UMA telecon 2021-09-23

Date and Time

• Primary-week Thursdays 06:30am PT; Secondary-week Thursdays 10:00am PT

  • Screenshare and dial-in: https://global.gotomeeting.com/join/485071053

  • United States: +1 (224) 501-3316, Access Code: 485-071-053

  • See UMA calendar for additional details: http://kantara.atlassian.net/wiki/display/uma/Calendar

Topic Candidates (from previous week's telcon)

• Outcome of user stories discussion

• PDP architecture includes the concept

• TOIP/SSI are starting to define this ecosystem function

• ANCR records update

• Privacy as Expected. 

• Ontario's Digital Identity Program

Agenda

• Approve minutes of UMA telecon 2021-09-09, UMA telecon 2021-09-16

• Privacy as Expected

• Delegation

• Ontario's Digital Identity Program

• AOB

Minutes

Roll call

• Quorum: no

Approve minutes

• Approve minutes of UMA telecon 2021-09-09, UMA telecon 2021-09-16

  • Deferred

Privacy as Expected

• Site: privacy-as-expected.org

• From above page: PaE:CG [Privacy as Expected: Consent Gateway] is a project funded under NGI TRUST from OCT-2020 to JUN-2021 that will provide an end-to-end, user-centric, comprehensive, open source solution to managing Consent for Personal Data. The key deliverables are open software, a public demonstrator, real-world trials, and publications.

Eve: 

• Me2B is coming out

• Perhaps have an expert join us one week

• https://me2ba.org

• Nancy: seems like there is a lot of redundancy in terms of orgs doing similar things

• NGI Trust: NGI == Next Generation Internet

• Respectful Tech : Spec in final review under me2b org as a WG

Delegation:

Nancy:

• Has anyone done an implementation of UMA on delegation

• https://patientcentricsolutions.com/resources

Peter: Is @Alec Laws working on this?

Steve: Analysis of Okta OSS implementations: "Delegate" and "Managed Access"

Eve/Nancy: UMA Legal and business Business-legal Framework and Use Cases

• Trying to separate resource rights administrator from data subject

Nancy: PP2pi (Protecting Privacy to Promote Interoperability Workgroup)

• www.drummondgroup.com/pp2pi

• Soliciting participation in these WG's

• Use cases span medical data with other services – ex; Disabled person looking for a job

Need an analysis of the PP2pi use cases

• this is a layer above UMA. Example:: graph for policy

Ref Sovrin whitepaper: https://sovrin.org/wp-content/uploads/Guardianship-Whitepaper2.pdf

• Eve: Can we make a forcing function out of this: e.g., a report that analyses these use cases w.r.t. UMA

• Mostly useful for scraping terminology

• Finish by end of November?

Delegation: lots of nuance : see UMA Legal role slides

Eve: World of RUFADAA: Revised Uniform Fiduciary Access to Digital Access Act

• https://www.nolo.com/legal-encyclopedia/ufadaa.html

• Most of the states have adopted this, but not exactly

• Again, how do we relate this to UMA

• Steve: Reference: https://www.uniformlaws.org/committees/community-home?CommunityKey=f7237fc4-74c2-4728-81c6-b39a91ecdf22

Sal: that is what we are working on in ANCR and the associated record that is created when RO starts discovery on first contact

Eve; We should use these secondary sources as we develop glossary, as well as how the use cases align (or don't) to UMA use cases.

• Also a concordance of use cases

Ontario's Digital Identity Program

Link to document:  https://www.ontario.ca/page/consultation-policy-framework-ontarios-digital-identity-program

• Alec (previous week's notes): Feel free to submit comments to Ontario about the DI strategy

• We did a shallow review of doc, but we should figure out if any of it is relevant to UMA?

• Sal: put big comment around consent receipts; 

Eve: proposing topic on defining "delegation" and associate 

AOB

Attendees

As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)

Voting:

1. Peter

2. Eve

3. Sal

4. Steve

Non-voting participants:

1. Scott

2. Nancy

Regrets:

1. Alec