UMA telecon 2022-08-25
UMA telecon 2022-08-25
Date and Time
Primary-week Thursdays 06:30am PT; Secondary-week Thursdays 10:00am PT
Screenshare and dial-in: https://zoom.us/j/99487814311?pwd=dTAvZi9uN0ZmeXJReWRrc1Zycm5KZz09
United States: +1 (224) 501-3316, Access Code: 485-071-053
See UMA calendar for additional details: http://kantara.atlassian.net/wiki/display/uma/Calendar
Agenda
Approve minutes since UMA telecon 2022-06-30
UDAP Spec Reviews/ Next Steps
Determine next work items
AOB
Attendees
NOTE: As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)
Voting:
Alec
Peter
Steve
Non-voting participants:
Lenore
Nancy
Regrets:
Quorum: No
Meeting Minutes
Approve previous meeting minutes
Approve minutes of UMA telecon 2022-08-11
Deferred - no quorum
Topics
UDAP Spec Reviews
We need to come to their groups to advocate for UMA
HL7 FAST Infrastructure Group: https://confluence.hl7.org/pages/viewpage.action?pageId=134938778 <<< this is the one folks should attend
There is an upcoming connect-a-thon (in person ONLY, registration is open): https://confluence.hl7.org/display/FAST/FAST+-+HL7+FHIR+Connectathon+-+September+2022
One of our questions around UDAP is that it's not an implementation profile, HL7 has created IGs that use UDAP as the base profile here: https://build.fhir.org/ig/HL7/fhir-udap-security-ig/branches/main/user.html
Determine next work items
What do we want to do next? Lots of ideas below, what's most important
Current WIP
Update Julie Report to v0.4 – Nancy to accept suggested changed, reviewed with group ~1month ago
New report with core UMA (no use-case) content from Julie Report → could evolve to IDPro article? – Alec
UMA Glossary – Steve
Confluence Clean Up: activate new links + archive old content + general usability of the wiki – Alec / Steve,
We prioritized the list below, lower numbers = higher priority. Nothing is "final", feel free to comment
one driver is if the item was of interest to many or few member
other consideration is who is motivated to lead the item
AOB
Potential Future Work Items / Meeting Topics
100 FAPI Review (FAPI + UMA)
scope: how the FAPI work could be applied to UMA ecosystems
review may inform what profiling work is required, eg if UMA must support PAR to work with FAPI
20 Confluence clean up, archive old items and promote the latest & greatest
10 UMA glossary – Steve has started
600 Review of the email-poc correlated authorization specification
120 A financial use-case report (following the Julie healthcare template)
either open banking or pensions dashboard
openbanking is to FHIR(data model) as FAPI is to SMARTonFHIR(authZ protocol profile)
Who would lead this/ needs this for UMA in open banking contexts? Should come after FAPI review?
300 mDL + UMA
scope: how mDL could work in UMA ecosystems, how mDL could be a claim to UMA
is there a role for UMA in token fabrication and referencing it as the RS?
500 UMA + GNAP https://oauth.xyz/specs/
would we have an UMA GNAP version (eg extension of GNAP or UMA? UMAonGNAP)
will GNAP meet all the UMA outcomes?
170 UMA + Verifiable Credentials
how would VCs work in an UMA ecosystem? How could VCs be used as claims in UMA
There are openapi specs for VC formats
Could UMA protect a VC presentation or issuance endpoint?
There's a lot of openid4vc profiles
IDPro knowledge base articles
UMA 2 playground/sandbox
150 Minor profiling work,
resource scopes → scopes
PAR as dynamic scopes eg fhir query params
110 pushed claims types: templates + profiles (beyond IDTokens): 171 VCs, 113 consent, policy, mDL
use-case, consent as claims (needs_info),
if the client has gathered RqP consent, can it be presented to the AS
the policy to access a resource says "you must have agreed to this TOS/consent"
compare to interactive claims gathering where the AS would present this consent/TOS to the RqP
intersection with ANCR/consent receipt/trust registry work in other Kantara groups
Upcoming Conferences
IIW 35, November 15 - 17
FedID 2022 • September 6-9, 2022 • Atlanta, GA .