UMA telecon 2010-02-04
| Table of Contents | ||||||
|---|---|---|---|---|---|---|
|
Date and Time
- Day: Thursday, 4 Feb 2010
- Time: 9:00-10:30am PST | 12:00-1:30pm EST | 17:00-18:30 UTC (time chart)
- Dial-In:
- Skype: +9900827042954214
- US: +1-201-793-9022 | Room Code: 295-4214 (other local country numbers available on request)
...
- Trent Adams
- Mike Hanson
Agenda
- Roll call and introductions
- Approve minutes of UMA telecon 2010-01-28
- Action item review
- Webinar recap
- Implementors' report
- Lexicon discussion
- Scenario review
- Custodian (splitting authz-side parties)
- Health data (trusted dynamic resource discovery)
- Employer/employee (other mandatory access control)
- AOB
Minutes
New AI summary
Eve | Open | Revise requester and authorizer definitions for review. | AI extended to include authorizer terms on 2010-02-04. | |
Iain | Open | Share Mydex screen shots that illustrate how a relationship manager UX can be handled. |
|
Roll call and introductions
Quorum was reached. Tom S. introduced himself; he's a lawyer practicing at a firm in Chicago. He chairs an ABA legal task force focusing on all forms of identity management.
Approve minutes of UMA telecon 2010-01-28
Motion to accept minutes of UMA telecon 2010-01-28 APPROVED.
Action item review
- 2009-10-15-2 Eve Open Write a "Hey, Sailor" scenario to illuminate the needs around Requesters that ask for resource access without the User expecting them: She's going to try real hard to dispense with this soon.
- 2009-12-03-04 Eve Open Add terms-negotiation scenarios to Scenarios document: It has seemed more practical to wait on this until we get our requester concepts straight, since "requester identification" is the lowest hanging fruit among the terms scenarios (and that one is at least drafted already).
- 2009-12-17-4 Eve Open Propose a requirement or design principle about constraining our V1 scope to "full-blown" sites: The issue here was whether the protocol needs to change depending on whether someone who is controlling a requester or host is using some sort of unusual device or rich Internet application. Paul suggests that for requesters, the answer is no. And even if a host is, well, hosted on an iPhone, as long as it presents a web service endpoint on the network, nothing seems to need to change. Joe's company has some use cases (not documented for UMA purposes yet) that involve hosting information on your client device and possibly "pushing" it somewhere (to a requester after a terms negotiation phase). George proposed a way to handle this with only a slight deviation from the normal flow.
- 2010-01-14-2 Eve Open Revise requester definitions for review: OBE.
- 2010-01-14-3 Domenico Open Develop wireframes for approved scenarios: Maybe the next one should show user consent by SMS in real time.
- 2010-01-14-5 Eve, Paul, George Open Construct a draft use-case email for OAuth IETF group consumption: now closed.
- 2010-01-28-2 Joe Open Edit protected inbox scenario in response to telecon and email discussion: Joe will get started on that.
- 2010-01-28-3 Paul Open Propose in email how multiple protections on a resource could work: now closed.
...
The webinar materials are all now available from the UMA Explained page. Thanks to Joni and Dervla for managing to get the recordings up! The WebEx experience was disappointing. We can leverage what we learned this time in future, but we're inclined to switch services.
...
ICF has a claims catalog as a public service; maybe we'll end up doing something similar for convenience.
Deferred
- Custodian (splitting authz-side parties)
- Health data (trusted dynamic resource discovery)
- Employer/employee (other mandatory access control)
- And the "multiple protections on a resource" thread
...