UMA telecon 2014-06-26

UMA telecon 2014-06-26

Date and Time

Agenda

  • Roll call
    • Welcome to new participants
    • Any additions to invitations to telecon calendar events?
  • Approve minutes
    • Consider approving minutes of UMA telecon 2014-05-29 and reading into today's minutes all intervening ad hoc meeting notes.
  • Consider approving any UMA specs as "V1" for Open Member Ballot process
    • Consider editorial cleanup items such as issue 89?
    • Any news on dynamic client registration wrt RSR implications?
    • Implications for WG anniversary?
  • AIs from the last webinar
    • Excerpting the demo portion of the webinar recording
    • Outreach to webinar attendees
  • Upcoming F2F opportunities
    • CIS: Known: Eve, Roland, George; others?
    • SURFnet KI meeting Sep 4-5: do we want to hold a meeting there?
    • Others?
  • Claim profiling review
  • AOB

Minutes

Roll call

  • Welcome to new participants
  • Any additions to invitations to telecon calendar events?

Quorum was achieved.

Andi Hindle was at Ping for six years, and is now consulting in the XACML space with Axiomatics. He's interested in the intersection of UMA with other technologies. He has both commercial and technical interests. He'll be at CIS.

Ryan Page is working on ICAM consulting work, for various government agencies. He comes from the policy side of ABAC. He works on some other things related to UMA. He's interested in cloud and VRM.

Approve minutes

  • Consider approving minutes of UMA telecon 2014-05-29 and reading into today's minutes all intervening ad hoc meeting notes.

MOTION: Domenico moves: Approve minutes of UMA telecon 2014-05-29 and reading into today's minutes all intervening ad hoc meeting notes. APPROVED with unanimous consent.

Consider approving any UMA specs as "V1" for Open Member Ballot process

  • Consider editorial cleanup items such as issue 89?
  • Any news on dynamic client registration wrt RSR implications?
  • Implications for WG anniversary?

Mike notes: In the OpenID Connect process, there's public review and the opportunity for several release drafts, and they timed that to coincide with the RSA 2014 conference. They also had four interop rounds. What about doing that? Debbie asks: How does this align with IETF? Our plan as of last summer was to use the IETF Independent Submission route eventually, which isn't mutually exclusive from Kantara processes. Eve notes: KI processes don't have the "cycling through implementor's draft"/multiple votes option the way OpenID Foundation does.

Mike suggests aligning with RSA 2015, and doing multiple interops in the meantime. Mark asks: Meaning, all the specs together, or just pieces? OpenID Connect actually released Core, and is still working on other pieces.

Adrian asks: Among OAuth, OpenID Connect, and UMA, where do we pay attention to IDESG? Like OIX and FIDO, IDESG is sort of "in the wings". By the end of 2014, IDESG intends to have a framework for defining federations and attribute management across sectors, not just a set of use cases. Eve suggests that liaising to inform IDESG of "access federation" needs would be good. Mike mentions Prateek Mishra's (Oracle) efforts to resource OAuth-style multi-party federations, which would be relevant to our access federation goals. Using UMA to do trust elevation between domains is something that could happen outside of UMA.

Eve challenges: What might we need to fix/work on in the Core and maybe RSR specs before a V1.0 level of standardization? Mike agrees that if UMA's release status stays nebulous, that's bad. But he cautions that we need more interop and feedback. What about "version number hacking", and going to Kantara Initiative Recommendation with a Version 0.9? It would send the message to the market that it's getting mature, but is willing to benefit from experience, so that there would be "version explosion" soon after a la V1.0 vs. V1.1 vs. V2.0 (SAML, SCIM, OpenID...). Then again, if we want to signal that an "implementor's target" really has IP protections, what about the WG's current process differs from, say, SCIM's with its several interops? Not much, it turns out.

Proposal: Go to an official, KI-approved V0.9 quickly (by the UMA WG's 5th anniversary?), then turn to V1.0 work in earnest, including heavy emphasis on interop and digging into all the specific use cases. Target RSA 2015 for V1.0. Consensus reached. Okay, now which specs need this treatment? Core, RSR. Too early for Binding Obligations? It seems so. Too early for Claim Profiling? No, it's important for interop, or at least the OpenID Connect portions! Let's include the Claim Profiling spec, and then choose whichever profiles we want to include in interop testing.

MOTION: Mike moves and Jin seconds: Approve current Core, RSR, and Claim Profiles specs as amended with editorial cleanup items as V0.9 Draft Recommendations and ask Kantara to proceed with All Member Ballot planning, with the intent to publish them as V0.9 Kantara Initiative Recommendations. APPROVED by unanimous consent.

AI: Eve, Thomas, Maciej: Coordinate on doing editorial revisions to specs and getting them into the Kantara process.

AIs from the last webinar

  • Excerpting the demo portion of the webinar recording
  • Outreach to webinar attendees

Upcoming F2F opportunities

  • CIS: Known: Eve, Roland, George; others?
  • SURFnet KI meeting Sep 4-5: do we want to hold a meeting there?
  • Others?

Andi, SteveO, and Jin will also be at CIS. Mike will be at OSCON, where he's announcing new versions of the Gluu Server that are relevant to the UMA picture.

AI: Eve: Send note about SURFnet opportunity to the list.

Claim profiling review

Deferred.

Attendees

As of 26 Jun 2014 (pre-meeting), quorum is 8 of 14.

  1. Eve Maler
  2. Andrew Hindle
  3. Mark Dobrinic
  4. Ryan Page
  5. Keith Hazelton
  6. Steve Olshansky
  7. Jin Wen
  8. Domenico Catalano
  9. Mike Schwartz
  10. Maciej Machulak

Non-voting participants:

  • Adrian Gropper
  • Debbie Bucci
  • Vivek Biswas
  • Zhanna Tsitkov

Regrets:

  • Thomas

Next Meetings