UMA telecon 2011-02-03

Owned by Former user (Deleted)
Last updated: Feb 13, 2011 by Former user (Deleted)Version comment
2 min read

UMA telecon 2011-02-03

Date and Time

  • WG telecon on Thursday, 03 Feb 2011, at 9-10:30am PT (time chart)
    • Skype line "C": +9900827042954214
    • US: +1-201-793-9022 | Room Code: 295-4214

Agenda

  • Roll call
  • Approve minutes of 2011-01-27 meeting
  • Action item review
  • New design principles
  • Scoped access
    • Discuss further issues related to scoped access
    • Review PDP/PEP model - what information should we required in communication between the host and AM?
    • Assign new AIs
  • Revised Claims 2.0 spec
  • AOB

Attendees

The roster says "As of 25 Jan 2011, quorum is 8 of 14" (but it should be 8 of 15; no effect on quorum requirements for this meeting).

  1. Susan Morrow
  2. Maciej Machulak
  3. Maciej Wolniak
  4. Lukasz Moren
  5. Thomas Hardjono
  6. Trent Adams
  7. Sal D'Agostino
  8. Christian Scholz

Non-voting:

  • John Bradley
  • Cordny Nederkoorn
  • Frank Wray

Regrets:

  • George Fletcher
  • Domenico Catalano
  • Eve Maler

Minutes

Roll call

Quorum was reached.

Approve minutes of 2011-01-27 meeting

Minutes of 2011-01-27 meeting APPROVED.

Action item review

Done.

New design principles

We will discuss the design principle around digital signatures next week - there is some concern regarding the wording and this requires commenting on the mailing list.

Scoped access

  • Discuss further issues related to scoped access
  • Review PDP/PEP model - what information should we required in communication between the host and AM?
  • Assign new AIs

We discussed the scoped access and the flow between the host and AM during the token validation step - what information should we send?

Options are:

  1. Should the host go to the AM with the token and information about what resource is being accessed and the AM would reply with a simple yes/no?
  1. Should the host go to the AM with the token only and would be provided with information about the resource for which this token is valid, and the authorized actions?

The second option would fit well if we had both bearer tokens and JWT tokens since the host in both cases would make the final decision whether to grant access or not - in both cases the host is provisioned with information about the resource and authorized actions and can map that locally to the actual access request to a resource.

Christian will discuss a scenario n based on a real API (possibly Flickr) and will send it to the group for commenting. (Now DONE.)

Revised Claims 2.0 spec

We did not discuss Claims 2.0 spec; deferred.

Next Meetings

  • WG telecon on Thursday, 10 Feb 2011, at 9-10:30am PT (time chart)
  • WG telecon on Thursday, 17 Feb 2011, at 9-10:30am PT (time chart) – during RSA conference
  • WG telecon on Thursday, 24 Feb 2011, at 9-10:30am PT (time chart)
  • WG telecon on Thursday, 3 Mar 2011, at 9-10:30am PT (time chart)