UMA telecon 2012-05-17

Owned by Former user (Deleted)
Last updated: May 17, 2012Version comment
2 min read

UMA telecon 2012-05-17

Date and Time

  • WG telecon on Thursday, 17 May 2012, at 9am PT (time chart) – Eve regrets – Thomas will chair, or Maciej if available
    • Skype: +99051000000481
    • US: +1-805-309-2350 (other international dial-in lines available) | Room Code: 178-2540

Agenda

  • Roll call
  • Approve minutes of 2012-05-10 meeting
  • Eve regrets for May 24 – chair pro tem?
  • OAuth/IETF update
    • OAuth.next charter approved; includes dyn client reg
  • Interop update
    • OSIS wiki namespace created – thanks, Pam!
    • Those interested in creating feature tests (Cordny and who else?) please get in touch with Eve
  • Spec/issues review
    • RPT vs. permission endpoint discussion: need decision today (see last week's minutes for options)
    • AM-first requester discovery of and traversal to protected resources: could the AM present an OpenID Connect-inspired "UMA-protected discovery API" that reveals PR locations?
  • AOB

Minutes

Roll call

Quorum was reached.

Approve minutes of 2012-05-10 meeting

Minutes of 2012-05-10 meeting APPROVED.

Eve regrets for May 24 – chair pro tem?

(Not sure.)

OAuth/IETF update

Revised charter for OATH WG has been approved. The revised charter now includes the Dynamic Client Registration draft as a deliverable. Sal suggest we stay on top of this draft as the OATH-WG's use-case may be narrower than the UMA use-case.

Interop update

The OSIS wiki namespace for UMA's first interop has been created. If anyone is wanting to test features, get in touch with Eve.

RPT vs. permission endpoint discussion

(See last week's minutes for options.)

Lengthy group discussion. George asked why SAMRT-AM uses two endpoints. Lukasz explained the flow in the current SMART AM: 1) Requester must get AAT, then get RPT. 2) Only with the RPT can it get the permission ticket.

George mentions that in the two-endpoint approach, the requester must make a discovery of the endpoints. Lukasz explains that in SMART AM today, if the requester has no RPT, the host returns an error message plus the discovery endpoint at the AM (where the requester can discover the correct endpoint to get an RPT). So, George is correct in that some level of discovery is required.

Thomas asks Maciej about how difficult it would be to "update" the SMART AM code to reflect the current spec. Due to limited resources, it may not be possible to update the SMART AM implementation for several months. As it stands today the code is not open-source, but in the future it could be.

George points out that using two end points results in a slight change in behavior on the part of the requester, but he understands and is okay with this. He expects that it should not be too much effort to later change to the optimized approach.

Consensus: Thomas asks if there is any objection to moving back to the two-endpoints solution (ie. "SMART AM today"). No objections. So the group decision is to use the two endpoints.

Attendees

As of 16 May 2012, quorum is 5 of 9.

  1. Catalano, Domenico
  2. D'Agostino, Salvatore
  3. Drake, Trey
  4. Fletcher, George
  5. Hardjono, Thomas
  6. Machulak, Maciej
  7. Moren, Lukasz

Non-voting participants:

  • Foster, Allan

Regrets:

  • Maler, Eve

Next Meetings

  • WG telecon on Thursday, 24 May 2012, at 9am PT (time chart) – Eve regrets