UMA telecon 2021-09-23

Date and Time

• Primary-week Thursdays 06:30am PT; Secondary-week Thursdays 10:00am PT
  • Screenshare and dial-in: https://global.gotomeeting.com/join/485071053

  • United States: +1 (224) 501-3316, Access Code: 485-071-053

  • See UMA calendar for additional details: http://kantara.atlassian.net/wiki/display/uma/Calendar

Topic Candidates (from previous week's telcon)

• Outcome of user stories discussion

• PDP architecture includes the concept

• TOIP/SSI are starting to define this ecosystem function

• ANCR records update

• Privacy as Expected. 

• Ontario's Digital Identity Program

Agenda

• Approve minutes of UMA telecon 2021-09-09, UMA telecon 2021-09-16
• Privacy as Expected
• Delegation
• Ontario's Digital Identity Program
• AOB

Minutes

Roll call

• Quorum: no

Approve minutes

• Approve minutes of UMA telecon 2021-09-09, UMA telecon 2021-09-16
  • Deferred

Privacy as Expected

• Site: privacy-as-expected.org
• From above page: PaE:CG [Privacy as Expected: Consent Gateway] is a project funded under NGI TRUST from OCT-2020 to JUN-2021 that will provide an end-to-end, user-centric, comprehensive, open source solution to managing Consent for Personal Data. The key deliverables are open software, a public demonstrator, real-world trials, and publications.

Eve: 

• Me2B is coming out
• Perhaps have an expert join us one week
• https://me2ba.org
• Nancy: seems like there is a lot of redundancy in terms of orgs doing similar things
• NGI Trust: NGI == Next Generation Internet
• Respectful Tech : Spec in final review under me2b org as a WG

Delegation:

Nancy:

• Has anyone done an implementation of UMA on delegation
• https://patientcentricsolutions.com/resources

Peter: Is Alec Laws working on this?

Steve: Analysis of Okta OSS implementations: "Delegate" and "Managed Access"

Eve/Nancy: UMA Legal and business Business-legal Framework and Use Cases

• Trying to separate resource rights administrator from data subject

Nancy: PP2pi (Protecting Privacy to Promote Interoperability Workgroup)

• www.drummondgroup.com/pp2pi
• Soliciting participation in these WG's
• Use cases span medical data with other services – ex; Disabled person looking for a job

Need an analysis of the PP2pi use cases

• this is a layer above UMA. Example:: graph for policy

Ref Sovrin whitepaper: https://sovrin.org/wp-content/uploads/Guardianship-Whitepaper2.pdf

• Eve: Can we make a forcing function out of this: e.g., a report that analyses these use cases w.r.t. UMA
• Mostly useful for scraping terminology
• Finish by end of November?

Delegation: lots of nuance : see UMA Legal role slides

Eve: World of RUFADAA: Revised Uniform Fiduciary Access to Digital Access Act

• https://www.nolo.com/legal-encyclopedia/ufadaa.html
• Most of the states have adopted this, but not exactly
• Again, how do we relate this to UMA
• Steve: Reference: https://www.uniformlaws.org/committees/community-home?CommunityKey=f7237fc4-74c2-4728-81c6-b39a91ecdf22

Sal: that is what we are working on in ANCR and the associated record that is created when RO starts discovery on first contact

Eve; We should use these secondary sources as we develop glossary, as well as how the use cases align (or don't) to UMA use cases.

• Also a concordance of use cases

Ontario's Digital Identity Program

Link to document:  https://www.ontario.ca/page/consultation-policy-framework-ontarios-digital-identity-program

• Alec (previous week's notes): Feel free to submit comments to Ontario about the DI strategy
• We did a shallow review of doc, but we should figure out if any of it is relevant to UMA?
• Sal: put big comment around consent receipts; 

Eve: proposing topic on defining "delegation" and associate 

AOB

11:27 AM

Attendees

As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)

Voting:

1. Peter
2. Eve
3. Sal
4. Steve

Non-voting participants:

1. Scott
2. Nancy

Regrets:

1. Alec