UMA telecon 2015-08-20

Date and Time

Thu Aug 20 8:30-10am PT (we start 30 minutes earlier and meet for 90 minutes in August)
- Voice: Skype: +99051000000481 or US +1-805-309-2350 (international dial-in lines), room code 178-2540#
- Screen sharing: http://join.me/findthomas - NOTE: IGNORE the join.me dial-in line shown here in favor of the dial-in info above (Kantara "line C" and the Skype line)
- UMA calendar: http://kantara.atlassian.net/wiki/display/uma/Calendar

Agenda

Roll call
Minutes approval
- Sample motion: Approve the minutes of UMA telecon 2015-08-13.
Last-minute quick hits
- (Last-minute addition:) Restrict GitHub editing?
- Trust elevation TC writeup reviews
- Legal subgroup report
- APAC sync report
Issue resolution work (issues on GitHub) (UMA V1.0.1 issue nominations spreadsheet) ("sprint" document)
- Our timeline has us trying to knock down all of our issues by this week and next
- Then approving our Draft Recommendations for next-stage LC approval the following week or so
AOB

Minutes

Roll call

Quorum was reached.

Minutes approval

tbs

Trust elevation TC writeup reviews and trust elevation/ABAC generally

Andrew wants a half-page, and it's hard to keep it that short! Please review and shorten. Is the permission ticket an essential concept for trust elevation, or not? Step-up authentication is one mechanism; non-uniquely identifying, but nonetheless trusted, claims are another that seems special to UMA ("CBAC").

There's a conversation going on about the role of software statements and OIDC in trust elevation. Mike has been following this.

NIST has an ABAC "building block" under review; Bill Fisher has reached out to offer a conversation with UMAnitarians. Eve will coordinate.

Restricting GitHub editing

Do we need to worry about this? The upside is total IP protection. The downside is the pain of making all WG participants get GitHub accounts (a pain to the people) and become collaborators on the repo to submit GitHub issues (a pain to the repo admins).

Current sensibility is positive.

Legal subgroup report

We've been in massive use-case collection mode. The APAC sync folks had interest and asked about the big thread. We hope to start mappings to legal concepts very soon.

Andi expresses a hope that specific jurisdictional legal requirements won't impact the specs. E.g., US healthcare examples often don't apply to UK and Europe. Adrian would like to focus at some point on adoption strategy, apart from specific legal strategy. We can cast our eye over lessons learned and release strategy.

Issue resolution work

We cleared about half the outstanding items in the spreadsheet and in the issues list.

AI: Maciej: Tweak spec text related to #147, #170, and #172, and close issues as appropriate.

AI: Eve to send email to WG links highlighting newly proposed #163 text, which impacts #164 as well; WG to discuss before next week.

AI: Eve to send email to WG discussion topic around #168; WG to discuss before next week.

AI: Maciej, Eve, and Andi: Do issue assignments before next week.

AI status

AI: Thomas: Review the charter for potential revisions in this annual cycle.
AI: Sal: Investigate IP implications of formal liaison activities with other Kantara groups with the LC, and ultimately draft an LC Note as warranted.
AI: Gil: Edit the UIG to add Ishan's content and excerpt it for Eve to add to the FAQ, pointing everyone to the UIG.
AI: Sal: Fill out IDESG form to have UMA adopted as a recommended standard for use in the IDESG framework.
AI: Mike: Write SCIM protection case study to highlight client claims-based use case.
AI: Maciej: Write as many sections for the UIG as he can.
AI: Justin: Write a UIG section on default-deny and race conditions.

Attendees

As of 30 Jul 2015 (pre-meeting), quorum is 7 of 12. (François, Domenico, Sal, Thomas, Andi, Phani, Robert, Maciej, Eve, Arlene, Irwin, Mike)

Eve
Andi
Arlene
Mike
Maciej
Thomas
François

Non-voting participants:

Adrian
James
Sarah
Scott
Jin
George

Regrets:

Mark

Browser not supported