UMA telecon 2017-03-29
Date and Time
- Special meeting time Wednesday, 8-9am PT (may need to end early so please be prompt)
- Screenshare AND dial-in: http://join.me/findthomas
- UMA calendar: http://kantarainitiative.org/confluence/display/uma/Calendar
Agenda
Roll call
Approve minutes of UMA telecon 2017-03-09
- Logistics: Okay to schedule a couple of meetings during the week of Apr 10 because we can't hold meetings the week of Apr 3?
- UMA V2.0 work:
- 2016 roadmap / GitHub issues for V2.0 (all issues to be kept here for the duration!) / dynamic swimlane
- Core is up to 20 and RReg is up to 06 (WG drafts; no change)
- See new issues: With our limited time, let's focus on #296: Out-of-the-box profiling for tight AS-RS coupling
- AOB
Minutes
Roll call
Quorum was not reached.
Approve minutes
Approve minutes of UMA telecon 2017-03-02: Deferred.
UMA V2.0 work
Andrew's insight about #296 was that this "profile" was essentially "OAuth". :-) In other words, that's the typical way people use OAuth grants. So would having an inner and outer spec help? The inner would be just the UMA grant, or maybe the grant++: adding the set math, say, and whatever other logic is needed given that this grant includes a requesting party and so on. But it doesn't seem to need the addition of the resource ID concept, for example, because that's "private" between the AS and RS. The outer would include all the protection API elements.
Ishan notes Ping (now ) has struggled with finding the fit with the whole UMA proposition, so putting RS constraints on what the RO can share would help. Eve notes that, AS-RS tight or loose, the RS's dedicated client (in the realm of enterprise authorization rules -- whether that uses UMA or no) would be able to apply constraints before Alice can "share" some resource. Would consent receipts be the right place to capture Alice's intent in sharing a particular resource, e.g. payment amount, with Bob?
Ishan also mentions impacts of/on token binding. We discussed that last week as part of the PoP issue. Definitely worth the full analysis.
Attendees
As of 7 Mar 2017, quorum is 4 of 7. (Domenico, Sal, Andi, Maciej, Eve, Mike, Cigdem)
- Eve
Non-voting participants:
- Ishan
- John W
Regrets:
- Sal
- Justin