UMA telecon 2021-08-12

Date and Time

Alternate-week Thursdays 10:00am PT
- Screenshare and dial-in: https://global.gotomeeting.com/join/485071053
- United States: +1 (224) 501-3316, Access Code: 485-071-053
- See UMA calendar for additional details: http://kantara.atlassian.net/wiki/display/uma/Calendar

Agenda

Approve minutes of UMA telecon 2021-06-10, UMA telecon 2021-06-17, UMA telecon 2021-06-24, UMA telecon 2021-07-01, UMA telecon 2021-07-08, UMA telecon 2021-07-15, UMA telecon 2021-07-22, UMA telecon 2021-07-29, UMA telecon 2021-08-05
European Identity and Cloud Conference 2021
Relationship Manager - user stories
AOB

Minutes

Roll call

Quorum was NOT reached.

Approve minutes

Approve minutes of UMA telecon 2021-06-10, UMA telecon 2021-06-17, UMA telecon 2021-06-24, UMA telecon 2021-07-01, UMA telecon 2021-07-08, UMA telecon 2021-07-15, UMA telecon 2021-07-22, UMA telecon 2021-07-29, UMA telecon 2021-08-05

Deferred

European Identity and Cloud Conference 2021

Sept 13. Will anyone be attending in person?

UMA will have a 15 min presentation slot during a wider Kantara workshop, let me know if you want to participate!

Alec will present virtually and repurpose some existing "what is UMA" material and supplement with some what we're doing now. I'll try to share the presenation to the list ahead of time

Relationship Manager - user stories

A good resource to investigate re URLs and how they're abstracted from users is Google's Zanzibar: https://www.youtube.com/watch?v=mstZT431AeQ, https://research.google/pubs/pub48190/

How to address the usability of fine-grained access control? There's a lot of performance questions (eg the need to registry 1000s of URLs) which are separate from the usability. One example are images/diagnostic images, want ability to share just one, or a related collection all together

As a Client, I want to be able to declare types I understand, in order to successfully use complex APIs
As an RS, I want to defer permission ticket creation, in order to a) not have to understand the Client b) not make authZ decisions (tell me don’t make me think)
As an ASO, I want to pre-register Clients, in order to assess their appropriateness, capability and complete non-technical activities
As a Client, I want to pre-register with ASs, in order to a) test my UX and technical integrations b) declare my capabilities

Any Other Business

still would like to work towards a minimal interop profiles or efforts this year

Attendees

As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)

Voting:

Steve
Alec
Domenico

Non-voting participants:

Regrets:

Browser not supported