...
NOTE: As of Sept 15, 2022, quorum is 4 of 6. (Peter, Sal, Alec, Eve, Steve, Sophia)
Voting:
Steve
Alec
Peter
Sal
Non-voting participants:
Nancy
Regrets:
Quorum:
...
Yes
Meeting Minutes
Approve previous meeting minutes
Approve minutes of UMA telecon 2023-01-12 UMA telecon 2023-01-19 , UMA telecon 2023-02-02 , UMA telecon 2023-02-09 , UMA telecon 2023-02-17 , https://kantara.atlassian.net/wiki/spaces/uma/pages/158400513/Copy+of+UMA+telecon+2023-03-02?NO_SSR=1 , UMA telecon 2023-03-09 , UMA telecon 2023-03-16 , UMA telecon 2023-03-23 , UMA telecon 2023-03-30 , UMA telecon 2023-04-06 , UMA telecon 2023-04-20 , UMA telecon 2023-05-04 , UMA telecon 2023-05-18 , UMA telecon 2023-06-15 , UMA telecon 2023-06-29 Deferred - no quorum
Alec motions to approve the minutes, Steve seconds.
Motion passes
Topics
Pensions Dashboard Use-case report
Draft will be worked on here: Pension Dashboard Use-Case Report
could we add a section that extends this pattern to other areas (eg Healthcare HIEs as a record locator)
- Steve Venema (Unlicensed) review/edit the intro section
- Hanfei Qu is working on the use-case flow
- Alec Laws will add the text for the BOLTS section
Please update the mailing list when your action item is complete!
Federated Authorization Only (no
...
UAM Grant) use cases
Cross-agency data sharing, health to DMV.
Person is trying to apply to the DMV, Person has previously done an evaluation with their Health Care Provider which is stored in a Health DB, available via API.
ACME runs a shared Identity Provider and AS(UMA) for individuals, where both Health and DMV are clients of this identity service.
ACME provides different subjects to each clients, so it’s difficult for those organizations to determine who the individual is by the identifier.
ACME -(subjectA)-> OrgA
ACME -(subjectB)-> OrgB
Person1 is both subjectA and subjectB
OrgB has information about Person1 that OrgA would like to request
New linking subject approach (custom):
OrgA -(request identifier in OrgB namespace)-> AMCE -(subjectC mapped to Person1)-> OrgA
UMA approach:
OrgB -(login request w/ Person1 w/ uma_protection scope)-> ACME (authenticates Person1) -(PAT with subjectB)-> OrgB
OrgB -(register UMA resource for subjectB’s PAT)-> ACME -(resource id X)-> OrgB
* OrgB -(personalized resource location /patient/randomid)-> Person1
…later
* Person1 -(personalized resource location)-> OrgA
* these steps put the onus on the end-user to transfer this URL
OrgA -(login request w/ Person1 w/ ??? scope)-> ACME -(access token, resource id X)-> OrgA
OrgA -(data request (for resourceidX) w/ access token)-> OrgB -(introspection what PAT?)-> ACME → (resource id X + scopes)-> OrgB -(subjectBs information)-> Org A
instead of having the Person get a URL from OrgB and give it to OrgA, could the AS give OrgA the resourceid based on a scope?
what is the actual information being disclosed? does it matter?
How could we use funding from Kantara?
AOB
mDL ISO-7 has an OIDC profile that we should investigate, specifically, there are some out-of-scope items
Consent in Healthcare, people want to know more about UMA, how can we facilitate a session around this, or gather some input for what people want to know
could we get a HL7 steam of work/connectathon going? under an existing work group?
Stewards of Change has a consent working session with a group that is potentially ready to engage
do we need to bring content to them? or have them join a call with us where this is the one topic?
It’s very early days even for federated identity, let alone authorization…
Alec will remove Sophia from voting status after this call, due to their lack of attendance
We will cancel the July 27th call, our next call with be Aug 10th where we will review the Pension Dashboard report
Potential Future Work Items / Meeting Topics
...