UMA telecon 2021-04-15

UMA telecon 2021-04-15

Date and Time

Agenda

Minutes

Roll call

Quorum was NOT reached.

Approve minutes

Deferred

Pensions Dashboard

All the agreements/etc are signed!

Kantara webpage with profile going up shortly, under 'Resources'. 

https://www.pensionsdashboardsprogramme.org.uk/2021/04/13/digital-architecture-invitation-to-tender-issued-13-april-2021/

https://www.professionalpensions.com/news/4029778/pensions-dashboard-programme-begins-hunt-digital-architecture-suppliers


Reminder, IIW is next week (Apr 20-22)

George/Eve to take up the UMA 101 presentation

Identos at demo hour with the ON Health Identity use-case


Identiverse June 21-23, may have a Kantara community session

EIC mid-Sept, Kantara has 2.5-4 hours 


Profiles Discussion, relationship manager draft


Last time we spoke about how the RO can get the URLs to protected resources at the RS. In the initial design of UMA this is out of scope as the RO was able to get the URL through the browser (eg to share a web hosted pdf or google doc)

However some new use cases don't have this mechanism, and have to build other means for Alice (the RO) to get the resource uris to share with Bob.

  1. When registering the resource, should/can the RS tell the AS this is my reference/url/identifier for that resource? 
    1. downside, both sides end up managing both ids
    2. make it optional on resource description, profile can choose to make it mandatory
    3. use-cases, in context of relationship manager, the RO(through the RM) is talking to the RS before resource may be registered. 
    4. use-cases, pension identifier, communicated directly from RS to the dashboard. 
    5. use-cases, AS first flows, the AS would need a way to tell the Client where the granted resource is


If the uri is registered, does the AS return it to the RS on introspection?

Does this relate to the resource_indicators spec? Where the client could go directly to the AS with the uri without needing to get a ticket from a failed request at the RS. 


George sent me to this AS to get authorization, but I need to know where  to go access it.  Today UMA works where, Alice knows the address of my Immunization record, and can share that link to Bob to access. 

Is Alice telling the HCP, "you can get this one piece of information", or "you can access everything that I've granted you access to". Other possible way, Alice opens her health app and the provider 'scans a qr' with the url. Trying to find ways for Alice to have to understand less about the specific resource/fine-grained authorization capabilities of UMA. There are multiple aspects to what Alice does/need to understand to participate in a wide-ecosystem. 

Note, the general danger of making things 'out of scope' in identity management protocols. 


We should likely separate the AS-first flows and discovery mechanisms. 


AOB


Attendees

As of October 26, 2020, quorum is 5 of 8. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve)

Voting:

  1. Eve
  2. Alec
  3. Domenico
  4. Michael
  5. Sal

Non-voting participants:

  1. Scott
  2. George
  3. Tim
  4. Colin

Regrets:

  1. Ken
  2. Ian