...
The reaction to the UMA topic in general was HUGE. One thought that occurred: What about presenting UMA as defining standard privacy APIs? This seems accurate and powerful! Perhaps we should prioritize our PbD spec work and associated collateral, such as an "UMA wrt PbD" FAQ, higher. There is a Privacy by Design user group meeting on in December (call for proposals sends Sep 27) discussing these matters where we could try and inject our perspective.
...
SAML and AS=C use cases (see email thread)
Mark's message of Aug 28 was about AS=C. The goal is dashboard-like functions. The dashboard gives insight about what's going on with information. Instead of just being about access controls, it can be helpful to see the data being managed as part of access. So the AS needs to be a C for the purpose of representing that data. The naive answer is that the AS would have to issue a token to itself. This seems inefficient.
...