UMA telecon 2017-06-29

Date and Time

Thursdays, 9-10am PT
- Screenshare and dial-in: http://join.me/findthomas
- UMA calendar: http://kantara.atlassian.net/wiki/display/uma/Calendar

Agenda

Roll call
Approve minutes of UMA telecon 2017-05-25, UMA telecon 2017-06-15
Public Comment/IPR Review period concludes on July 12 – please report any comments you have during this period
CIS trip reports
UMA V2.0 work:
- All GitHub issues for V2.0/dynamic swimlane (not updated to the spec refactor)/Release Notes/UIG/Wikipedia
- New editorial issues (trivial, regarding IANA registration matters) #329, #330, #331 – three responses from registrars have come back and four are pending
- New editorial issue #332 about whether PCT definitions for AS and client are sufficient for implementation – discuss?
- Release notes are getting fleshed out bit by bit
- IANA registration requests: status
Leadership team elections
- Terms expire June 23
- Nominations
- Elections (if quorum)
Upcoming meetings: Need to meet on July 6? Definitely meet on July 13 and shoot for quorum
- If no issues other than editorial by July 12, could have an edited spec ready for review July 13
AOB

Minutes

Roll call

Quorum was reached.

Approve minutes

Approve minutes of UMA telecon 2017-05-25, UMA telecon 2017-06-15: APPROVED.

Public Comment period

Public Comment/IPR Review period concludes on July 12 – please report any comments you have during this period.

Do we have any other comments coming from the "outside" through the officially published channel? Colin reports that no such comments have been received. An email reminder was sent out a few days ago, and more are coming.

Eve will start a social media campaign from the UMAWG handle today, through July 12. Please RT etc.

CIS trip report

Eve, Colin, Maciej, Mike, Justin, and others were there. The "Authorization: Age of UMA" approach communicated the Alice-to-Bob (Tony-to-Pepper) approach really thoroughly and seemed to have the right light touch that late in the conference. Maciej could testify that his wife, who was present, finally understood UMA for the first time after eight years! There were ways it didn't go into as much depth. But "CIS Twitter" did seem to appreciate it as a teaching device.

Colin notes that Kantara overall ended up having a "community area" near its booth, with ID.me, Gluu, etc. The pre-conference workshop went well. A very "agile" no-screenscraping pledge effort was put together; don't forget to go and sign up! IDpro.org is spreading its wings. Eve notes the Women in Identity effort and the corresponding #ZZAuth song.

At CIS, Eve made announcements about interest in interop testing and asked for people to contact her with interest in providing funding and other resources.

UMA 2.0 work

#332: Justin's article says succinctly: "If the authorization server chooses, the claims represented by the PCT can fulfill the policies set by the resource owner." But the closest we get in actually saying this directly, after building up a story in bits and bites, is in Grant Sec 3.3.4 in a Note where we say "Note: Claims and other information gathered during one authorization process may become out of date in terms of their relevance for future authorization processes. The authorization server is responsible for managing such relevance wherever information associated with a PCT, or other persistently stored information, is used as input to authorization, including policy conditions themselves." Can't we do better, from the beginning definition and throughout? It's not enough to say "optimizing" in the beginning without saying what that means and how it's accomplished. Mike notes that in Sec 3.3.3, "Such persisted claims will be represented by a PCT issued to the client in a subsequent step", the "will" part isn't strictly true if the client doesn't provide the PCT in the request.

There are a few challenges: The PCT discussion is spread out, and it's too oblique.

Mike notes that the example of redirect_user with a custom URI with a query parameter was helpful, and suggests extending the normative language describing it in Grant Sec 3.3.6 would be good. E.g.: "Providing a value in this response might be appropriate, for example, if the URI needs to be customized per requesting party with a query parameter."

AI: Eve: Add issue; look up the URI/reference/etc language to get this right.

Leadership team elections

MOTION: Re-elect Eve Maler as WG chair for an annual term, Maciej Machulak as WG vice-chair for an annual term, Domenico Catalano as Graphics and User Experience Editor for an indefinite term, and Maciej Machulak as Implementations Coordinator for an indefinite term. APPROVED by unanimous consent.

Meeting schedule and preparing for All-Member Ballot

Let's not meet on July 6. Let's try to meet on July 12 and see if we can make quorum to approve our Recommendations, ideally already edited if we get no huge substantive/troubling comments, so they can proceed to the Leadership Council for approval on July 19 (or in an electron ballot) to proceed.

Interop testing plans

ForgeRock will ship a platform release with UMA2 support in approximately October. Gluu should ready by then too. We should reach out to the KeyCloak guys around then.

Attendees

As of 7 Mar 2017, quorum is 4 of 7. (Domenico, Sal, Andi, Maciej, Eve, Mike, Cigdem)

Domenico
Maciej
Eve
Mike

Non-voting participants:

Colin
John W
Thomas
Robert

Guests:

David Turner

Regrets:

Cigdem
Andi

Browser not supported