Versions Compared

Old Version 2

changes.mady.by.user Eve Maler

Saved on

compared with

New Version Current

changes.mady.by.user Eve Maler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Eve will reach out to those likely most affected if the series is changed to see if those people would mind if she offers ad hoc syncs instead.

Roll call

Quorum was not reached.

Approve minutes

Approve minutes of UMA telecon 2016-02-25: APPROVED

...

RSA: Eve and Josh Alexander presented, and Eve got to spend a few minutes on UMA in the talk. She has been hearing repeatedly that UMA has been coming up in "third-party" conversations she isn't in. (smile) She has die-cut stickers to give UMAnitarians, and they got snapped up at RSA. She also had interesting side conversations about health and , energy sector , other use cases for UMA . Some interesting tweets: ()()()()(relevant tweet).

HIMSS: Not a lot of UMA-related news. Justin gave an overview to the Argonaut and FHIR project folks, and it came up in conversation a few times. Adrian observes that they don't know of any pilots. François notes that he doesn't know of pilots either. Delegation is the key unique use case, where patients can delegate access.

...

(And don't forget to sign up for IIW.)

Why UMA?

Eve has asked Domenico (our UX and graphics editor!) to put together some material for our wiki to highlight the "Why?" of UMA for businesses as an important audience. He will share his research on the list. Eve would like to ask everyone to contribute new "collateral" to this area. The impetus was Robert asking Eve for use cases, and our finding that our Case Studies page doesn't suffice. Mike asks that we present Enterprise UMA more prominently as this is an easier sell than privacy. Therefore, Mike should contribute content. What about Pedro's use case?

...

  • Pumpkin security theater
  • John is big on putting together an interactive whiteboard why-and-how presentation
  • music video (this one is about privacy generally, from RSAC)
  • Other ideas for presentation

Issue 239

The main issue in the extension spec is whether it can coexist with the main spec or whether it "stomps on" the main spec. This likely affects the extension spec title, several instances of language, and the configuration data design – it should probably invent a new endpoint that exists alongside the original endpoint. Coexistence would dictate changing our previous consensus about seeing little reason to deploy the "unenhanced" claims-gathering mechanism. Reasons for coexistence would be backwards compatibility with the existing UMA spec(s), and we still could make arguments for someone having a specialized environment that does claims-gathering and doesn't really need the enhancement. Note that the old endpoint would be marked for eventual deprecation and disabling. An important question is whether it's even possible to not support the old endpoint. George argues for it to be possible for an AS not to support the "old" endpoint on security grounds. And in fact, this could be very clean because you just don't support the "claims-gathering method" as offered by regular UMA.

 And now there's a draft non-normative companion doc. Eve's thinking is that all vulnerabilities found in protocols such as this should come with docs like this as a kind of FAQ.

AI: Eve: Ask the WG about one more ad hoc meeting early next week to see about finalizing decisions on spec text so we can close out the issue next week and publish.

Attendees

As of 18 Feb 2016, quorum is 6 of 11. (François, Domenico, Kathleen, Sal, Thomas, Andi, Robert, Maciej, Eve, Mike, Sarah)

...