UMA telecon 2021-09-02
UMA telecon 2021-09-02
Date and Time
- Primary-week Thursdays 6:30am PT
- Screenshare and dial-in: https://global.gotomeeting.com/join/485071053
United States: +1 (224) 501-3316, Access Code: 485-071-053
- See UMA calendar for additional details: http://kantara.atlassian.net/wiki/display/uma/Calendar
Agenda
- Approve minutes of UMA telecon 2021-06-10, UMA telecon 2021-06-17, UMA telecon 2021-06-24, UMA telecon 2021-07-01, UMA telecon 2021-07-08, UMA telecon 2021-07-15, UMA telecon 2021-07-22, UMA telecon 2021-07-29, UMA telecon 2021-08-05, UMA telecon 2021-08-12, UMA telecon 2021-08-19, UMA telecon 2021-08-26
- Minimal Interop Profile - UMA Grant
- Relationship Manager - user stories / Discovery
- AOB
Minutes
Roll call
Quorum was NOT reached.
Approve minutes
- Approve minutes of UMA telecon 2021-06-10, UMA telecon 2021-06-17, UMA telecon 2021-06-24, UMA telecon 2021-07-01, UMA telecon 2021-07-08, UMA telecon 2021-07-15, UMA telecon 2021-07-22, UMA telecon 2021-07-29, UMA telecon 2021-08-05, UMA telecon 2021-08-12, UMA telecon 2021-08-19, UMA telecon 2021-08-26
Deferred
European Identity Conference
https://www.kuppingercole.com/sessions/4591/1
UMA content for 15 mins spot: https://docs.google.com/presentation/d/1GdvHFYEPVpWT55nXZtkShCZ8RQC696KJ5oghlHJrnuU/edit#slide=id.g8dc579d6b5_0_528
Practitioners familiar with OAuth, getting pushed to implement UMA-like flows on their OAuth Authorization Server
- OAuth vs UMA, what is well solved by each. ← could we add 1 slide to this
- There was an identiverse session, Jared Hansen → UMA lite
- should we create this content in general for the wiki, will start getting this from other communities eg SSI
- UMA + DID/VC
Minimal Interop Profile
To look at the UMA Grant side
Goal: make sure that AS's are interoperable , eg one AS can be 'swappable' with other ASs. Understanding of 'extras'/vendor specific values that degrade that interop. As an RS the more ASs I can support define the 'wide' ecosystem I can support
Scope of test
- 1 AS under test
- 1 Mock Client test suite
- 1 Mock IDP for claims pushing
Input to Mock Client Test Suites
- uma2 well-known
- permission tickets ← how are they generated
- claim tokens ← how are they generated
- acceptable claim token
- unacceptable claim token
Need to test the variations of the AS interface, however this required vendor specific configuration
There are way more required initial conditions to be setup at the AS, and the Client is validating that the expected result matches what happens
- Have many registered resources
- set specific policy settings against registered resources
- validate the AS executes the policy(s) correctly
Two Tables
- registered resource, specific policy ( pushing + token formats, interaction)
- permission ticket, expected flow
Test Setup Phase (Done by the AS operator)
- pre-create many resources (static or however)
- set specific policy determined by the test suite against each resource
- generating permission tickets for each test case → input to the Mock UMA Client
Test Cases (Table 2)
- ticket with 1 resource, user interaction, denied
- ticket with 1 resource, user interaction, rpt granted
- ticket with 1 resource, claims pushing, denied
- ticket with 1 resource, claims pushing, rpt granted
- unknown ticket, result is invalid_grant
- claims pushing, 3 required_claims, where any 1 pushed results in an RPT
- claims pushing, 3 required_claims, where all need to be pushed to result in an RPT
- claims pushing, 3 required_claims, where 2/3 need to be pushed to result in an RPT
- claims pushing and gathering, 1 required claims and user interaction results in an RPT
- claims pushing, after pushing claims, then interaction is required,
needs_info, clarify optionals
Are there existing Kantara interop examples? Not really, there was some interop testing done for identiverse in 2017(?)
UMA1 Interop Features and Feature Tests
Attendees
As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)
Voting:
- Andi
- Alec
- Domenico
- Steve
Non-voting participants:
- George
- Scott
Regrets: