UMA telecon 2011-06-30
UMA telecon 2011-06-30
Date and Time
- WG telecon on Thursday, 30 Jun 2011, at 9-10:30am PT (time chart)
- Skype line "C": +9900827042954214
- US: +1-201-793-9022 (other int'l numbers) | Room Code: 295-4214
Agenda
- Roll call
- Approve minutes of 2011-06-23 meeting
- Action item review
- Schedule review
- Discuss marketing/PR progress
- Signups for blogging, tweeting, distributing?
- What wiki changes should we line up?
- What hashtag to use?
- Approve Report today?
- Contribute I-D by Monday July 4
- Webinar dry-run Monday July 11
- Webinar July 15
- Date/time is now changed to July 13
- Plan webinar content and presenters
- Discuss marketing/PR progress
- Core protocol review
- When can we fill in messages and error codes?
- UK OASIS event in Oct: interest in participating?
- AOB
Attendees
As of 2 Jun 2011 (pre-mtg), quorum is 6 of 11.
- Catalano, Domenico
- D'Agostino, Salvatore
- Fletcher, George
- Machulak, Maciej
- Maler, Eve
- Moren, Lukasz
- Wolniak, Maciej
Guest:
- Jacek Szpot
Regrets:
- Thomas Hardjono
- Susan Morrow
- Cordny Nederkoorn
Minutes
New AI summary
Eve, Maciej |
Open |
Plan webinar content. |
 |
|
Susan, Dervla |
Open |
Test WebEx system/account to ensure we can record the webinar. |
 |
Roll call
Quorum was reached.
Jacek is a new member of the SMART team. He's been studying IT and CS. He'll be helping out with the UMA protocol, implementation, and the SMARTAM software.
Approve minutes of 2011-06-23 meeting
Minutes of 2011-06-23 meeting APPROVED.
Action item review
- 2010-11-18-4 Eve Open Capture new user stories in the wiki. Try to do this before the publicity launch.
- 2011-04-07-2 Frank, Kirk Open Match constellations to scoped access diagrams to see what happens.
- 2011-04-14-1 Maciej, Alam Open Build list of FAQs (both questions and candidate answers) on the wiki. Alam gave Maciej a list of questions; we'll work on this.
- 2011-06-02-1 Thomas Now OBE Recommend times to do a WebEx SMARTam demo with the UMA WG members. We'll turn this into the webinar dry run on July 11.
SMARTAM news
They are thinking about abstracting the IdP-side functionality of the AM, so as not to be too closely tied to Facebook. Perhaps Google+ Circles could provide another alternative. They have just upgraded SMARTAM to be able to show you a history log of how people have been accessing your resources. It's in "wall" format. You also have a means of modifying access from this view. They also added the ability to track and respond to unilateral access requests for which the authorizing user hasn't made a policy yet.
NSTIC privacy workshop
Sal attended. He didn't have a good time slot to present UMA, as we thought he might, but we distributed the prepared slides to Jeremy Grant. The workshop was two days. People from EFF, Microsoft, etc. attended – an interesting mix of industry and others. The discussion about "why privacy matters" was mostly significant in that it allowed the program office to stress its commitment. (The first workshop was on governance.) There will be a technology workshop in September on the west coast.
The workshop went into breakouts to discuss technology approaches. UMA came up a couple of dozen times over the course of the event. Zero-knowledge proofs came up a couple of times. The workshop was webcast and that recording may still be available. The first day's panel is probably worth listening to. Also look at the presentations online. If they consolidate the reports coming out of the breakouts, that would be valuable too.
Schedule review
The webinar will now be held on Thursday, July 14, at our regular call-in time of 9am PT, for one hour. We'll plan to send out the press release by Thursday, July 7. We're collecting quotes from people who are implementing or planning to implement UMA or need it uniquely.
We now have a Facebook page! Everyone should go and "like" it. It's called User-Managed Access. We'll get a nice URL for it when enough people have liked it.
We should use the #UMAWG hashtag going forward. #UMA has too many overlaps and unrelated stuff.
Eve and Maciej M. will be the webinar presenters by default. We'll see if Alam can also join to do a demo of his stuff.
Here is a list of venues where we want to get the news out, and responsible people:
- Project VRM: Eve
- PIMN identity community in NL: Cordny
- OAuth lists: Thomas?
- OpenID lists: John Bradley?
- NSTIC community: Sal
- Adjacent Kantara groups and the overall community list: Eve
- hData: Eve
- LinkedIn groups: Cordny?
- Forrester community forum: Eve?
Report approval consideration
MOTION: Approve the UMA core spec in its current form, with instructions to the editors to continue incorporating open items. APPROVED by unanimous consent.
We can continue to revise it going into the future, of course.
Core protocol review
Lukasz and his colleagues will plan to finish their edits by tomorrow (Friday). Thomas and Eve will prepare the draft on July 3 for submission by July 4.
Discussion of ISSUE #12: George was advocating option B, and Eve now agrees. We gained consensus to go with option B for now (UMA error and HTTP error when token is invalid). Lukasz's current work on the error messages just has an error message for "invalid token". Let's go with that for now. We can add detail as required in future, while being careful not to expose to the host any information that it shouldn't necessarily know.
This closes ISSUE #05 as well!
Maciej points out that it has to be possible to return an empty array of permissions when the token is valid but isn't associated with any permissions yet. Agreed.
Discussion of ISSUE #16: Domenico and Eve will try to flesh out the spec text on trusted claims, or at least link to the separate document Domenico has prepared.
Discussion of ISSUE #30: We say the {hostid} has to be the client ID, but what if the host is in the position of using anonymous credentials for some reason? Is that even a possibility in the case of hosts (vs. requesters)? Should we identify this more obviously as a constraint? Lukasz and Eve think it should be identified as a constraint, meaning that if dynamic registration is used, it has to support truly unique client credential issuance. We gained consensus to go with this approach for now.
Discussion of ISSUE #31: SCIM sends RESTful CREATE/UPDATE responses that contain the whole JSON structure. We gained consensus that we should do the same.
UK OASIS event in October
The SMART team is willing to present if this event jells.
Next Meetings
- WG telecon on Thursday, 7 Jul 2011, at 9-10:30am PT (time chart)
- WEBINAR dry-run on Monday, 11 Jul 2011, at 9-10:30am PT (time chart) – stay tuned for access info
- WEBINAR (not regular telecon) on Thursday, 14 Jul 2011, at 9-10:30am PT (time chart) – stay tuned for access info
- WG telecon on Thursday, 21 Jul 2011, at 9-10:30am PT (time chart) – overlaps Cloud Identity Summit; Eve regrets?
- WG telecon on Thursday, 28 Jul 2011, at 9-10:30am PT (time chart)
- Skype line "C": +9900827042954214
- US: +1-201-793-9022 (other int'l numbers) | Room Code: 295-4214