UMA telecon 2022-12-01

UMA telecon 2022-12-01

Date and Time

Agenda

  • Approve minutes since UMA telecon 2022-06-30

  • FAPI and UMA next steps. OAuth compatible UMA version

  • Kantara AGM, 7 December 11:00 am – 12:30 pm ET

  • IIW Debrief

  • AOB

Attendees

  • NOTE: As of Sept 15, 2022, quorum is 5 of 8. (Michael, Domenico, Peter, Sal, Thomas, Alec, Eve, Steve)

  • Voting:

    • Alec

    • Steve

  • Non-voting participants:

    • Hanfei

  • Regrets:

    •  

Quorum: No

 

Meeting Minutes

Approve previous meeting minutes

Topics

 

Kantara Annual General Meeting, 7 December 11:00 am – 12:30 pm ET

  • Alec will post the invite to the list with the potential slide

  • Board candidates will be introduced

  • General Kantara progress updates from Kay

 

UMA leadership elections upcoming

  • ideally, this month if we can get a quorum for this

  • Alec is up to continue in the chair role

  • Steve is willing to continue as vice-chair

  • Anyone else interested, please post your nomination to the mailing list!!

 

FAPI and UMA next steps - OAuth compatible UMA version

https://fapi.openid.net/ 

previous discussion here: UMA telecon 2022-10-27

 

IIW

  • somewhat status quo, similar topics as earlier this year

  • OPENID4VC has progressed a lot

    • aligned with a mDL (mobile drivers license) demo

    • SD-JWTs

    • mdl working on not in-person presentation, eg over the internet

  • Machine readable governance/trust registries being standardized in VC groups

    • trust in ecosystem participants

  • singapore presented its government id system, incremental progress over 20 years has led to a very capable system

  • anoncreds separated from HL Aries

 

AOB

  • Julie use case, will publish v0.4 with the latest suggested changes

  • December schedule:

    • planning to cancel the Dec 22 and 29th meeting

 

 

Potential Future Work Items / Meeting Topics

  • 20 Confluence clean up, archive old items and promote the latest & greatest

    • 10 UMA glossary – Steve has started 

  • 100 FAPI Review (FAPI + UMA) 

    • scope: how the FAPI work could be applied to UMA ecosystems

    • review may inform what profiling work is required, eg if UMA must support PAR to work with FAPI

  • 120 A financial use-case report (following the Julie healthcare template)

    • either open banking or pensions dashboard

    • openbanking is to FHIR(data model) as FAPI is to SMARTonFHIR(authZ protocol profile)

    • Who would lead this/ needs this for UMA in open banking contexts? Should come after FAPI review?

  • 170 UMA + Verifiable Credentials

    • how would VCs work in an UMA ecosystem? How could VCs be used as claims in UMA

    • There are openapi specs for VC formats

    • Could UMA protect a VC presentation or issuance endpoint?

    • There's a lot of openid4vc profiles 

  • 300 mDL + UMA

    • scope: how mDL could work in UMA ecosystems, how mDL could be a claim to UMA 

    • is there a role for UMA in token fabrication and referencing it as the RS?

  • 600 Review of the email-poc correlated authorization specification

  • 500 UMA + GNAP https://oauth.xyz/specs/ 

    • would we have an UMA GNAP version (eg extension of GNAP or UMA? UMAonGNAP) 

    • will GNAP meet all the UMA outcomes?

  • IDPro knowledge base articles

  • UMA 2 playground/sandbox

  • 150 Minor profiling work,

    • resource scopes → scopes 

    • PAR as dynamic scopes eg fhir query params

    • policy manager & policy description

    • 110 pushed claims types: templates + profiles (beyond IDTokens): 171 VCs, 113 consent, policy, mDL

      • use-case, consent as claims (needs_info),

        • if the client has gathered RqP consent, can it be presented to the AS

        • the policy to access a resource says "you must have agreed to this TOS/consent"

        • compare to interactive claims gathering where the AS would present this consent/TOS to the RqP

        • intersection with ANCR/consent receipt/trust registry work in other Kantara groups

Upcoming Conferences

  • Â