UMA telecon 2020-08-
...
13
Date and Time
- Alternate-week Thursdays 10am PT
- Screenshare and dial-in: https://global.gotomeeting.com/join/485071053
United States: +1 (224) 501-3316, Access Code: 485-071-053
- See UMA calendar for additional details: http://kantarainitiativekantara.atlassian.orgnet/confluencewiki/display/uma/Calendar
Agenda
- Approve minutes of UMA telecon 2020-07-09, 2020-07-16, 2020-07-23, 2020-07-30, 2020-08-06
- Relationship Manager profile
- AOB
...
- Approve minutes of UMA telecon 2020-07-09, 2020-07-16, 2020-07-23, 2020-07-30, 2020-08-06
Deferred.
PKCE and UMA
Do we, in fact, have to say anything about repeated ICG cycles. You get a refreshed ticket from the redirect cycle, and don't have to "pass go" (go through the token endpoint) when you do that. If a token call is made, then we're good because there's a natural mitigation. If not, then we probably need to do more analysis. Calling Former user (Deleted) – any opinion?
...
Big question: Is it possible for the two APIs to be specified entirely separately, because they could be called separately?
Maybe – or maybe not, since the "wallet" concept and individual control were at the heart of the original proposal. Sal says: I think RO_RQPT is at the crux, and to solve the Notice and Consent "Problem" is that the RO_RQPT needs to be in possession of policy and that consent is agreed not forced down. Thomas adds: The RM is the point at which to set consent rules.
...
- Scott
- Alec
- Adrian
- Patrick
- Bjorn
- Nancy