UMA telecon 2022-06-16
UMA telecon 2022-06-16
Date and Time
- Primary-week Thursdays 06:30am PT; Secondary-week Thursdays 10:00am PT
- Screenshare and dial-in: https://zoom.us/j/99487814311?pwd=dTAvZi9uN0ZmeXJReWRrc1Zycm5KZz09
United States: +1 (224) 501-3316, Access Code: 485-071-053
- See UMA calendar for additional details: http://kantarainitiative.org/confluence/display/uma/Calendar
Agenda
- Approve minutes since UMA telecon 2022-03-31
- Charter Refresh
- Home Page Refresh
- UMA/UDAP/etc comparison - Let's add a row for GNAP/mDL
- AOB
Attendees
- NOTE: As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)
- Voting:
- Peter
- Alec
- Non-voting participants:
- Scott
- Regrets:
Quorum: No
Meeting Minutes
Approve previous meeting minutes
- Approve minutes of UMA telecon 2022-03-31, UMA telecon 2022-04-06, UMA telecon 2022-04-14, UMA telecon 2022-04-21, UMA telecon 2022-05-05, UMA telecon 2022-05-12, UMA telecon 2022-05-19, UMA telecon 2022-05-26, UMA telecon 2022-06-02
- Deferred–no quorum
Topics
Home Page Refresh
Charter Refresh
UMA 1 (2012?) now at UMA 2 (2018), what's the roadmap from today?
- biggest 1→2 change was to be more 'oauth-y' and to remove confusing concepts
- does anyone use the PCT... or make can we make options more explicitly optional?
- can UMA be even more OAuth compatible? one UMA challenge is that clients can't just take existing libraries
- OIDC writes profiles of OAuth, we're not fully bw-compatible
- do we have some bets as to when GNAP will start to supercede OAuth, should we create the UMAonGNAP version?
- clarify who hosts the AS, and why? with OAuth it's clear that an RS needs an Oauth AS associated/co-located with it
- how can we make the UMA value more clear (earlier in someones understanding), the RO is in control
- it takes a long time to get people to understand or have their 'a-ha' moment as to why UMA is the right solution
- how can we enable UMA implementors to more easily get here with customers?
- the marketing part of why it exists, why you need it
- Need to move away from technical and into a more 'marketing' or evangelism mode
- control of access to user, lots of industry shift here (patient-centric, open banking, verifiable creds
- Could we have an open survey
- Do you know what UMA is?
- Why don't you use UMA?
Marketing & non-technical explanation of value, OAuth backwards compatibility, Survey
We're AT the UMA 'early adopters' point, how can we transition to wide usage?
Potential Future Work Items / Meeting Topics
- Confluence clean up, archive old items and promote the latest & greatest
- Review of the email-poc correlated authorization specification
- A financial use-case report (following the Julie healthcare template)
- either open banking or pensions dashboard
- openbanking is to FHIR(data model) as FAPI is to SMARTonFHIR(authZ protocol profile)
- mDL + UMA
- UMA + GNAP https://oauth.xyz/specs/
- would we have an UMA GNAP version (eg extension of GNAP or UMA? UMAonGNAP)
- will GNAP meet all the UMA outcomes?
Upcoming Conferences
- https://identiverse.com/ June 21-24, 2022 Denver, Colorado.
- https://www.identitynorth.ca/events/annual2022/ Identity North June 14-15, Toronto, Ontario
- https://www.rsaconference.com/usa RSA Conference, Moscone Center & Digital | Jun. 6 - 9, 2022