UMA telecon 2011-02-03
UMA telecon 2011-02-03
Date and Time
- WG telecon on Thursday, 03 Feb 2011, at 9-10:30am PT (time chart)
- Skype line "C": +9900827042954214
- US: +1-201-793-9022 | Room Code: 295-4214
Agenda
- Roll call
- Approve minutes of 2011-01-27 meeting
- Action item review
- New design principles
- Scoped access
- Discuss further issues related to scoped access
- Review PDP/PEP model - what information should we required in communication between the host and AM?
- Assign new AIs
- Revised Claims 2.0 spec
- AOB
Attendees
The roster says "As of 25 Jan 2011, quorum is 8 of 14" (but it should be 8 of 15; no effect on quorum requirements for this meeting).
- Susan Morrow
- Maciej Machulak
- Maciej Wolniak
- Lukasz Moren
- Thomas Hardjono
- Trent Adams
- Sal D'Agostino
- Christian Scholz
Non-voting:
- John Bradley
- Cordny Nederkoorn
- Frank Wray
Regrets:
- George Fletcher
- Domenico Catalano
- Eve Maler
Minutes
Roll call
Quorum was reached.
Approve minutes of 2011-01-27 meeting
Minutes of 2011-01-27 meeting APPROVED.
Action item review
Done.
New design principles
We will discuss the design principle around digital signatures next week - there is some concern regarding the wording and this requires commenting on the mailing list.
Scoped access
- Discuss further issues related to scoped access
- Review PDP/PEP model - what information should we required in communication between the host and AM?
- Assign new AIs
We discussed the scoped access and the flow between the host and AM during the token validation step - what information should we send?
Options are:
- Should the host go to the AM with the token and information about what resource is being accessed and the AM would reply with a simple yes/no?
- Should the host go to the AM with the token only and would be provided with information about the resource for which this token is valid, and the authorized actions?
The second option would fit well if we had both bearer tokens and JWT tokens since the host in both cases would make the final decision whether to grant access or not - in both cases the host is provisioned with information about the resource and authorized actions and can map that locally to the actual access request to a resource.
Christian will discuss a scenario n based on a real API (possibly Flickr) and will send it to the group for commenting. (Now DONE.)
Revised Claims 2.0 spec
We did not discuss Claims 2.0 spec; deferred.
Next Meetings
- WG telecon on Thursday, 10 Feb 2011, at 9-10:30am PT (time chart)
- WG telecon on Thursday, 17 Feb 2011, at 9-10:30am PT (time chart) – during RSA conference
- WG telecon on Thursday, 24 Feb 2011, at 9-10:30am PT (time chart)
- WG telecon on Thursday, 3 Mar 2011, at 9-10:30am PT (time chart)