UMA telecon 2022-06-30

Date and Time

• Primary-week Thursdays 06:30am PT; Secondary-week Thursdays 10:00am PT

  • Screenshare and dial-in: https://zoom.us/j/99487814311?pwd=dTAvZi9uN0ZmeXJReWRrc1Zycm5KZz09

  • United States: +1 (224) 501-3316, Access Code: 485-071-053

  • See UMA calendar for additional details: http://kantara.atlassian.net/wiki/display/uma/Calendar

Agenda

• Approve minutes since UMA telecon 2022-03-31

• Charter Refresh

• Home Page Refresh

• AOB

Attendees

• NOTE: As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)

• Voting:

  • Steve

  • Alec

  • Eve

  • Peter

  • Sal

• Non-voting participants:

  • Lenore

  • Scott

  • Chris

• Regrets:

Quorum: Yes

Meeting Minutes

Approve previous meeting minutes

• Approve minutes of UMA telecon 2022-03-31, UMA telecon 2022-04-06, UMA telecon 2022-04-14, UMA telecon 2022-04-21, UMA telecon 2022-05-05, UMA telecon 2022-05-12, UMA telecon 2022-05-19, UMA telecon 2022-05-26, UMA telecon 2022-06-02, UMA telecon 2022-06-16

• Quorum

• Eve moves to approve, Peter seconds! motion passed

Topics

Identiverse Recap

Industry self-reflection

• is identity a dual use technology? seems to be true of anything, needs to stay mindful always

• Identity as a surveillance tool

  • Shifting of the surveillance to the wallet

passkeys

• aka WebAuthn aka FIDO

• would this work on linux or open source OS? 

mDL

GAIN (global assured identity network)

• https://gainforum.org/ and whitepaper: https://gainforum.org/GAINWhitePaper.pdf

• starting a poc effort at openid: https://openid.net/gainpoc/ 

• lead to a new effort 'open wallet foundation', open source wallet

GNAP

• general audience struggles with: correlation handles, claims pushing

• the added value needs to overcomes the pain of change 

• options make specs hard to understand (and test!)

• can we show simple uma flows, uma cookbook?

  • eg just auth code flow (no claims pushing), just claims pushing (no auth code) as profiles

  • or profiles that remove optionality of path names, make interop testing easier

  • good designs for resource registration against FHIR (or open banking/FPX)

Shared Signals & Events

• https://openid.net/wg/sse/, https://datatracker.ietf.org/group/secevent/about/ 

• "what happens when identity people develop webhooks"

• SSE is main protocol, CAEP defines events to be sent

IDPro

• getting a lot of traction

• should we try to create an UMA knowledge base articles? YES 

Healthcare

• not a ton of content

• new HEART whitepaper "The Global Open Health Movement: Empowering People and Saving Lives by Unlocking Data" 

Home Page Refresh

Draft New Home Page

Charter Refresh

Draft Charter 2022

draft completed, will socialize on the list for feedback

AOB

• US is working on federal privacy legislation! A rights/responsibilities framework without requirements

Potential Future Work Items / Meeting Topics

• Confluence clean up, archive old items and promote the latest & greatest

• Review of the email-poc correlated authorization specification

• A financial use-case report (following the Julie healthcare template)

  • either open banking or pensions dashboard

  • openbanking is to FHIR(data model) as FAPI is to SMARTonFHIR(authZ protocol profile)

• mDL + UMA

• UMA + GNAP https://oauth.xyz/specs/ 

  • would we have an UMA GNAP version (eg extension of GNAP or UMA? UMAonGNAP) 

  • will GNAP meet all the UMA outcomes?

• IDPro knowledge base articles

• UMA 2 playground/sandbox

  • eg https://developers.google.com/oauthplayground/, https://www.oauth.com/playground/

Upcoming Conferences

• IIW 35,  November 15 - 17

• Gartner and Federal ID coming up soon