UMA telecon 2021-02-04

Date and Time

• Primary-week Thursdays 6:30am PT
  • Screenshare and dial-in: https://global.gotomeeting.com/join/485071053

  • United States: +1 (224) 501-3316, Access Code: 485-071-053

  • See UMA calendar for additional details: http://kantara.atlassian.net/wiki/display/uma/Calendar

Agenda

• Approve minutes of UMA telecon 2021-01-21, UMA telecon 2021-01-28
• Announcing, ANCR WG
• UMA and FAPI discussion
• Pensions Dashboard update
• Other profiles next steps
• AOB

Minutes

Roll call

Quorum was reached.

Approve minutes

• Approve minutes of UMA telecon 2021-01-21, UMA telecon 2021-01-28

Andi Moves to Approve, APPROVED

Announcing, ANCR WG

As shared on the UMA mailing list, a new WG has recently started: Advanced Notice & Consent Receipt - ANCR-WG

Goal, update consent receipt 1.1, update the fields captured around a specific consent receipt "the anchor receipt"

Meets Wednesday 1030ET

UMA and FAPI discussion con't

FAPI as a profile can notionally be supported by an UMA AS. How can we demonstrate that UMA/FAPI work nicely together? WIth a goal of getting some mutual recognition from FAPI(?)

In UK there is a push for strong consent+authorization+privacy, can UMA fill that need left by base security profiles? The federation and delegation cases seem to be realized as an afterthought in these solutions. 

HEART started profiling UMA for the Healthcare use case, maybe this is a starting point for a UMA/FAPI security profile. 

Another angle is that FAPI is a security profile for open banking use-case. Can UMA show it's value better in the use-case vs simply accepting security profiles. OpenBanking is defining the "implementation profile"/ wider ecosystem roles and interactions (eg specific client types like payment initiation service providers(sp?))

How can we take this further to include the Consent Receipt? The consent receipt today was designed to be the minimal international information needed for a real meaningful consent. 

Can a consent receipt be a 'grant'? Person gives their 'grant'(s) at the AS, captured as a consent receipt, before the AS issues the technical grant(uma ticket) to a client. Tickets and token could refer to the specific receipt (ie as a uri). Human gives consent grant, which through law corresponds to outcomes/preferences as interpreted by an AS.

https://kantarainitiative.org/confluence/download/attachments/129565039/privmas08_BRUE.mp4?version=1&modificationDate=1590848036678&api=v2 

Pensions Dashboard update (if needed)

No major update. Let's setup a topic around the group IPR separate from the Pensions Dashboard topic

Other profiles next steps

Attendees

As of October 26, 2020, quorum is 5 of 9. (Michael, Karim, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve)

Voting:

1. Michael
2. Andi
3. Domenico
4. Alec
5. Sal

Non-voting participants:

1. Ian
2. George
3. Mark 
4. Colin
5. Nancy