UMA telecon 2011-11-17

Date and Time

WG telecon on Thursday, 17 Nov 2011, at 9am PT (time chart)
- Skype line "C": +9900827042954214
- US: +1-201-793-9022 (other int'l numbers) | Room Code: 295-4214

Agenda

Roll call
Approve minutes of 2011-10-13, 2011-10-20, 2011-10-27, 2011-11-03, and 2011-11-10 meetings
Action item review
- Trust model and implementer user guides/best practices work
- FAQ status
Review 2011Q4 timeline
- No meeting next week: holiday
- Meeting on Dec 1: chair pro tem
- Spec and issue edit status
- I-D contribution status
- Webinar planning
UMA core spec issues
AOB

Attendees

As of 16 Nov 2011, quorum is 7 of 12.

Bryan, Paul
Catalano, Domenico
D'Agostino, Salvatore
Machulak, Maciej
Maler, Eve
Moren, Lukasz
Morrow, Susan
Szpot, Jacek
Wray, Frank

Non-voting participants:

Kevin Cox

Regrets:

Hardjono, Thomas

Minutes

New AI summary

2011-11-17-1	Eve	Open	Set up a trust model subteam ad hoc call in the 10am or 11am PT hour some day, and forward key messages from the existing thread to the UMA WG list.
2011-11-17-2	Eve, Frank	Open	Work with Dervla to book WebEx, arrange for audio lines, and publicize the registration link.

Approve minutes of 2011-10-13, 2011-10-20, 2011-10-27, 2011-11-03, and 2011-11-10 meetings

Minutes of 2011-10-13, 2011-10-20, 2011-10-27, 2011-11-03, and 2011-11-10 meetings APPROVED.

Action item review

2010-11-18-4 Eve Open Capture new user stories in the wiki. Now OBE. It sufficiently conveys the "feel" of what users should experience. We can always supplement it in future, in reaction to requests.
2011-09-22-4 Various Ongoing Build list of FAQs on the wiki. Paul to write a FAQ on "access granularity". Susan to draft a FAQ on "government PDS use cases". Lukasz to write a FAQ on the SMART implementation.
2011-09-29-1 Frank, Sal, Dom, Sus, Kevin et al. Open Prepare Trust Model "user guide".
2011-10-20-1 Eve Open Add Sampo's and others' latest implementation info to the wiki.
2011-10-20-2 Paul Open Define a set of "RESTful CRUD" scopes that can be reusable. Paul is working on this. Paul has chosen JSON exclusively; this may cause controversy.
2011-10-27-1 Thomas Open Implement the result of issue #3, now reopened in case there are questions, and other conclusions from 2011-10-27 and 2011-11-03 telecons. Deferred due to illness.
2011-11-03-1 Paul Open Comment on and close issue #8, comment on and close issue #15 and incorporate spec revision, comment on issue #16 and discuss with Eve, comment on issue #24, and comment on issue #25. Will do this week.

Trust model and implementer user guides/best practices work

A private thread on the trust model topic has blossomed. Susan wrote the most recent entry. She has proposed a document outline that covers qualitative and quantitative aspects of using UMA in a trust-enabled deployment.

We think the audience should be: business owners and deployers of UMA. If we have multiple audiences, we should probably branch out to multiple documents. Or we can provide technical and business examples side by side.

We think the document should cover topics like:

What should a technical UMA profile look like, for various deployment requirements?
What UX constraints might be imposed?
How would you solve the problem of needing LOA on the authentication of various parties?
How would you solve the problem of needing LOP/LOC on the usage of shared data?
Introductory material (see Dom's graphics) that explains UMA's approach to trust in a nutshell.

Kevin's company was approached by a government department looking to write a document about trust. Legislation tends to be general, but the examples are what gets followed. They become the de facto standard. (The same is true for technical specs.) So we should strive to make our examples good-quality.

Review 2011Q4 timeline

Let's target the Dec 8 meeting to approve the next draft to be published as an I-D, so that it comes out prior to the webinar.

Webinar planning

Kevin expresses interest in sponsoring up to 25 additional audio lines at a cost of US$15 each.

Frank has proposed an outline for the webinar, assuming that the audience is made of potential implementers and deployers. Here's an expanded version from today's discussion:

What is UMA and why do we need it? (Eve)
Use cases for UMA (up to five UMAnitarians)
Why would an organization want to operate an authorization manager?
Why would an organization want to operate an UMA-enabled host app?
Existing UMA implementations:
1. Cloud Identity/Newcastle University
2. Synergetics/TAS3
3. Fraunhofer AISEC

Shall we change up speakers for each item? Yes, we should try.

UMA core spec issues

We're behind on editing, but we'll catch up shortly. Paul and Eve will work together to close issues.

Next Meetings

NO WG telecon on Thursday, 24 Nov 2011 – U.S. Thanksgiving holiday
WG telecon on Thursday, 1 Dec 2011, at 9am PT (time chart) – Eve regrets; vice-chair Maciej is chair pro tem
WG telecon on Thursday, 8 Dec 2011, at 9am PT (time chart) – Last telecon before webinar! Approve new I-D rev
Webinar on Wednesday, 14 Dec 2011, at 10am PT (time chart) – Webinar!
WG telecon on Thursday, 15 Dec 2011, at 9am PT (time chart)
WG telecon on Thursday, 22 Dec 2011, at 9am PT (time chart)
NO WG telecon on Thursday, 29 Dec 2011 – Happy new year!