UMA telecon 2009-09-17
UMA telecon 2009-09-17
Date and Time
- Day: Thursday, 17 Sep 2009
- Time: 9:10-10:30am PDT | 12:10-1:30pm EDT | 16:10-17:30 UTC (time chart)
- Dial-In: +1-218-862-7200 or +1-712-432-3100 (if one doesn't work, try the other)
- Code: 987-632 (do not press #)
Attendees
As of 17 Sep 2009, quorum is 12 of 23.
- Adams, Trent
- Akram, Hasan
- Bryan, Paul
- Catalano, Domenico
- Holodnik, Tom
- Maler, Eve
Regrets
- Christian Scholz
- Michael Hanson
- Iain Henderson
- Maciej Machulak (possibly)
- Jeff Stollman
Agenda
- Roll call
- Approve minutes of UMA telecon 2009-09-10
- Action item review
- Kantara informal UMA meeting report/discussion
- Brief report/discussion on [recursive delegation|OAuth recursive delegation
- Discuss and approve A-priority scenarios
- AOB
Minutes
Roll call
Quorum not achieved.
Approve minutes of UMA telecon 2009-09-10
Deferred due to lack of quorum.
Action item review
Nothing changed; we have a number of aging pending items.
Kantara informal UMA meeting report/discussion
An informal meeting was held at the Kantara F2F meetings in Las Vegas, colocated with Digital ID World. We were not quorate and we didn't record formal minutes. We reviewed the UMA proposition by going through IIW8 backgrounder slides and the current status of UMA scenarios, and Trent kindly took notes to record Q&A that came up. We reviewed Trent's notes and discussed related items on this call.
- Comment by Doc: The use of the term "Allow..." in the charter makes it seem that the protocol is in control, but allowing the user to do something. Consider a rewording along the lines of "Preserve the ability for the user to..."
The charter does use the "Allow..." wording; it is indeed shorthand for "Preserve an individual's ability to...". We're not planning to change it.
- Comment by Doc: How does ProtectServe + Relationship Manager interact with the various other options listed on page 15 of the slides (i.e. titled "Some comparisons, FWTW"); specifically in relation to Kim's 5th Law of plurality of providers (suggestion: might want to update the "Some comparisons, FWTW" slide to include XRD)
AI: Eve: Revise and extend the "compare/contrast" matrix in the background slides, and put them on the wiki.
AI: Eve: Make links to the backgrounder slides more visible on the wiki.
- Question by Joe: How does this approach fit into the model of XRI and Link Contracts?
The original ProtectServe sketch wasn't designed with XRI link contracts in mind, but it turns out they are conceptually identical, and UMA may provide a useful "protocol binding" for the XRI concept. XRI is one of our liaison targets and we have several liaison touchpoints between the efforts (such as Andy Dale and, now, Nat Sakimura).
- Question by Joe: Does the scope include the need to parse the contract terms, or only end at the resolution of an existing contract URI?
We want to be scenario-driven about this. If we have important scenarios that require something like "you must satisfy these terms 'or better'", we may have to figure out what "better" means. If we have important scenarios that offer n pieces of data for terms X, but n+m pieces for terms Y, that's a complex thing we may have to solve. We discussed whether machine readability of terms is strictly needed at first, since a URI that persistently refers to a human/lawyer-readable version seems to suffice in a lot of cases today for string-matched satisfaction (no complex negotiation), including very complex enterprise cases.
The UD-VPI group is reportedly building terms that meet the human/lawyer/machine-readable goal, and may be looking to us to solve the minimum level of functionality around term offers, negotiation, acceptance, etc.
Nat Sakimura's recent blog post and the comments thereon suggest even more ways. How we answer these questions also has an impact on our goals around simplicity, particularly our emerging goal around not adding undue cryptography burdens.
Paul's preference for a design decision that would meet our principles is: Express terms as a Web resource whose representation can be retrieved with an HTTP GET and modified (with an affirmation that the terms are being met) with an HTTP POST.
AI: Eve: Revise the Issue in the scenario doc regarding how requesters can meet terms, to incorporate the discussions that have taken place to date.
Brief report/discussion on [recursive delegation|OAuth recursive delegation
We don't yet have feedback from Michael on this, but Paul reviewed the I-D further, and concluded that the spec is about allowing an existing OAuth Consumer/Client to dole out tokens to other Consumers to access resources without your involvement. This makes a pretty big assumption about the user's trust of the subsequent (Second etc.) Clients; transitivity of trust generally isn't safe to assume. It would therefore be useful to see the use case that motivated the I-D.
The OAuth redirection flow ensures that the user has a say in permissioning, so in a way this extension is the antithesis of OAuth (unless there's some user permissioning process that's mandated but done out of band?).
Discuss and approve A-priority scenarios
Deferred till we have more, and a better mix of, people on the call.
AOB: Update on the teleconferencing situation
A strong recommendation was made to the Kantara Board of Trustees this week to fund, at relatively low incremental cost, a series of "hi-def" lines that would provide better reliability and quality. We will see what happens. More problems were encountered on today's call (no surprise).
Next Meeting: UMA telecon 2009-09-24
Eve can't attend this meeting; Paul will chair in her stead.
- Day: Thursday, 24 Sep 2009
- Time: 9:10-10:30am PDT | 12:10-1:30pm EDT | 16:10-17:30 UTC (time chart)
- Dial-In: +1-218-862-7200 or +1-712-432-3100 (if one doesn't work, try the other)
- Code: 987-632 (do not press #)