UMA telecon 2015-04-01

Date and Time

• Wed Apr 1 3-4pm PT (no joke!) (APAC-friendly time)

  • Voice: Skype: +99051000000481 or US +1-805-309-2350 (international dial-in lines), room code 178-2540#

  • Screen sharing: http://join.me/findthomas

  • UMA calendar: http://kantara.atlassian.net/wiki/display/uma/Calendar

Agenda

• Roll call

• Minutes approval

  • Sample motion: Approve the minutes of UMA telecon 2015-03-19.

• Recommendation text status and editorial changes

• Upcoming meetings and outreach plans

• Binding Obligations

• AIs

• AOB

Minutes

Roll call

Quorum was not reached.

Minutes approval

Deferred.

Recommendation text status and editorial changes

We do intend to incorporate the final editorial issues that have been captured during this final period in creating the "rec" versions of the specs, vs. the "draft" versions. This process should be completed this week.

Upcoming meetings and outreach plans

• No telecon IIW week

• Regular telecon Thursday April 16 (HIMSS week)

  • The Kantara breakfast event is Apr 15

  • For those not yet part of the OIDF HEART WG, note that it is holding a F2F there as well

• No telecon RSA week

  • Adrian is facilitating a P2P session on Apr 21 at 4:30pm on health privacy standards

  • The Nonprofits on the Loose party is the evening of Apr 21 at Minna Gallery

  • The Rock Opera that Eve is in is on Thursday morning

  • Dave Staggs' UMA Healthcare talk (with a demo from Eve) is Friday morning

• Regular telecon Thursday April 30

• No telecon Thursday May 7 (EIC week)

  • Kantara All-Hands May 4

  • Kantara workshop May 5 (UMA talk)

  • OpenID Foundation workshop May 5 (HEART talk)

  • EIC has a User-Managed Identity and Access Track! (Eve speaking on UMA in the track)

  • Eve has a keynote

• IWPE'15 May 21 in Oakland with IEEE Symposium on Security and Privacy

• ForgeRock Identity Summit May 27-29 in Half Moon Bay

• Cloud Identity Summit June 8-11 in San Diego

Do any webinars/tweet chats/other? What if we were to schedule a webinar around our normal telecon time on Thursday May 14, and possibly a tweet chat series leading up to and after it to ask/answer questions? (E.g. the Monday prior and some day the week after?) Or maybe multiple tweet chats is too much. But a tweet chat that helps promote the webinar and gathers input for it seems to be a good idea. There will probably be a lot of OIDC news at RSA, so we may want to let that subside a bit before advertising the webinar and chat.

Binding Obligations

Mike F worked on state of VA digital identity forever, and knows Tim Reiniger well.

AI: Mike F: Reach out to Tim R to see if he's amenable to "Binding Obs outreach".

Liaisons with other Kantara groups

Sal has been raising opportunities to coordinate with IDoT (particularly) and IRM and CIS groups. Setting policy for devices, ensuring that a data subject is able to direct sharing, and so on are key challenges. Eve's entree into this topic was Simon Moffatt's notion of the split between a data subject and the owner of a device. Sal had been pointing to a white paper on "How to Find a Thing". If you get the policies right when a thing is registered, it doesn't matter so much who gets the things afterwards because the policy would follow the thing – right?? Justin's comments about race conditions seem to apply here as well. There seems to be a single initial opportunity for provisioning/registering the device (bunch of resource sets) correctly, and then a bunch of authorization opportunities should be correctly executed thereafter.

Gil proposes, however, that people habitually don't get things right up front. So how much late binding/registration can we actually tolerate? Or how much can we automate early binding/registration? The Consent Receipt concept is trying to automate compliance so that it begins to be commoditized and automated for even small manufacturers of "things".

AI: Sal: Investigate IP implications of formal liaison activities with other Kantara groups with the LC, and ultimately draft an LC Note as warranted.

All UMAnitarians are hereby invited to get involved in the IDoT Discussion Group and the Consent and Information Sharing Work Group; the latter has a spec out for review!

AIs

Outstanding AIs:

• AI: Gil: Edit the UIG to add Ishan's content and excerpt it for Eve to add to the FAQ, pointing everyone to the UIG.

• AI: Sal: Fill out IDESG form to have UMA adopted as a recommended standard for use in the IDESG framework.

• AI: Mike: Rework UIG section on organizations as ROs and RqPs.

• AI: Eve: Edit UIG (Mike's input, Zhanna/Andi's input).

• AI: Eve: Update GitHub.

• AI: Maciej: Write as many sections for the UIG as he can.

• AI: Justin: Write a UIG section on default-deny and race conditions.

• AI: Eve: Send suggested updates to Will at Gluu for English page updating, and to Domenico for Italian page updating, and to Rainer for hoped-for German page updating, and to Riccardo Abeti for the Spanish page, and to Mark for a Dutch translation.

Attendees

As of 15 Mar 2015, quorum is 8 of 14. (Dom, Sal, Mark, Thomas, Andrew, Robert, Maciej, Eve, Mike S, Jin, Ishan, Ravi, John, Mike F)

1. Eve - will be at IIW next week - will be at HIMSS

2. Mike Farnsworth - ID.me - lead architect for healthcare practice - interest for patient access, and meeting regulatory mandates - will be at HIMSS

3. Ishan - may be at IIW, but likelier Bjorn

4. Sal

Non-voting participants:

• Gil - notes that U of Wollagong is interest in healthcare use cases as well, particularly on policy end

Regrets:

• Mike S

• Maciej