UMA telecon 2022-02-10

Owned by Alec Laws
Last updated: Feb 10, 2022
3 min read

UMA telecon 2022-02-10

Date and Time

Agenda

Minutes

Roll call

  • Quorum: No

Approve minutes

Deferred



Reminder: CRWeb Demo at the next Kantara LC call (Feb 16 @12PM EST)

iGrant.io, Gataca, and Human Colossus will demonstrate how consent notice, or data agreement as it will be called in the demo, is signed between issuers/verifiers (data controllers) with holders (data subjects).  The data agreement sets a clear usage purpose, what personal data is collected, how long data is retained, and which lawful basis for processing and other information.  The data agreement was initially based on Kantara Consent Receipt and now is being standardized within the ISO standard 27560.
https://zoom.us/j/94897867446?pwd=YSsxdjZLMzFmUmhNd2NBMnlwbEZHZz09


Review progress on Julie Use-case Report

Please find the new working document here: Notes, drafts, and WIP 

  • reviewed the action plan
  • agreed on strategy for images


what are alternative techniques for patient mediated exchange? 

  • one challenge is that "UMA is not SMARTonFHIR" → SOF is very limited 


should there be a companion technical document/guidance that goes or follows the Julie report? more specificity for those who want to have this problem


https://www.udap.org/

UDAP #1, client attestation → clients have a software statement with attestations from one of more other entities (trusted 3rd party). UMA can use UDAP as a valid client registration strategy

UDAP #2, tiered authorization → clients provide a hint to the AS about what IDP the end user may be able to authenticate with. The AS can then federate to that IDP - or some other IDP. AN UMA AS federating to an IDP is very 'normal' UMA deployment


Can/should we create some UDAP & UMA white paper or implementor guidance?




UMA vs Other specification

  • there is a chart from a couple years ago
  • compare protocols & features (eg a product comparison type matrix with (tick) and (error) 's)


Article: NFTs offer new method to control personal health information 



Potential Future Work Items / Meeting Topics

  • UMA vs (OAuth, OIDC, GNAP, UDAP, ....) 
    • compare protocols & features (eg a product comparison type matrix with (tick) and (error) 's)
  • Confluence clean up, archive old items and promote the latest & greatest
  • Review of the email-poc correlated authorization specification
  • A financial use-case report (following the Julie healthcare template)
    • either open banking or pensions dashboard
    • openbanking is to FHIR(data model) as FAPI is to SMARTonFHIR(authZ protocol profile)


Upcoming Conferences

Alec will be attending HIMSS

Nancy will be at Vive the week before

Are there specific messages we want to promote to those healthcare communities?


AOB



Attendees

As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)

Voting:

  1. Steve
  2. Alec
  3. Eve
  4. Sal

Non-voting participants:

  1. Nancy
  2. Scott F

Regrets: