UMA telecon 2015-02-12

UMA telecon 2015-02-12

Date and Time

Agenda

  • Roll call
  • Minutes approval
  • Upcoming meeting schedule
    • Reminder of public review period, special meeting Mon Feb 23, and important LC meeting Wed Feb 25
  • IETF submission options
  • Interop progress
    • Report from UMA-dev meeting
  • Educational materials and V1.0 rollout planning
    • See below for aggregated AIs
  • Field public review comments and other open issues
    • See below for aggregated AIs
    • Tackle Issue #132 first
    • Spec editing schedule
    • New AIs
  • AOB

Minutes

Roll call

Quorum was reached.

Minutes approval

MOTION: Sal moves: Approve the minutes of UMA telecon 2015-01-15 and UMA telecon 2015-01-22 and read into today's minutes the notes from UMA telecon 2015-02-04. APPROVED by unanimous consent.

Upcoming meeting schedule

We have the special meeting on Monday Feb 23. We likely won't hold a meeting on Mar 12; Eve regrets.

IETF submission options

Does the Independent Submission route make sense? It's a kind of RFC developed elsewhere. It wouldn't expire, like an I-D would. And it wouldn't require starting a whole WG effort.

Going through a real IETF WG process means losing significant control over the resulting design. There is no "voting mechanism" in the IETF. Is there inherent value in going through a new IETF-driven design effort? Eve sees the original identification of IETF as a "home" as having been driven by non-substantive reasons and doesn't see a huge amount of value in that.

There is sentiment for doing an Independent Submission because not everyone is familiar with Kantara. Thomas recommends submitting as Informational, vs. Experimental. If we went this route, would we want to approach the OAuth WG chairs (Hannes) and the Security ADs (Stephen Farrell)? We think this would be valuable to do right away, regardless!

AI: Eve: Follow up on Independent Submission process at the appropriate time.

Interop progress

Subscribe to the UMA-dev list to stay on top of the news!

Educational materials and V1.0 rollout planning

Outstanding AIs:

  • AI: Mike: Write the section on "Organizations as Resource Owners and Requesting Parties".
    • No status.
  • AI: Maciej: Write as many sections for the UIG as he can. (smile)
    • No status.
  • AI: Andi: Write the section on "Handling Ignored Parameters" and share with Zhanna for comment.
    • Andi has sent some text to Zhanna; she has sent back some suggestions. When they have something they are mutually happy with, they can send it to Eve for inclusion in the wiki document.
  • AI: Eve: Send suggested updates to Will at Gluu for English page updating, and to Domenico for Italian page updating, and to Rainer for hoped-for German page updating, and to Riccardo Abeti for the Spanish page, and to Mark for a Dutch translation.
    • No status.
  • AI: Ishan: Review the FAQ for needed updates (http://tinyurl.com/umafaq).
    • No status.
  • AI: Eve, Colin, Mike, Sal: Email discussion about possible crowdsourced track submission.
    • Hung up with Eve - she will respond this week!
    • Note that Dave Staggs got an UMA-in-healthcare talk into RSA on the Friday morning!
  • AI: Robert: Noodle on the kitten metaphor.
    • Robert has been coming up with some good straplines! He'll put together some slides that tell a candidate UMA story. 

Field public review comments and other open issues

Issue #132: This actually came up in August 2013 as well, raised by Mark. Mike thinks PUT is really weird. Eve noted that her product's REST APIs all use POST for resource creation. Robert notes that "Weird is not good." So let's accept the proposed change: POST with server-assigned ID.

AI: Editors: Change the spec. (Spec editing session on Sun Feb 22.)

Next week (Feb 19) we will go through all the open issues first, and if necessary (hopefully not), we will extend the meeting by a half-hour. If any public review comments come in on the last day (Feb 20), obviously we will have to field those in our special Feb 23 meeting. Zhanna has an outstanding question not currently reflected in the open public review period issues that she will send Eve separately in email. It has to do with an interpretation of what scopes mean.

Outstanding AIs:

  • AI: Sal, George: Do a close reading of UMA Core Sec 8.1 against the OAuth Security Cheat Sheet and see where we can improve the former.

Attendees

As of 14 Jan 2015, quorum is 7 of 12. (Dom, Sal, Mark, Thomas, Andrew, Robert, Maciej, Eve, Mike, Jin, Ishan, Ravi)

  1. Sal
  2. Eve
  3. Ishan
  4. Mark
  5. Jin
  6. Domenico
  7. Robert
  8. Thomas
  9. Mike

Non-voting participants:

  • Zhanna

Â