UMA telecon 2022-11-24
UMA telecon 2022-11-24
Date and Time
Primary-week Thursdays 06:30am PT; Secondary-week Thursdays 10:00am PT
Screenshare and dial-in:Â https://zoom.us/j/99487814311?pwd=dTAvZi9uN0ZmeXJReWRrc1Zycm5KZz09
United States: +1 346 248 7799, Access Code: 994 8781 4311
See UMA calendar for additional details:Â https://kantara.atlassian.net/wiki/spaces/uma/pages/4857518/Calendar
Agenda
Approve minutes since UMA telecon 2022-06-30
FAPI and UMA next steps. OAuth compatible UMA version
Kantara AGM, 7 December 11:00 am – 12:30 pm ET
IIW Debrief
AOB
Attendees
NOTE: As of October 26, 2020, quorum is 5 of 8. (Michael, Domenico, Peter, Sal, Thomas, Alec, Eve, Steve)
Voting:
Â
Non-voting participants:
Regrets:
Â
Quorum: No
Meeting Minutes
Approve previous meeting minutes
Approve minutes of UMA telecon 2022-08-11, UMA telecon 2022-08-25, UMA telecon 2022-09-08 , UMA telecon 2022-09-15 , UMA telecon 2022-09-22 , UMA telecon 2022-09-29 , UMA telecon 2022-10-06 , UMA telecon 2022-10-13 , UMA telecon 2022-10-20 , UMA telecon 2022-10-27 , UMA telecon 2022-11-03 , UMA telecon 2022-11-10
Deferred - no quorum
Topics
Â
FAPI and UMA next steps - OAuth compatible UMA version
AOB
Â
Â
Potential Future Work Items / Meeting Topics
20 Confluence clean up, archive old items and promote the latest & greatest
10 UMA glossary – Steve has startedÂ
100 FAPI Review (FAPI + UMA)Â
scope: how the FAPI work could be applied to UMA ecosystems
review may inform what profiling work is required, eg if UMA must support PAR to work with FAPI
120 A financial use-case report (following the Julie healthcare template)
either open banking or pensions dashboard
openbanking is to FHIR(data model) as FAPI is to SMARTonFHIR(authZ protocol profile)
Who would lead this/ needs this for UMA in open banking contexts? Should come after FAPI review?
170 UMA + Verifiable Credentials
how would VCs work in an UMA ecosystem? How could VCs be used as claims in UMA
There are openapi specs for VC formats
Could UMA protect a VC presentation or issuance endpoint?
There's a lot of openid4vc profilesÂ
300 mDL + UMA
scope: how mDL could work in UMA ecosystems, how mDL could be a claim to UMAÂ
is there a role for UMA in token fabrication and referencing it as the RS?
600 Review of the email-poc correlated authorization specification
500 UMA + GNAP https://oauth.xyz/specs/Â
would we have an UMA GNAP version (eg extension of GNAP or UMA? UMAonGNAP)Â
will GNAP meet all the UMA outcomes?
IDPro knowledge base articles
UMA 2 playground/sandbox
150 Minor profiling work,
resource scopes → scopesÂ
PAR as dynamic scopes eg fhir query params
policy manager & policy description
110 pushed claims types: templates + profiles (beyond IDTokens): 171 VCs, 113 consent, policy, mDL
use-case, consent as claims (needs_info),
if the client has gathered RqP consent, can it be presented to the AS
the policy to access a resource says "you must have agreed to this TOS/consent"
compare to interactive claims gathering where the AS would present this consent/TOS to the RqP
intersection with ANCR/consent receipt/trust registry work in other Kantara groups
Upcoming Conferences
Â