UMA telecon 2016-02-25

UMA telecon 2016-02-25

Date and Time

Agenda

  • Roll call
  • Approve minutes of UMA telecon 2016-02-18
  • Reports from sync and legal meetings
  • Charter-bashing
  • HIMSS, RSA, and the Non-Profits on the Loose event
  • IIW planning
    • CIS/legal/interop?
  • Review #239 spec and doc; next steps
  • #wideeco analysis and potential solution collection
  • AOB

Minutes

Roll call

Quorum was reached.

Approve minutes

Minutes of UMA telecon 2016-02-18 approved.

Report from legal meeting

The legal subgroup is working on an interesting issue that tackles the subtleties behind "who is the RO" – not at the "T" level, where the UMA protocol has no doubt, but at the "B" and "L" levels, where there are layers of "is the one" and "is acting on behalf of the one". Kathleen notes that HL7 is right there with us working on the exact same issues. The goal is to define our terms clearly so that we can craft our model clauses around the operation of the protection API (the operator of the AS, the operator of the RS, and the authorizing party or whoever is acting on their behalf) accurately. Adrian is driving towards a particular goal of an AS that is operated by the RO themselves.

Charter-bashing

Let's take charter review as homework for our meeting two weeks from now.

Upcoming F2F opportunities

You can find UMAnitarians at HIMSS and RSA. See Gluu's blog post for some RSA opportunities.

Who is definitely attending IIW? Eve, Mike, Adrian, Jin, Maciej, George. Who is possibly attending? John depending on his China gig situation, Andrew Hughes based on what we might work on, Ishan based on work schedule.

Would there be interest in focusing on conformance testing as a discussion topic at IIW (again)? Adrian is interested, from a very specific perspective: having an AS reference implementation. Mike notes that there are several open-source implementations that could be reference implementations, and there are several use cases, so we don't seem to lack for them. Is a reference implementation the job of the WG(s)? John suggests something more like the W3C Validator. In fact, the budget request includes a hosted test harness that would (initially) test authorization servers. Sounds like working on what use cases to test would be a winner.

Eve also suggests working on, and getting people up to speed on, our model text.

Mike also suggests doing some "UMA marketing". Eve is up for that, but not for self-flagellation. (smile)

What about the UMA/blockchain connection? This is a very good point. Thomas and Jim have been working on this area. Thomas has a slide deck on this.

We have four UMA-related topics of interest we'd like to convene sessions about at IIW.

Issue #239 spec review

Should we totally replace the requesting party claims endpoint, or write the configuration data piece so as to invent a new "enhanced claims-gathering security endpoint" so that people could deploy UMA-with-lesser-security and UMA-with-tighter-security at the same time? We've modularized the extension so that we could work on the mitigation ASAP and for flexibility's sake in pacing our UMA V.next plans. We seem to have achieved that. The group has no appetite to invent a lesser-security endpoint for form's sake.

AI: Maciej, Eve, Dom: Revise the spec and share with the list for more review before we publish more widely.

#wideeco

Deferred.

Attendees

As of 18 Feb 2016, quorum is 6 of 11. (François, Domenico, Kathleen, Sal, Thomas, Andi, Robert, Maciej, Eve, Mike, Sarah)

  1. Eve
  2. Robert
  3. Domenico
  4. Maciej
  5. Kathleen
  6. Mike
  7. Sal

Non-voting participants:

  • Adrian
  • James
  • Ishan
  • John
  • Scott
  • George
  • Jin

Regrets:

  • Andi
  • Sarah

Â