UMA telecon 2014-06-19

UMA telecon 2014-06-19

Date and Time

Agenda

  • Webinar debrief
    • Thoughts on Q3 webinar
  • Upcoming meeting review
    • All-hands next week
    • July schedule
    • Change meeting length back to 60 minutes?
  • Considering an Open Member Ballot for "UMA v1"
  • Refreshing the Resource Set Registration spec
  • APIs.json opportunities
  • Claim profiling review
  • WG anniversary
  • AOB

Minutes

Webinar debrief

Thanks to Thomas, Maciej, and Domenico! The content and demo were really good. It was quite concrete in giving a sense of where UMA can solve problems.

AI: Eve: Link to webinar recording and publicize to attendees.

AI: Eve: Review attendee list and derive next steps for outreach.

What about the unfinished demo video on YouTube? Could we update it, extract the demo done today for publication separately, or what?

AI: Thomas: Look into how we can crop the webinar recording to extract the demo portions.

Thoughts on Q3 webinar: Eve proposes that healthcare really is the right subject for that one. We'll decide on dates and participants over time.

Upcoming meeting review

All-hands next week.

July schedule: who's going to be taking vacation? We don't know who's around and who's not.

Who's going to CIS July 19-22? Eve is likelier than not at this point. Roland is definitely going to be there. We hear Allan Foster is presenting on UMA there, and we know George is presenting on IoT security and is likely to have an UMA connection.

Change meeting length back to 60 minutes? We've gone back and forth on this a couple of times. There's general support for doing a 60-minute meeting, without bias on the start time. Having the call align with the hour is probably easiest. So we'll go back to 9-10am. Thomas also suggests that we invite participants to the meeting events.

AI: Eve: Change UMA calendar to make the calls 60 minutes starting at 9am PT, change Meetings and Minutes page.

AI: Eve: Send email asking for favored email addresses to invite to the UMA telecon events.

IoT use cases

Is it time to consider an IoT-related case study? It appears so! Eve mentions a technical paper she's seen on OAuth and MQTT, and she knows about work on UMA and IoT generally (HTTP, MQTT, CoAP, XMPP) that would be good as ready-made case study material.

Considering an Open Member Ballot for "UMA v1", and refreshing the Resource Set Registration spec

In light of open issues on GitHub - any urgent?
 

A question that's "upstream" from this is: Is any part of UMA considered "complete"? Do the subsidiary/profile specs have to be ready for the core to be ready? Strawman: UMA Core and OAuth RSR are "done enough" to be worthy of a v1 designation, while Binding Obs and Claim Profiling aren't.  Thomas notes that the dynamic client registration work is starting to undertake some API registration use cases. RSR needs to happen in the context of a RO, but there are some elements – namely, resource set types and their applicable scopes – that are independent of the RO. And what about an RS's relationship to more than one AS?

AI: Thomas: Reach out to Justin to discuss dyn client reg wrt RSR.

API discovery is very hot now, and it's come up at MIT. There's an opportunity now to figure out the right answers for registering and declaring API and "protected resource" information. What's the right breakdown of responsibilities between Swagger, APIs.json/APIs.io, WADL, WSDL, RAML, RSR, and dyn client reg software statements? Where are the opportunities to optimize for things like inheritance, grouping, etc.? RSR isn't bad, but it takes a very simplistic view of the universe, and it's also RO-specific. It would be interesting to consider somehow declaring or registering protected resource types apart from instance owned by some RO, and the universe of scopes applicable to the types. Then RO-specific registration just becomes registering the instance of a certain type.

Given that this is user-managed access, we want to stay close to the RO's requirements.

Claim profiling review

 Deferred. Great work by Maciej and Domenico on this topic!

WG anniversary

The group launched on August 6, 2009 - nearly five years ago! Should we think about targeting an All Member Ballot to complete by then? Certainly we should think about promoting adoption, implementation, and interoperability by then.

Attendees

  • Mark
  • Eve
  • Domenico
  • Maciej
  • Casey
  • Katie
  • Thomas

Next Meetings

  • All-hands meeting Thu Jun 26 9-10am PT (time chart) - NOTE TIME CHANGE
  • Focus meeting Thu Jul 3 9-10am PT (time chart)
  • Focus meeting Thu Jul 10 9-10am PT (time chart)
  • Focus meeting Thu Jul 17 9-10am PT (time chart)
  • All-hands meeting Thu Jul 24 9-10am PT (time chart)