UMA telecon 2013-08-01
UMA telecon 2013-08-01
Date and Time
- All-hands meeting on Thursday, August 1, at 9am PT (time chart)
- Skype: +99051000000481
- US: +1-805-309-2350 (other international dial-in lines available) | Room Code: 178-2540
- http://join.me/findthomas
Agenda
- Don't forget: Blue Button+ presentation Aug 8 from Josh and Justin
- Roll call
- Approve minutes of UMA telecon 2013-06-27, and read into today's minutes the notes from UMA telecon 2013-07-18
- UMA CrowdTilt opportunity: Gluu UMA-RS-enabled Apache module proposal – get the word out!
- Venue analysis - new thoughts?
- UMA demoing and optimization trends
- Binding Obligations revision plans
- Reinvigorate uma-dev list?
- Who's going to Kantara Summit Aug 8-9?
- AOB
Minutes
Roll call
Quorum reached.
Approve minutes
MOTION: Approve minutes of UMA telecon 2013-06-27, and read into today's minutes the notes from UMA telecon 2013-07-18. APPROVED by unanimous consent.
UMA CrowdTilt opportunity: Gluu UMA-RS-enabled Apache module proposal – get the word out!
Blanket emails to contacts don't work! If you have nontechnical friends you can try them one-by-one. If we can get "top of the pyramid" folks to donate and spread the word, that helps. Phil Windley has donated, for example. And hey, you get your name in the code comments. Andrew suggests a $100+ minimum, vs. the $50+ we've been suggesting. The link is:
https://www.crowdtilt.com/campaigns/uma-and-openid-connect-plugins-for-apache/description
Who's going to Kantara Summit Aug 8-9?
Eve is attending.
Venue analysis - new thoughts?
We no longer seem to have anyone arguing that IETF is a no-no, so that opens up our considerations if anything. We have a better understanding of OpenID Foundation after Eve's conversation with Nat. We should consider Kantara as an explicit "null hypothesis", and discuss such matters with the Kantara leadership next week. Eve will also talk to Heather F next week about IETF governance and thoughts Andrew reminds us: Draft Recommendation status in Kantara conveys readiness for an All-Member Ballot, and has a 45-day public review period built in before the ballot for an IP review. Thomas reminds us: The IETF has no voting structure, and a document adopted there could be totally ripped apart and revised heavily, with no assumption about prior IP identification still applying. And he asks: Does approving a Draft Recommendation require us to go to IETF? No.
MOTION: Keith moves and Thomas seconds: Approve the current drafts of the UMA Profile of OAuth (rev 07 I-D), Resource Set Registration (rev 01 I-D), and UMA Binding Obligations (rev 01 I-D) as Kantara Initiative Draft Recommendations. APPROVED by unanimous consent.
We won't ask for an All-Member Ballot yet, but this is on the docket to be discussed. Next week at the leadership summit, we should particularly think about timelines/roadmaps. What are we intending as the step after AMB? Our options are open, but we want to be clear about messaging by the time we get to any AMB.
UMA demoing and optimization trends
Eve's experience actually showing the demo of Cloud Identity's sample apps was powerful, for both user-centric and enterprise use cases. Some aha moments:
- The user's experience of "setting policy" is totally natural, as long as the AS provides value-add functionality like "approve pending requests for access" and "view and modify settings for people, apps, and data".
- Walking through the data, application, and contact views of current settings shows a lot of value in monitoring policy, again in a totally natural way.
- Leveraging OpenID Connect (or similar) and ID tokens where IdPs are shared makes for an extremely smooth experience for the user. No one bats an eye at double redirects anymore. Maybe we can convince some popular IdPs to become AS's on the strength of this.Â
- Even enterprise use cases can look good with standardized UMA (and proprietary or standardized policy) underneath, in terms of access requests and approvals.
Andrew notes: Cathy Tilton from Daon has a UX for user approval, which is pretty nice. We should compare notes and UXes. He also notes that the "pitch" in a recorded or live demo is that this should be characterized (for user-centric use cases) as a positive data-sharing console, rather than being all about access control. Only IT cares about access control! The business, and individuals, are all about "I want to share my stuff for my benefit."
AI: Maciej, Eve, and Andrew: Script and record a demo, of 5-7 minutes in length max. Consider making multiple demos, one for each audience: individual, IT, and personal cloud businessperson.
Binding Obligations revision plans
Dazza has offered to help on this doc!
AI: Thomas and Eve: Work with Dazza on Binding Obs progress.
Reinvigorate uma-dev list?
AI: Maciej: Check on the status of the old list.
Attendees
As of 18 July 2013, quorum is 6 of 11.
- Eve
- Andrew
- Alam
- Thomas
- Keith
- Domenico
- Sal
- Maciej
Non-voting participants:
- Susan
Regrets:
- Adrian
Next Meetings
- Focus meeting on Thursday, August 8, at 9am PT (time chart) - Blue Button+ initiative preso by Josh Mandel and Justin Richer
- Focus meeting on Thursday, August 15, at 9am PT (time chart) - Andrew regrets
Â