UMA telecon 2017-02-23

Date and Time

• Thursdays, special meeting times continuing: 8:30-10am PT
  • Screenshare AND dial-in: http://join.me/findthomas
  • UMA calendar: http://kantara.atlassian.net/wiki/display/uma/Calendar

Agenda

• Roll call

• Approve minutes of UMA telecon 2017-02-09 

• Logistics:
  • Continuing 90-minute meetings for the moment
  • Interest in ad hoc telecon on Tue Feb 28 9-10am PT?
  • At the end of this call, can we estimate when V2.0 issue backlog will be done? Looking to get to WG "last call" draft ASAP

• UMA V2.0 work

  • 2016 roadmap / GitHub issues for V2.0 (all issues to be kept here for the duration!) / dynamic swimlane
  • Core is up to 15 (updated) and RReg is up to 05 (no change)
  • Rev 16 should be out before the call with implementation of ad hoc 2017-02-21 decisions and related issue closures
  • Work on open issues
• AOB

Minutes

Roll call

Quorum was reached.

Approve minutes

Approve minutes of UMA telecon 2017-02-09: APPROVED.

Logistics

• Continuing 90-minute meetings for the moment
• Interest in ad hoc telecon on Tue Feb 28 9-10am PT?
• At the end of this call, can we estimate when V2.0 issue backlog will be done? Looking to get to WG "last call" draft ASAP

Our plan of record is to public a "last call" WG draft once we're satisfied that we've taken as many issues off the backlog as we want and dealt with them. It would be a "beta" release, with the option of making more changes (no "IP implications", as there would be for a public comment/IPR review).

AI: Eve: Set up an ad hoc telecon on Tue Feb 28 9-10am PT with the usual invites, which may have only Justin and herself meeting.  James may be available.

UMA V2.0 work

Core is up to 16 (updated) and RReg is up to 05 (no change).

Issue #280: Should we forbid the OAuth scope property on the AS RPT response explicitly? See the discussion resolution and implement it.

AI: George: Write up an email discussing implications of doing refresh tokens when the RPT is short-lived but the authorizations are long-lived (and/or any other refresh token implications that come to mind) by March 2 at the latest.

Need new error registry issue: What is now Sec 9.4.2 needs to be its own Sec 10-level section because of this section in 6749. This section needs some corrections. The invalid_ticket and expired_ticket errors should use invalid_grant instead. The need_info error needs to mention the error_details structure, which is a further extension. We probably should mention that not_authorized is not the same thing as unauthorized_client.

AI: Eve: Create error registry issue.

New issue #282: See commentary. No change for now; James, please take note.

RReg issues: Do we think the use cases for OAuth and OIDC are viable? The last call period could be a good test period. Let's plan on that.

Timeline: We think we could be done with all of the open issues by March 9, which would include two more 90-minute calls and one or two ad hoc calls.

AI: Eve: Reach out to the Kantara marketing people with the current timeline and plans to explore the OAuth RReg use cases.

AI: Eve: Extend March 9 meeting to 90 minutes and book ad hoc call for next Tuesday.

Spec instructions for rev 17: See above and issues.

Attendees

As of 19 Jan 2017 (post-meeting), quorum is 5 of 8. (Domenico, Sal, Andi, Maciej, Eve, Mike, Cigdem, Sarah)

1. Domenico
2. Sal
3. Maciej
4. Eve
5. Mike
6. Cigdem
7. Sarah

Non-voting participants:

• Justin
• George
• JohnW
• James
• Thomas
• Crina
• Mark L
• Jin