UMA telecon 2015-04-30

UMA telecon 2015-04-30

Date and Time

Agenda

  • Roll call
  • Minutes approval
  • Binding Obligations ad hoc report/review
  • Personal discovery discussion/next steps
  • Webinar planning and advertising: webinar is May 14 during usual telecon time!
  • AOB

Minutes

Roll call

Quorum was reached.

Minutes approval

MOTION: Approve the minutes of UMA telecon 2015-04-16. APPROVED by unanimous consent.

Binding Obligations ad hoc report/review

We're not sure if all who are interested are getting the notifications, so we recommend sending them to the whole list.

One question in this general area: Are we paying any attention to the cyberinsurance area? Is that worth a Kantara DG, perhaps? Adrian is looking for benchmarks for privacy-preserving and security technologies. Would that field provide monetary metrics/valuation around this? Mike observes that UMA might or might not ameliorate a person's risk, and it's implementation-dependent. CISWG is another place where risk could be mitigated: a company gets a safe harbor by getting a receipt.

Personal discovery discussion/next steps

George walked us through his swimlane that proposes how to use UMA to protect a webfinger-based discovery service. In his scenario, a patient walks into a doctor's office, where the office app (autonomous?) is an UMA client, starting out without credentials, and the discovery service is an UMA RS. The client has to dynamically register for credentials. As an optimization – assuming that any access controls applying to discovery of the resource also apply equally to the resource itself – the JRD can reveal either something like a standalone RPT that the client can present at the actual resource, or maybe claims that can be presented to get access to the resource, or something similar.

Adrian notes that patient matching is a huge issue, and this swimlane potentially solves some big challenges. However, it uses "foreign language" with respect to patient ID and such. Where is the identity perspective in this picture?

What's the right forum and form for doing something about this? Is it a profile where UMA protects webfinger? Is it the UMA WG? A number of events are coming up, such as EIC and CIS, where we could push this forward. Should we hold BOFs? Maybe this should be a high-priority wishlist/backlog item. Andi notes, with his CIS hat on, that there's an opportunity for people to do this there. And George is doing a talk on exactly this, so a BOF right after would be perfect.

Webinar planning and advertising

Joni is publishing a press release on the occasion of the V1.0 publication of the UMA Recommendations. All those on the WG who wish to have a quote published as part of the blog post containing the press release should submit the quote to her by Monday morning. Eve, Maciej, and Thomas (being the leadership team) can submit quotes for the short pushed press release.

Eve and Maciej will draft webinar content while at EIC together next week.

We got our budget request for test suite development approved! The board asked us to ensure that Kantara branding goes along with the test suite and testing. Does it make sense to think about interop (or conformance-to-Roland) testing outreach in the Q4 timeframe? Mike prefers the conformance approach vs. cross-matrix interop testing. Jin agrees. Sal agrees too. Eve suspects that the natural order of things is conformance testing -> errata collection -> spec revision -> Independent Submission.

AIs

Outstanding AIs:

  • AI: Sal: Investigate IP implications of formal liaison activities with other Kantara groups with the LC, and ultimately draft an LC Note as warranted.
  • AI: Gil: Edit the UIG to add Ishan's content and excerpt it for Eve to add to the FAQ, pointing everyone to the UIG.
  • AI: Sal: Fill out IDESG form to have UMA adopted as a recommended standard for use in the IDESG framework.
  • AI: Mike: Rework UIG section on organizations as ROs and RqPs.
  • AI: Eve: Edit UIG (Mike's input, Zhanna/Andi's input).
  • AI: Eve: Update GitHub.
  • AI: Maciej: Write as many sections for the UIG as he can.
  • AI: Justin: Write a UIG section on default-deny and race conditions.
  • AI: Eve: Send suggested updates to Will at Gluu for English page updating, and to Domenico for Italian page updating, and to Rainer for hoped-for German page updating, and to Riccardo Abeti for the Spanish page, and to Mark for a Dutch translation.

Attendees

As of 23 Apr 2015, quorum is 8 of 15. (Dom, Sal, Mark, Thomas, Andrew, Robert, Maciej, Eve, Mike S, Jin, Ishan, Ravi, John, Mike F, Chris)

  1. Eve
  2. Chris Shawn - works for US VA in healthcare security and compliance requirements
  3. Andi
  4. Mike S
  5. Domenico
  6. Maciej
  7. Ishan
  8. Sal
  9. Jin

Non-voting participants:

  • Rene Mulder - IAM architect in NL - also in IRM WG
  • Colin
  • Zhanna
  • Jin
  • Marcelo
  • George
  • Adrian

 

Â