UMA telecon 2012-04-26

UMA telecon 2012-04-26

Date and Time

  • WG telecon on Thursday, 26 Apr 2012, at 9am PT (time chart)
    • Skype: +99051000000481
    • US: +1-805-309-2350 (other international dial-in lines available) | Room Code: 178-2540

Agenda

  • Roll call
  • Approve minutes of 2012-04-19 meeting
  • Upcoming meetings
    • No meeting next week
    • IIW 14 plans
    • Eve regrets for May 17 – chair pro tem?
  • Tweet chat #3 review
  • (Overdue) WEF event review from Maciej
  • Interop status
    • OSIS wiki namespace
    • Feature tests
  • Action item review
  • Spec/issues review
    • Coordinating changes based on 2012-04-05 meeting
    • Dynamic registration I-D status
  • AOB

Minutes

New AI summary

Thomas: Normatively xref to the Trust Model spec from the protocol spec and make the 2012-04-05 spec changes, getting input from Lukasz. Due by next Tuesday morning.

Roll call

Quorum was not reached.

Trey is from UnboundID. It's largely an infrastructure vendor for service providers and telcos, and they provide various aspects of identity management, including databases and higher-stack functions. His past included a lot of LDAP and UDDI work, and currently he works on SCIM. Their interest in UMA is about how carriers can manage release of user attributes.

Approve minutes of 2012-04-19 meeting

Deferred due to lack of quorum.

Upcoming meetings

  • No meeting next week
  • IIW 14 plans – Thursday afternoon "open meeting", Tuesday sessions of interest
  • Eve regrets for May 17 – chair pro tem? – Thomas is the default

Tweet chat #3 review

It was a success, though quieter than in the past. Interesting themes: trust model advertising, interop commitment, and potential carrier interest in location claims.

Let's consider the chat series concluded for now, and we'll do ad hoc ones or even weekly ones later when warranted.

Interop status

  • OSIS wiki namespace
  • Feature tests

Pamela is still planning to create that "UMA1" namespace. We'll develop feature tests after that.

Action item review

Domenico is pushing forward on the "triangle of trust" concept, and has drafted a short user guide that discusses what sort of accreditation system UMA deployers could participate in. Identity assurance plays a role.

Sal reviewed the Trust Model spec and has no significant comments at this time. One soft comment is that it's a little tricky to use the "levels of assurance" language. Should we switch to "levels of confidence" instead? At least soften the mention. Also, it's time to try out a normative reference to the Trust Model from the protocol.

Spec/issues review

  • Coordinating changes based on 2012-04-05 meeting

Trey has a greenfield on UMA development; they've already hardwired OAuth and OpenID Connect. We should put a premium on getting the protocol spec to absolute readiness for new developers as quickly as possible.

  • RPT endpoint question

We agreed to create a separate endpoint. The AM config data will need a change to add a rpt_endpoint. This makes the Authorization API be more interesting (smile), since it will have two whole endpoints.

This new endpoint just issues RPTs (and eventually could revoke them). This enables requesters to manage RPTs the way they wish: They could have more than one per "user-tuple", they could (eventually) revoke them if the user leaves the requester's service, and if they lose an RPT, they can get another one.

We'll need a new section between 3.4.3 and 3.4.4 (and related intro revisions) explaining that the requester needs to get an RPT before starting to add permissions to them.

Rationale: Treating the RPT much more like an OAuth-style token is better for future-proofing (like revocation) and doesn't prematurely optimize the UMA flow. There is a small performance hit in doing the extra back-channel call; we'll be listening for implementer and deployer feedback on whether there's heartburn over this.

We should get explicit feedback on this decision at IIW before implementing it.

As far as we know, our issues list doesn't have any other hugely high-priority items on it! Everyone please review and say if you think differently.

  • Dynamic registration I-D status

Thomas will update to remove discovery stuff, as desired by the OAuth folks.

Attendees

As of 25 April 2012, quorum is 6 of 10.

  1. Catalano, Domenico
  2. D'Agostino, Salvatore
  3. Drake, Trey
  4. Hardjono, Thomas
  5. Maler, Eve

Non-voting participants:

  • Nederkoorn, Cordny

Regrets:

  • Machulak, Maciej
  • Moren, Lukasz
  • Fletcher, George

Next Meetings

  • NO TELECON on Thursday, 3 May 2012 due to IIW
  • WG telecon on Thursday, 10 May 2012, at 9am PT (time chart)
  • WG telecon on Thursday, 17 May 2012, at 9am PT (time chart) – Eve regrets – Thomas will chair, or Maciej if available
  • WG telecon on Thursday, 24 May 2012, at 9am PT (time chart)