UMA telecon 2018-05-24

UMA telecon 2018-05-24

Date and Time

Agenda

  • Roll call
  • Approve minutes
  • Business model and use cases
    • RUFADAA++ scenarios – Eve will have some visual representations – how to "spec" all this?
  • UMA and Open Banking
    • Analyze relevance of UMA for "decoupled" use cases
  • AOB

Minutes

Roll call

Quorum was reached.

Approve minutes

MOTION: Andi moves: Approve minutes of UMA telecon 2018-03-01, UMA telecon 2018-03-29, UMA telecon 2018-04-12, UMA telecon 2018-05-10: APPROVED by unanimous consent.

Business model and use cases

    • RUFADAA++ scenarios – Eve will have some visual representations – how to "spec" all this?

Is IRM a new concept? Who invented it? Kantara has an IRM WG; it produces Reports and isn't super-active at the moment. The notion is that something like "IRM" is needed to distinguish higher-order changes than the UMA protocol can detect, e.g., in sub-scenario 3, when Johnny is able to manage his own resources; Alice's PATs for managing Johnny resources (and any associated downstream artifacts) should be killed but not her PATs for managing her own resources. Only some repository that tracks the distinction can do that. It doesn't have to be a graph DB.

A 40th state has just enacted RUFADAA! Our theory is that these are all variously painful problems for which UMA-enabled services would be valuable solutions. The visualizations should help us start to have the conversations to figure out how painful/valuable. How would consents be managed? What would the "Online Tool" do to enable the solution? Kathleen notes that HL7 has a project around FHIR and are planning to reach out to Kantara. ONC has an Informed Consent pilot, where they're recruiting children and young adults and trying to figure out this "children aging-in" piece. There's a Resource type call Questionnaire Question Response, and there's a Compound Consent.

The Origo use case seems to be applicable to a bunch of other financial areas, and potentially to healthcare as well, but in the US, the challenge is discoverability, and HEART doesn't touch the third rail of discovery. Would an "opt-in" discovery service that Alice permissions the use of be viable? (This is for HEART to take up, perhaps.)

How would the legal devices and technical artifacts interact? The tokens wouldn't contain the devices; they probably need to point to them through URLs.

We aren't talking about NEW contracts in addition to ones that (say) the end-user resource owner would agree to. However, there might be additional clauses we recommend they contain to be protective of privacy rights.

AIs:

  • Tim: Reach out to Uniform Law Commission contacts
  • Eve: Finish all known business model scenarios to date
  • Eve: Reach out to Origo to share status
  • Eve: Share EIC slides with the WG (DONE)
  • Kathleen: Share links to HL7 work

UMA and Open Banking

  • Analyze relevance of UMA for "decoupled" use cases (deferred again)

Next time

  • Gluu Gateway demo
  • Brainstorm on enterprise UMA use cases

Attendees

As of 7 Mar 2017, quorum is 4 of 7. (Domenico, Sal, Andi, Maciej, Eve, Mike, Cigdem)

  1. Domenico
  2. Andi
  3. Eve
  4. Mike

Non-voting participants:

  • Kathleen
  • Nancy
  • Tim

Regrets:

  • Thomas
  • Mark