, as it relates to our UMA business model work? Right now the PAT is the main thing that is "in band". Sal notes that this could connect to consent receipts as well.

Eve has a plan to draft UMA business use cases and business/technical mappings (technical artifacts and legal devices) for people's perusal over the next couple of weeks. Andi says he'd also like to see us put some more thought into how we could handle cases where multiple resource owners exist for the same resource. Eve adds: These might include joint checking accounts, or two parents controlling a child's health record, etc.

UN Commission on Refugees

Tim asks if anyone has looked at their call for a proposal for blockchain-related identities being issued; he's been talking to Colin about it and wonders about UMA's relevance. Cigdem just started looking at it. Adrian notes that HIE of One combines UMA and self-sovereign technologies and has been working on similar use cases. Alec notes that Identos's solution similarly has UMA on one side and a self-sovereign type of technology on the other side. Nancy mentions some interest as well.

Colin remarks that responding to such calls tend to require a fair amount of resources and a big team. Kantara could potentially put a proposal together but a fairly large organization may need to prime the effort. Adrian mentions ID4D.

Attendees

As of 18 Oct 2018, quorum is 5 of 8. (Domenico, Peter, Sal, Andi, Maciej, Eve, Mike, Cigdem)

1. Peter
2. Sal
3. Andi
4. Maciej
5. Eve
6. Mike
7. Cigdem

Non-voting participants:

• Alec
• Adrian
• Bjorn
• George
• Nancy
• Colin
• Tim

Regrets:

• Domenico