UMA telecon 2012-11-15

UMA telecon 2012-11-15

Date and Time

Agenda

  • Meeting reminders
  • Liaison activity
  • Podcast idea
  • Healthcare case study
  • Dynamic client registration draft review
  • Discussion of recent technical issues
  • Implementation and testing news
  • AOB

Minutes

New AI summary

  • AI: Eve with Maciej and Phil W: Write PDS/personal cloud case study.
  • AI: Eve: Send thoughts on requirements for solving the discovery problem to list.
  • AI: SMART team: Write proposal for discovery service and attribute schema metadata registration for protected resources. Due beginning of December.
  • AI: Eve to schedule a podcast recording time.
  • AI: Eve: Start thread online to gather dyn client reg comments from the UMA WG.
  • AI: Eve: Record new issues based on Gluu comments.
  • AI: Thomas: Edit spec according to 2012-11-15 telecon decisions.
  • AI: Eve: Update Implementations page to point to Gluu work.
  • AI: Keith and SMART team: Review the Gluu/OX UMA tests.
  • AI: Mario: Supply content to Neil McEvoy for e-magazine article. (Committed to in email prior to call.)

Meeting reminders

  • No meeting next week: US Thanksgiving holiday.
  • All-hands meeting the following week.

Liaison activity

We reviewed the discussion of last week: The group reviewed what happened at IIW and discussed how UMA could fit into the AXN; David Coxe had presented about this at IIW. Sal also reported on his liaisons with external groups. The PDS case study and opportunities to promote UMA in connection with it were also discussed.

Eve is already planning to ensure that we coordinate with Dave and Pam on UMA/AXN integration. This is going to need enhancement of our resource set registration protocol and some standardized attribute schemas. She'll propose a meeting in the first week of December.

Keith reports on his efforts to liaise with the new Attribute Management discussion group. It seems to have a strong connection to ID/Dataweb already, and ID/Dataweb already has a strong connection to UMA.

AMWG liaison

Podcast idea

It was suggested that we publish 10-minute podcasts that would make it easier for people new to UMA to understand what's going on. One idea is to start with an edited version of the webinar recording! Eve will try to play with that.

Healthcare case study

People need more time to read this material. Let's discuss in the Nov 29 all-hands meeting.

Dynamic client registration draft review

Justin Richer is now the primary editor of this spec: hurrah. Let's plan to review it in the Nov 29 all-hands call.

Discussion of recent technical issues

Yuriy of Gluu has been implementing UMA and brought up some questions.

Confusion around the use of UMA-style scopes for the OAuth-specific PAT and AAT scopes: Let's explain this better in the spec so that the confusion can be avoided. We are providing machine-readable metadata at the end of the URL, to illustrate how UMA would make scopes be more machine-readable, but this is not used by the OAuth security mechanism.
The lack of a single consistent outermost JSON property in the AM's response to a request for RPT status: It's proposed to add an outermost "rpt_status" property, whose value is empty if the RPT is invalid. We'll consider this, but it's still open.

Implementation and testing news

The Gluu/OX team is publishing its UMA code under the "MIT open source license". They have a few client-side UMA tests in the oxAuth-client library.

Mike has reported: "A GUI for the UMA tests would be really nice to have. OpenID Connect has one and so does the OX Graph project. I can volunteer seed.gluu.org to publish the tests, but we'd need to schedule some time to build the UI. Perhaps by year end we could do it." Keith expresses interest in following the test development work closely. We should try and ensure that the Gluu tests don't discriminate against UMA's "Alice-to-*" sharing use cases.

Attendees

  • Eve
  • Keith
  • Domenico
  • Lukasz
  • Maciej

Next Meetings

  • NO meeting on Thursday, 22 November 2012, at 9am PT - U.S. Thanksgiving holiday
  • All-hands meeting on Thursday, 29 November 2012, at 9am PT (time chart) - educational and all topics - agenda: Scalable Privacy, dyn client reg review, healthcare case study, podcast