UMA telecon 2010-10-14
| Table of Contents | ||||||
|---|---|---|---|---|---|---|
|
Date and Time
- WG telecon on Thursday, 14 Oct 2010, at 9-10:30am PT (time chart)
- Skype line "C": +9900827042954214
- US: +1-201-793-9022 | Room Code: 295-4214
Agenda
- Administrative
- Roll call
- Approve minutes of 2010-10-07 meeting
- Agenda-bashing for both upcoming F2Fs
- Action item review
- Bounty proposal review and approval
- Updates from the wider UMA world
- Second review of proposed scenario dimensions
- New trusted claims proposal?
- Domenico's previous trusted claims writeup and UX wireframes
- Revisit scope discussion and plan for its conclusion
- Thomas's access control proposal
- AOB
...
- Adams, Trent
- D'Agostino, Salvatore
- Fletcher, George
- Hardjono, Thomas
- Hoffmann, Mario
- Holodnik, Tom
- Lodderstedt, Torsten
- Machulak, Maciej
- Maler, Eve
Non-voting participants:
- John Bradley
- Kevin Cox
- Herve Ganem
- Mark Lizar
- Cordny Nederkoorn
- Mike Seilnacht
- Anna Ticktin (staff)
Regrets:
- Domenico Catalano
- Lukasz Moren
Minutes
New AI summary
Eve | Open | Revise bounty program proposal and work with Dervla to announce it as soon as possible. |
Roll call
Quorum reached.
Cordny is from Holland. He's a software tester, interested in authn and authz of web applications.
...
Mike is a software architect at Intuit, and has just moved into a security architect role.
Approve minutes of 2010-10-07 meeting
Minutes of 2010-10-07 meeting APPROVED.
Agenda-bashing for both upcoming F2Fs
...
- Conclude resource/scope registration decision-making (Maciej will plan to present on this topic)
- Drill down into the location scenario and its constituent use cases
- (optional) Push forward trusted claims if possible
Action item review
- 2010-09-02-1 Thomas Open Categorize all existing scenarios by their distinctive aspects. Progress made.
- 2010-09-16-1 Mark Closed Update main trunk of the Legal Considerations document with Legal subteam input.
- 2010-10-07-1 Eve, George Closed Draft/review a bounty announcement that identifies clear rules of engagement and near-term deadlines.
- 2010-10-07-2 Sal, Domenico Open Propose the next version of the trusted claims solution, making appropriate simplifying assumptions.
...
Sharing models dimension: The purpose of this one is primarily to figure out what sort of OAuth interaction is required on the authorizing and requesting sides. It also impacts the type of policies and claims that might be seen. Person-to-rep sharing would probably drive identifier claims about the company name, not the representative's name. The company would have delegated some rep to do an Alice-authorized task, though this may be outside the view of UMA. Mark has been continuing to work on the Legal Considerations document, which is where we have currently captured quite a lot of these distinctions. He'll work on including more of this conversation into that document.
...
Mark asks: How could notice be given about the policies being adhered to by the requesting side? Eve observes that OAuth (and therefore UMA) let you expire refresh tokens, forcing a requesting party to re-supply claims (the nature of which may have changed in the interim). John points out that the window of token validity may be longer than the period where you want to have such an opportunity; he also observes that in an OAuth world, the concept of "notice" may not apply very well.
Next Meetings
- WG F2F on Wednesday, 20 Oct 2010, at 9am-noon CET (time chart) - no dial-in, and no telecon this week
- WG telecon on Thursday, 28 Oct 2010, at 9-10:30am PT (time chart) on line C
- WG F2F on Monday, 1 Nov 2010, at 11am-5pm PT (time chart) - no dial-in, and no telecon this week
- WG telecon on Thursday, 11 Nov 2010, at 9-10:30am PT (time chart) - Maciej to chair?