UMA telecon 2013-05-16
UMA telecon 2013-05-16
Date and Time
- Focus meeting on Thursday, May 16, at 9am PT (time chart)
- Skype: +99051000000481
- US: +1-805-309-2350 (other international dial-in lines available) | Room Code: 178-2540
Agenda
- (Get on join.me)
- Action item and upcoming election review
- IIW/IDESG (and ongoing EIC) reports: use cases? optimizations? buzz? other?
- IIW session: http://iiw.idcommons.net/Privacy_%E2%80%93_Preserving_Accessibility_Support_with_UMA_andGPII
- UMA/GPII use case submitted to IDESG wiki use case collection; Keith joining use case ad hoc group
- OpenID Connect optimization opportunities (see slides)
- Review high-priority issues
- AOB
Minutes
Action item review
Results shown on that page. Internet2 is working closely with Gluu. There's a recent hiccup, but good communications. The Scalable Privacy work through NSTIC is definitely friendly to the Gluu stack, but we're all agreed that multiple implementations are healthy and valuable. Maybe we'll be doing interops for "Enterprise UMA" before long.
IIW/IDESG (and ongoing EIC) reports
"Personal clouds" were the hot topic. It seems that XDI is the technology of choice for enabling these. What's the UMA/XDI relationship? It seems this question has come back! Eve will ask Mike to share his thoughts at a future meeting.Â
Keith reports: His IIW GPII session notes are here. Debbie Bucci, now at ONC, talked about their data segmentation work ("DS4P", Eve's guessing). The IDESG session focused on use cases. He discussed GPII there too, with the NPO folks. If GPII can demonstrate success against its goals using UMA, it can find global champions. GPII is just one example of what can be protected, and the concept can be extended pretty far. So the item of highest importance is influencing the primary GPII people to use this solution. General impressions: IDESG participants = 1/3 people "doing good", 1/3 people trying to "make money", and 1/3 people who want it to fail.Â
Dave reports: All the NSTIC pilot folks presented. Got positive feedback. AXN did a demo. Keith notes that attribute assurance elements of AXN could be important for GPII's work. Is there interest in standardizing the attributes around this? Dave co-chairs the Attribute Exchange group at OIX, and there's a guidebook they've put together. Since the AXN swimlanes we'd originally seen, they've carried this forward. They're working on a final draft, to be published by June so that they can brief on this at CIS.
Eve suggests a fresh AXN/UMA "summit" on alignment. Dave agrees. For their DHS first-responder use case, they need to have a separate flow that involves a cert that confirms (say) employment. He's thinking that having the Gluu implementation as a concrete instance can help us explore. Should we think about such a summit at CIS? TSCP (the aerospace/defense group) has been working on peer-to-peer exchange, and need to solve for access to corporate resources; "Enterprise UMA" may have implications here. Is Gluu is a key exemplar of the soup-to-nuts UMA flows. There is one other complete open-source implementation, done by Fraunhofer AISEC. See the Implementations page for the full list.
Who will be at CIS? Eve, Dave, and possibly Keith. Eve will look into a F2F summit for something like Access Mgmt 2.0 there.
Let's target the June 20 UMA meeting (noon ET, 9am PT, as usual) for an AXN/Scalable Privacy/UMA summit. Eve will specially flag/announce this on the list at the beginning of June.
Optimization opportunities
Dave notes that NIST's special publication draft 800-162 on ABAC is potentially relevant here. It recommends policy layers around this.
Attendees
- Eve
- Alam
- Domenico
- Keith
- Dave Coxe
- Maciej
- Lukasz
Regrets:
- Adrian
- Sal
- Thomas
Next Meetings
- Focus meeting on Thursday, May 22, at 9am PT (time chart)
- All-hands meeting on Thursday, May 30, at 9am PT (time chart) - leadership elections: chair, vice-chair
Â