UMA telecon 2013-09-12

Owned by Eve Maler
Last updated: Sept 12, 2013

UMA telecon 2013-09-12

Date and Time

Agenda

  • Action item review
  • CrowdTilt / OX project status
  • Rechartering activity (see email)
  • Demo video progress:
    • Comments on rough-cut version for review (link coming shortly from Dazza)
    • Comments on PHealthCloud plans and use cases (see scripts)
  • SAML use cases (see email thread)
  • Interop planning
  • Dyn client reg status in the OAuth WG (George)
  • AOB

Minutes

Action item review

Done. See that page for details.

CrowdTilt / OX project status

The project tilted, and even more delightful, ForgeRock was a big funding participant. Gluu found a different set of developers: one for the OpenID Connect plugin and one for the UMA plugin. So the work is proceeding in parallel. This also ensured development redundancy and peer review of the code. There's the Apache plugin in C, and the client code. So there's an Apache-local process that will use a Java client. Even before the project tilted, they started on the OXD component, which is essentially finished. OXD is a mediator between the mod_uma component and the UMA server. Gluu is finding that its customers have trouble implementing APIs; the approach here is that a shim does all the work for people who are putting up web pages. The Location configuration file enables the Apache server to register protected resource sets. This is where OpenID Connect directives might also go. Policy evaluation in OX is able to leverage the OIDC user ID token. More info about the code is at ox.gluu.org. They're up to the 12th build.

Gluu is offering UMA protection as an option for its SCIM implementation, and also its "ID generation" service, which can generate uuids, IPv6, etc. Mike believes scopes will be standardized at the domain or federation level.

George comments that AOL has had lots of scenarios that involve Apache. He's keen for feedback on the complexity of deployment, where they've struggled. Mike notes that the operative model here was shibd, along with SiteMinder. shibd has proven to be scalable in higher education.

Rechartering activity (see email)

Questions: Does Kantara indeed focus on defining rules of engagement? Yes indeed! That's what the identity assurance framework effort is about. Would this mean that "protocol architecting" is out of scope? Without a context of preparing for technical and business profiling, now it probably would be, given this draft vision. Comment from Dan: This new greater focus on assurance makes him personally more likely to be engaged with Kantara! Eve notes that UMA's work already includes preparing the ground for technical profiling and business-level agreements, which is consonant with this new focus. Sal agrees and notes that now that UMA has more open-source implementations, we're entering into a new period anyway. So let's consider draft text that Thomas and Eve will put together, hopefully to approve by Sep 26 (one day after the deadline).

AI: Thomas and Eve: Propose draft charter update text, ideally on the wiki itself; Eve to let Heather know that we're targeting Sep 26, not Sep 25.

Demo video progress

  • Comments on rough-cut version for review (link coming shortly from Dazza)
  • Comments on PHealthCloud plans and use cases (see scripts)

It appears to be valuable (and brave?!) to split the demo videos the way we have (PCloud and PHealthCloud for starters). In PHealthCloud, the four scenarios of most interest seem to be patient-to-self, patient-to-doctor, patient monitoring (only) of identified health data, and monitoring of deidentified health data (e.g. CDC). Maybe this audience should get two different videos. The health use cases need entirely different language. The healthcare IT audiences will have completely different requirements.

The demo slides have a very important footnote that explains key UX and configuration impacts on the demo. Mark is working on a demo himself, so he's sympathetic with how we've shortened the login/SSO elements!

Interop planning

MIT-KIT, ISOC, and Kantara are tri-sponsoring the interop activity. This event may move to prior to the IETF meeting in Vancouver BC the following week, or it may move further out with planning done during this timeframe, or we could do an UMA-only interop event. Eve's not crazy about the latter.

SAML (and AS=C) use cases (see email thread)

Deferred. Let's ask Mark D to present to us on his work and use cases next time!

Dyn client reg status in the OAuth WG (George)

George reports: The email thread went around in circles. Tony Nadalin and Phil Hunt are going off to write a proposal. George isn't very sanguine about jamming all the solutions for all the use cases into one package. We shall see!

Attendees

  • Eve M
  • George F
  • Mark D
  • Mike S
  • Roland H
  • Adrian G
  • Yuriy Z
  • Thomas H
  • Dan
  • Sal
  • Domenico

Regrets:

  • Dave Coxe

Next Meetings

  • Focus meeting on Thursday, September 19, at 9am PT (time chart)
  • All-hands meeting on Thursday, September 26, at 9am PT (time chart)
  • Focus meeting on Thursday, October 3, at 9am PT (time chart)
  • Focus meeting on Thursday, October 10, at 9am PT (time chart)
  • Focus meeting on Thursday, October 17, at 9am PT (time chart) - Eve regrets, need chair pro tem
  • Focus meeting on Thursday, October 24, at 9am PT (time chart) - note that UK goes off summer time on Oct 27
  • All-hands meeting on Thursday, October 31, at 9am PT (time chart) - note that US goes off summer time on Nov 3
  • Interop event at MIT on Oct 31-Nov 1 (date and location may change)