UMA telecon 2022-06-30

Date and Time

• Primary-week Thursdays 06:30am PT; Secondary-week Thursdays 10:00am PT
  • Screenshare and dial-in: https://zoom.us/j/99487814311?pwd=dTAvZi9uN0ZmeXJReWRrc1Zycm5KZz09

  • United States: +1 (224) 501-3316, Access Code: 485-071-053

  • See UMA calendar for additional details: http://kantara.atlassian.net/wiki/display/uma/Calendar

Agenda

• Approve minutes since UMA telecon 2022-03-31
• Charter Refresh
• Home Page Refresh
• AOB

Attendees

• NOTE: As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)
• Voting:
  • Steve
  • Alec
  • Eve
  • Peter
  • Sal
• Non-voting participants:
  • Lenore
  • Scott
  • Chris
• Regrets:

Quorum: Yes

Meeting Minutes

Approve previous meeting minutes

• Approve minutes of UMA telecon 2022-03-31, UMA telecon 2022-04-06, UMA telecon 2022-04-14, UMA telecon 2022-04-21, UMA telecon 2022-05-05, UMA telecon 2022-05-12, UMA telecon 2022-05-19, UMA telecon 2022-05-26, UMA telecon 2022-06-02, UMA telecon 2022-06-16

• Quorum
• Eve moves to approve, Peter seconds! motion passed

Topics

Identiverse Recap

Industry self-reflection

• is identity a dual use technology? seems to be true of anything, needs to stay mindful always
• Identity as a surveillance tool
  • Shifting of the surveillance to the wallet

passkeys

• aka WebAuthn aka FIDO
• would this work on linux or open source OS? 

mDL

GAIN (global assured identity network)

• https://gainforum.org/ and whitepaper: https://gainforum.org/GAINWhitePaper.pdf
• starting a poc effort at openid: https://openid.net/gainpoc/ 
• lead to a new effort 'open wallet foundation', open source wallet

GNAP

• general audience struggles with: correlation handles, claims pushing
• the added value needs to overcomes the pain of change 
• options make specs hard to understand (and test!)
• can we show simple uma flows, uma cookbook?
  • eg just auth code flow (no claims pushing), just claims pushing (no auth code) as profiles
  • or profiles that remove optionality of path names, make interop testing easier
  • good designs for resource registration against FHIR (or open banking/FPX)

Shared Signals & Events

• https://openid.net/wg/sse/, https://datatracker.ietf.org/group/secevent/about/ 
• "what happens when identity people develop webhooks"
• SSE is main protocol, CAEP defines events to be sent

IDPro

• getting a lot of traction
• should we try to create an UMA knowledge base articles? YES 

Healthcare

• not a ton of content
• new HEART whitepaper "The Global Open Health Movement: Empowering People and Saving Lives by Unlocking Data" 

Home Page Refresh

Draft New Home Page

Charter Refresh

Draft Charter 2022

draft completed, will socialize on the list for feedback

AOB

• US is working on federal privacy legislation! A rights/responsibilities framework without requirements

Potential Future Work Items / Meeting Topics

• Confluence clean up, archive old items and promote the latest & greatest
• Review of the email-poc correlated authorization specification
• A financial use-case report (following the Julie healthcare template)
  • either open banking or pensions dashboard
  • openbanking is to FHIR(data model) as FAPI is to SMARTonFHIR(authZ protocol profile)
• mDL + UMA
• UMA + GNAP https://oauth.xyz/specs/ 
  • would we have an UMA GNAP version (eg extension of GNAP or UMA? UMAonGNAP) 
  • will GNAP meet all the UMA outcomes?
• IDPro knowledge base articles
• UMA 2 playground/sandbox
  • eg https://developers.google.com/oauthplayground/, https://www.oauth.com/playground/

Upcoming Conferences

• IIW 35,  November 15 - 17
• Gartner and Federal ID coming up soon