UMA telecon 2022-06-16

Date and Time

• Primary-week Thursdays 06:30am PT; Secondary-week Thursdays 10:00am PT
  • Screenshare and dial-in: https://zoom.us/j/99487814311?pwd=dTAvZi9uN0ZmeXJReWRrc1Zycm5KZz09

  • United States: +1 (224) 501-3316, Access Code: 485-071-053

  • See UMA calendar for additional details: http://kantara.atlassian.net/wiki/display/uma/Calendar

Agenda

• Approve minutes since UMA telecon 2022-03-31
• Charter Refresh
• Home Page Refresh
• UMA/UDAP/etc comparison - Let's add a row for GNAP/mDL
• AOB

Attendees

• NOTE: As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)
• Voting:
  • Peter
  • Alec
• Non-voting participants:
  • Scott
• Regrets:

Quorum: No

Meeting Minutes

Approve previous meeting minutes

• Approve minutes of UMA telecon 2022-03-31, UMA telecon 2022-04-06, UMA telecon 2022-04-14, UMA telecon 2022-04-21, UMA telecon 2022-05-05, UMA telecon 2022-05-12, UMA telecon 2022-05-19, UMA telecon 2022-05-26, UMA telecon 2022-06-02

• Deferred–no quorum

Topics

Home Page Refresh

Draft New Home Page

Charter Refresh

Draft Charter 2022

UMA 1 (2012?) now at UMA 2 (2018), what's the roadmap from today?

• biggest 1→2 change was to be more 'oauth-y' and to remove confusing concepts
• does anyone use the PCT... or make can we make options more explicitly optional?
• can UMA be even more OAuth compatible? one UMA challenge is that clients can't just take existing libraries
  • OIDC writes profiles of OAuth, we're not fully bw-compatible
• do we have some bets as to when GNAP will start to supercede OAuth, should we create the UMAonGNAP version?
• clarify who hosts the AS, and why? with OAuth it's clear that an RS needs an Oauth AS associated/co-located with it
• how can we make the UMA value more clear (earlier in someones understanding), the RO is in control
  • it takes a long time to get people to understand or have their 'a-ha' moment as to why UMA is the right solution
  • how can we enable UMA implementors to more easily get here with customers?
  • the marketing part of why it exists, why you need it
• Need to move away from technical and into a more 'marketing' or evangelism mode
  • control of access to user, lots of industry shift here (patient-centric, open banking, verifiable creds
• Could we have an open survey
  • Do you know what UMA is?
  • Why don't you use UMA?

Marketing & non-technical explanation of value, OAuth backwards compatibility, Survey 

We're AT the UMA 'early adopters' point, how can we transition to wide usage?

Potential Future Work Items / Meeting Topics

• Confluence clean up, archive old items and promote the latest & greatest
• Review of the email-poc correlated authorization specification
• A financial use-case report (following the Julie healthcare template)
  • either open banking or pensions dashboard
  • openbanking is to FHIR(data model) as FAPI is to SMARTonFHIR(authZ protocol profile)
• mDL + UMA
• UMA + GNAP https://oauth.xyz/specs/ 
  • would we have an UMA GNAP version (eg extension of GNAP or UMA? UMAonGNAP) 
  • will GNAP meet all the UMA outcomes?

Upcoming Conferences

• https://identiverse.com/  June 21-24, 2022 Denver, Colorado. 
• https://www.identitynorth.ca/events/annual2022/ Identity North June 14-15, Toronto, Ontario
• https://www.rsaconference.com/usa RSA Conference, Moscone Center & Digital | Jun. 6 - 9, 2022