Tentative 2023 roadmap:

• 120 A financial use-case report (following the Julie healthcare template)

  • openbanking is to FHIR(data model) as FAPI is to SMARTonFHIR(authZ protocol profile)

  • 123 Pensions Dasboard Report → use-case is well understood and live/going live soon. tight use-case

    • Let’s reach out to some of the involved people eg at Origo or Forgerock. Were there any gaps in UMA they had to work around?

    • https://www.pensionsdashboardsprogramme.org.uk/wp-content/uploads/2022/11/PDP-Technical-standards-Nov-2022.pdf

  • 127 Open Banking Report → requires more research, determine use case

    • Who would lead this/ needs this for UMA in open banking contexts? Should come after FAPI review?

• 130 IDPro knowledge base articles

• 140 Wikipedia article refresh: https://en.wikipedia.org/wiki/User-Managed_Access

• UMA simple value explainers, business and technical ‘marketing’

• 170 UMA + Verifiable Credentials OR UMA and Wallets/User Held Credentials (+ mDL?)

  • how does a wallet fulfill both an RS and AS responsibility for a user? How are available resources and attributes understandable by a wide-ecosystem

  • how does a local/offline wallet act as an RS if it’s offline?

  • how to create true user controlled ecosystem, not a few major wallets…

Full list:

• 20 Confluence clean up, archive old items and promote the latest & greatest

  • 10 UMA glossary – Steve has started 

• 100 FAPI Review (FAPI + UMA) 

  • scope: how the FAPI work could be applied to UMA ecosystems

  • review may inform what profiling work is required, eg if UMA must support PAR to work with FAPI

• 120 A financial use-case report (following the Julie healthcare template)

  • openbanking is to FHIR(data model) as FAPI is to SMARTonFHIR(authZ protocol profile)

  • 123 Pensions Dasboard Report → use-case is well understood and live/going live soon. tight use-case

    • Let’s reach out to some of the involved people eg at Origo or Forgerock. Were there any gaps in UMA they had to work around?

    • https://www.pensionsdashboardsprogramme.org.uk/wp-content/uploads/2022/11/PDP-Technical-standards-Nov-2022.pdf

  • 127 Open Banking Report → requires more research, determine use case

    • Who would lead this/ needs this for UMA in open banking contexts? Should come after FAPI review?

• 130 IDPro knowledge base articles

• 140 Wikipedia article refresh

• 150 Minor profiling work,

  • resource scopes → scopes 

  • PAR as dynamic scopes eg fhir query params

  • policy manager & policy description

  • 110 pushed claims types: templates + profiles (beyond IDTokens): 171 VCs, 113 consent, policy, mDL

    • use-case, consent as claims (needs_info),

      • if the client has gathered RqP consent, can it be presented to the AS

      • the policy to access a resource says "you must have agreed to this TOS/consent"

      • compare to interactive claims gathering where the AS would present this consent/TOS to the RqP

      • intersection with ANCR/consent receipt/trust registry work in other Kantara groups

• 170 UMA + Verifiable Credentials OR UMA and Wallets/User Held Credentials

  • how would VCs work in an UMA ecosystem? How could VCs be used as claims in UMA

  • There are openapi specs for VC formats

  • Could UMA protect a VC presentation or issuance endpoint?

  • There's a lot of openid4vc profiles 

• 300 mDL + UMA

  • scope: how mDL could work in UMA ecosystems, how mDL could be a claim to UMA 

  • is there a role for UMA in token fabrication and referencing it as the RS?

• 600 Review of the email-poc correlated authorization specification

  • https://github.com/umalabs/correlated-authorization

  • https://groups.google.com/g/kantara-initiative-uma-wg/c/BntTknCOAAE/m/EzL9i_VIAwAJ

  • https://groups.google.com/g/kantara-initiative-uma-wg/c/ablVJ9cAreg/m/a_ZpCVrcCQAJ

• 500 UMA + GNAP https://oauth.xyz/specs/  

  • would we have an UMA GNAP version (eg extension of GNAP or UMA? UMAonGNAP) 

  • will GNAP meet all the UMA outcomes?

• UMA 2 playground/sandbox

  • eg https://developers.google.com/oauthplayground/ , https://www.oauth.com/playground/

Upcoming Conferences