UMA telecon 2023-02-17

UMA telecon 2023-02-17

Date and Time

Agenda

Attendees

  • NOTE: As of Sept 15, 2022, quorum is 4 of 6. (Peter, Sal, Alec, Eve, Steve, Sophia)

  • Voting:

  • Non-voting participants:

    • Alec

    • Steve

    • Sal

  • Regrets:

    • Hanfei

Quorum: No

 

Meeting Minutes

Approve previous meeting minutes

Topics

 

UMA slides for Kantara presentation at upcoming conferences

15-30mins presentation

2022 EIC https://docs.google.com/presentation/d/1bbUknYbtkSV4Lr1a8xSJ4xp1ZlbICnB1cE4145UNOAc/edit#slide=id.g1274d1b5031_0_7

2021 EIC https://docs.google.com/presentation/d/1GdvHFYEPVpWT55nXZtkShCZ8RQC696KJ5oghlHJrnuU/edit#slide=id.gea29b11378_0_12

IIW UMA 101: https://drive.google.com/file/d/1LIIqCisoJZxvaH_KzC6hcfQmnJCmKxBH/view?usp=sharing

 

What would we include in a 3-5 mins presentation (e.g. in a larger Kantara workshop)

  • what is UMA, the problem being addressed

  • UMA Spec + implementors

  • recent and current work (Julie Use-case + Pension Dashboard Use-case Reports)

  • Point to group + resources



Pensions Dashboard / Open Banking Use-case report, initial discussion

Draft will be worked on here: Pension Dashboard Use-Case Report

Hanfei has added some bullets to the report,

 

IDPro knowledge base / general UMA articles

We editing the current wikipedia article here: Wikipedia Article Refresh

AOB

 

Wiki cleanup; add links to slides from UMA presentations (see section above) – Intro to UMA

 

Julie Use-case – send to Kantara staff to publish on main site Reports & Recommendations

 

Potential Future Work Items / Meeting Topics

 

Tentative 2023 roadmap:

  • 120 A financial use-case report (following the Julie healthcare template)

    • openbanking is to FHIR(data model) as FAPI is to SMARTonFHIR(authZ protocol profile)

    • 123 Pensions Dasboard Report → use-case is well understood and live/going live soon. tight use-case

    • 127 Open Banking Report → requires more research, determine use case

      • Who would lead this/ needs this for UMA in open banking contexts? Should come after FAPI review?

  • 130 IDPro knowledge base articles

  • 140 Wikipedia article refresh: User-Managed Access

  • UMA simple value explainers, business and technical ‘marketing’

 

Full list:

  • 20 Confluence clean up, archive old items and promote the latest & greatest

    • 10 UMA glossary – Steve has started 

  • 100 FAPI Review (FAPI + UMA) 

    • scope: how the FAPI work could be applied to UMA ecosystems

    • review may inform what profiling work is required, eg if UMA must support PAR to work with FAPI

  • 120 A financial use-case report (following the Julie healthcare template)

    • openbanking is to FHIR(data model) as FAPI is to SMARTonFHIR(authZ protocol profile)

    • 123 Pensions Dasboard Report → use-case is well understood and live/going live soon. tight use-case

    • 127 Open Banking Report → requires more research, determine use case

      • Who would lead this/ needs this for UMA in open banking contexts? Should come after FAPI review?

  • 130 IDPro knowledge base articles

  • 140 Wikipedia article refresh

  • 150 Minor profiling work,

    • resource scopes → scopes 

    • PAR as dynamic scopes eg fhir query params

    • policy manager & policy description

    • 110 pushed claims types: templates + profiles (beyond IDTokens): 171 VCs, 113 consent, policy, mDL

      • use-case, consent as claims (needs_info),

        • if the client has gathered RqP consent, can it be presented to the AS

        • the policy to access a resource says "you must have agreed to this TOS/consent"

        • compare to interactive claims gathering where the AS would present this consent/TOS to the RqP

        • intersection with ANCR/consent receipt/trust registry work in other Kantara groups

  • 170 UMA + Verifiable Credentials

    • how would VCs work in an UMA ecosystem? How could VCs be used as claims in UMA

    • There are openapi specs for VC formats

    • Could UMA protect a VC presentation or issuance endpoint?

    • There's a lot of openid4vc profiles 

  • 300 mDL + UMA

    • scope: how mDL could work in UMA ecosystems, how mDL could be a claim to UMA 

    • is there a role for UMA in token fabrication and referencing it as the RS?

  • 600 Review of the email-poc correlated authorization specification

  • 500 UMA + GNAP https://oauth.xyz/specs/ 

    • would we have an UMA GNAP version (eg extension of GNAP or UMA? UMAonGNAP) 

    • will GNAP meet all the UMA outcomes?

  • UMA 2 playground/sandbox

Upcoming Conferences

  • Â