UMA telecon 2021-06-03

UMA telecon 2021-06-03

Date and Time

Agenda

Minutes

Roll call

Quorum was reached.

Approve minutes

Deferred 



Charter Review/Refresh

Please review the  Draft Charter 2021, changes have been highlighted in red.


(5)

  • A horizontal UMA security profile, considering other profiles including HEART, FAPI, and OAuth 2.1


Changes to Group Leadership

  • we need to renew our annual voting roles, Chair and Vice-Chair
  • Next quorum we'll need to discuss and ideally vote on this topic
  • Feel free to send nominations to the list so we're prepared at our next quorum. Alec will send a separate note to the list to raise this request
  • If you have a voting membership, please let Alec know if you can/can't attend next week


Relationship Manager 

The last session was recorded, check it out so these will make sense

Discussed the merits of having a credential (public key) registered at the RS for a Resource Owner, and the different use-cases it starts to enable, both for UMA and getting into VC/SSI.

  • RO can sign policy it writes to the AS. THe RS can have less trust in the AS since it's really trusting the RO
    • Today the RS trusts the AS as the RO. With the credential, the RS can trust any AS
    • Give the RO some more fiduciary capability aside from systme-sytem (RS-AS) trust. This is part of Decentralized ID value prop 
    • RO can delegate directly to other RqPs
    • Can this help the RS, not have to trust the RO as much? ANCR established the RO establish terms with any other system
    • Binding is the most critical bit of the trust flow. CIBA also solves for this, in a way that a RqP
      • UMA helps Alice ensure, that Bob is who he says, such that her policy can be applied to his request for Access
      • CIBA helps Bob ensure Alice is who she is. Currently we don't strongly bind Alice to the AS
    • Can we bind Alice to the AS, in a way the requesting party can confirm who she is?
    • ANCR wants to capture all this trusted state so that all parties can have this transparency, including getting Witnesses just in time. (parallels to a KERI witnesses, there is cryptogrpahic binding + attestation over an identifier)
      • ie UMA pushed claims, where the AS can 'ask for more' from a trusted thirdy party (the Witness)
  • RS can issue to Alice, VCs. Either resource's as a VC, or actually data-containing VCs. Alice is then free to delegate and use from there. (The ssi credential exchange api)

RS <strong trust> RO <> AS 
RS <> AS <> RqP <> RPT{Alice's proof} <> RS


Alec will update the last RM Draft to:

  • Add back the credential, drop Authorization Servers API from it. 
    • We're shifting the trust from the Fedz Auth api to the RO through their credential. 


AOB

  • will be looking to setup an ANCR presentation to the Group is around a month. Sal will let us know when he's ready


Attendees

As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)

Voting:

  1. Michael
  2. Steve
  3. Eve
  4. Alec
  5. Sal
  6. Domenico

Non-voting participants:

  1. Scott
  2. Colin

Regrets: