UMA telecon 2013-05-23

Date and Time

Focus meeting on Thursday, May 23, at 9am PT (time chart)
- Skype: +99051000000481
- US: +1-805-309-2350 (other international dial-in lines available) | Room Code: 178-2540

Agenda

(Get on join.me)
Action item and upcoming election review
Further IIW/IDESG/EIC reports and followup thoughts
OpenID Connect (and XDI?) optimization opportunities
Review high-priority issues
AOB

Minutes

Action item and election review

Get your nominations in! Eve has self-nominated for chair. Maciej has self-nominated for vice-chair. We'll do elections next week.

IIW/IDESG/EIC reports and followup thoughts

Of those on the call, Andrew was at EIC. Kantara held a workshop there, which had 40-50 attendees. The topic was mainly trust frameworks, NSTIC, *STIC, etc. Andrew facilitated a session on information sharing and directed consent. UMA came up in this panel. He used the "standard deck". K+C reported that their attendees pretty much demand Kantara content! UMA is getting more widely recognized in the personal cloud/VRM conversation. K+C is big on the "Life Management Platform" concept. Eve notes that EU-based folks in particular have an opportunity to put all these concepts into practice because of their regulatory regime, e.g. "right to be forgotten" in combination with Domenico's UMA innovation on this.

There's an intent to set up workshops around RSA Europe, in October in Amsterdam. This will deal with how trust frameworks fit into the LMP concept. Eve suggests reaching out to Cordny N for this event. Thomas notes that MIT will be sponsoring an OAuth 2.0 interop in the last week of October, the week before IETF. They're considering inviting the OpenID Connect folks too. The OpenID Foundation is helping to sponsor this. Should we think about targeting this timeframe and event for an UMA interop as well? The interop would be in Cambridge, MA Oct 31-Nov 1. IETF 88 is Nov 3-8 in Vancouver, BC. Could we get UMAnitarians and/or Kantara (possibly through directed funds) to sponsor the UMA portion of an interop?

AI: Eve: Notify the LC that there's an opportunity for seeking Kantara directed funds for the October interop.

Andrew is doing a lot of work on trust framework enablement. He's hoping they can quickly model new patterns, to assess how they might come into Kantara's (meta-)framework. George expresses concern about getting trust frameworks to work in the consumer IdP context. We discussed this dilemma a bit: Is social login net negative for individuals? Are we actually reducing the number of times a user is asked for a password at new sites, which is supposedly one of the goals? Some sites are asking for a local password to be assigned as a backup if the IdP is down, for example. Business models for consumer-facing sites and apps distort the picture in weird ways.

Optimization opportunities: RS=C

Bob has to become known to the AS, since the AS has to be a claims client for satisfying Alice's policy. There may be some elements of optimizations that depend on the nature of the claims required. The RS is dependent on the AS to figure out if Bob is okay. Should there be a flow where Bob shows up at Flickr, Flickr asks him to log in even if he doesn't have a Flickr account, and then the RS/client (Flickr) presents the resulting ID token to the AS on his behalf? RPT-getting could potentially be simplified. (Eve wonders if AAT-getting could also be simplified or at least performed as part of some other account setup earlier, since Flicker knows it's both an RS and a C.) Thomas observes that Flickr needs to distinguish when it's in an RS role vs. a C role, for binding obligations purposes.

Attendees

Eve
Thomas
Domenico
Andrew
Adrian
George
Keith
Maciej

Next Meetings

All-hands meeting on Thursday, May 30, at 9am PT (time chart) - leadership elections: chair, vice-chair

Browser not supported