UMA telecon 2018-06-14
UMA telecon 2018-06-14
Date and Time
- Thursdays 9am PT
- Screenshare and dial-in:Â https://global.gotomeeting.com/join/857787301
- See UMA calendar for additional details:Â http://kantara.atlassian.net/wiki/display/uma/Calendar
Agenda
- Roll call
- Approve minutes: Approve minutes of UMA telecon 2018-06-07 Â
- Upcoming meeting planning
- Meet Jun 28 right after Identiverse?
- No meeting July 5
- Should we reduce the meeting schedule over July/August?
- Who might attend a Kantara plenary on Fri Oct 26 (just after IIW)? Potential cross-group agenda items (e.g. IRMWG, CISWG, CMWG...)?
- Decoupled flow if new data
- Enterprise use cases/Gluu Gateway
- AOB
Minutes
Roll call
Quorum was reached.
Approve minutes
Approve minutes of UMA telecon 2018-06-07: APPROVED by unanimous consent.
Michigan Health Information Exchange
The Michigan HIE had a connectathon with a use case that was very UMA-like. A patient who has just reached the age of 18 is able to share info with another app or whoever she wants, using her right of access. The use case involves using filters and labels so that HPV information doesn't reach her parents. It's a healthcare + education use case.
Upcoming meeting planning
- Meet Jun 28 right after Identiverse?
- No meeting July 5
- Should we reduce the meeting schedule over July/August?
- Who might attend a Kantara plenary on Fri Oct 26 (just after IIW)? Potential cross-group agenda items (e.g. IRMWG, CISWG, CMWG...)?
No meeting Jun 28, no meeting Jul 5, chop out some meetings in Jul and Aug.
Who might be available for a Kantara plenary? Chris Blanton from Gluu, Adrian, Eve, possibly Maciej. Adrian has tried to bring the SSI and Kantara communities together. Gluu has demonstrated that a "SSI claim" can be used to satisfy policy, and IIW itself can be used for discussing combining UMA and SSI to the extent that this is of interest, or if there are challenges that are arising. On the other hand, there are potentially opportunities not yet being exploited.
Other cross-group agenda items Eve had thought of were along the lines of the "cradle-to-grave scenarios" and solving them with suitable application of IRM workflows and throwing off receipts, but we haven't gotten any farther than that.
UMA and Decentralized Identity Foundation
Adrian has been advocating for UMA being a component of DIF's "hub" role. Kim Cameron spoke on this at EIC18. Let's start to take a look at what this might mean over the summer.
Decoupled flow
Deferred.
Enterprise use cases/Gluu Gateway
Mike showed a demo; find it here. It uses Kong underneath. Question: Kathleen: Can it handle scopes like HEART has? The Gluu take is that scopes map to policies on the Gluu Server. An UMA scope might be something like "OutSideUS", and the policy is a Python script. The policy provides context: Who is the subject? What is the client? It could call an external RBAC or XACML PDP. The gateway (proxy) is really simple; it's the PEP; it doesn't know anything about that. (See the documentation.) It introspects the token and caches the results. So if an API comes with whatever scope design, can it handle that and map to policy as necessary? Yes. You can switch from "UMA Resources" (settings for resources with their scopes) to "OAuth Scope Security".
Mike is seeing a lot of consumer use cases for the gateway these days, and use with microservices. What is the business case?
- Proxy for APIs for internal and external services that are containerized
- Centrally enforce access
- Rate limiting for DoS protection, billing, etc.
UMA2 masterclass materials
Eve walked through the draft slides for the masterclass she and Mike are doing at Identiverse. The "federated authorization" language is challenging to people, so it's now "externalized" authorization. People will review the deck more before Monday.
Attendees
As of 7 Mar 2017, quorum is 4 of 7. (Domenico, Sal, Andi, Maciej, Eve, Mike, Cigdem)
- Domenico
- Maciej
- Eve
- Mike
Non-voting participants:
- Scott
- Bjorn
- Kathleen
- Adrian
- Tim
- Nancy
Regrets:
- Andi
- Cigdem