...
NOTE: As of October 26, 2020, quorum is 5 of 8. (Michael, Domenico, Peter, Sal, Thomas, Alec, Eve, Steve)
Voting:
Steve
Alec
Non-voting participants:
Steve
Chris
Regrets:
Quorum: No
Meeting Minutes
Cancelled this meeting as there was some issues accessing the zoom bridge
Approve previous meeting minutes
...
Core UMA content (no use-case)
https://docs.google.com/document/d/1YU-AjYx6xmolHGowrlkC2fg_QRXjoP7BuAW7JuCaMM8/edit# (will need to request access)
Two goals
general UMA business value context
remove health care focus, or
Turn it into an IDPro article
UMA 101 content refresh
how to show a flow without getting “stuck” into a specific vertical, eg health currently? show many examples in many scenarios?!
Generic, sharing of ‘something’, how can we link to the business problem?
Two people want to both access some information
One person wants to share their information with a friend
https://www.forgerock.com/blog/why-forgerock-secure-sharing-trust-and-enforce
You own something and want to allow others to use it, however with some restrictions, constraints or assurances about it’s use
Could we have some building blocks of examples to make it more accessible, from real work analogy to photos/videos to ‘general file sharing’ to health record
Can we use a real world analogy? Neighbour want to borrow X (car) with some limitation (speed, distance)? Or rental agency
photos/video sharing, good bridge to digital space.
add user-directed, self-sufficient capability to the data you hold for people
banking scenario, individuals have own accounts, want to give some restricted access
value: cost savings for the business, allow self-service. Leads into competing policy enforcement (bank regulation vs what’s open for the person to do them self). The system already trusts the person is the account owner. shift liability concern for business to resource owner, parallel to chip cards. win-win outcome, less business liability, risk and cost and more user capability. External financial advisors (outside your bank), currently giving pretty complete access.
sharing lifecycle management, audit (who has access), and revocation (take it back)
other use cases:
ticket sales and sharing, transfer ownership. sharing access to tickets from the purchaser.
airbnb/hotels, shift access to the property (locks), maybe not additional features (hottub, tv subscriptions, internet, themostats - give with some restrictions)
education: grades, reports, transcript sharing. can limit to one org, many edu use cases get into the ‘wide ecosystem’ side around sharing between institutions
open social media, consolidate access across platforms, control who can view/comment your information
employment searching, indeed/headhunting/linkedin, sharing limited data, more as interview process expands.
find the best autoinsurance provider, want to share data and then pull it back. revocable consent, technically very difficult to remove information, RO can make intentions clear to an organization
how to combat the ‘only for wide ecosystem’ thoughts, UMA allows for this and is applicable to a smaller scale. it is oauth, same proven security, open to support delegation/sharing as first class concept.
much more technical value: language to describe resources and scope, leads to easier composability and data minimization
Next steps:
‘UMA by example’, individual stories with increasing complexity. Should we start this as a presentation first → document → video
Audience, general business people, not technical community
Call for good examples you’ve seen, successful deployments
FAPI Part 1 Review and Discussion
...