UMA telecon 2011-12-08

Owned by Former user (Deleted)
Last updated: Dec 08, 2011Version comment
3 min read

UMA telecon 2011-12-08

Date and Time

  • WG telecon on Thursday, 8 Dec 2011, at 9am PT (time chart) – Last telecon before webinar! Approve new I-D rev
    • Skype line "C": +9900827042954214
    • US: +1-201-793-9022 (other int'l numbers) | Room Code: 295-4214

Agenda

  • Roll call
  • 2011 timeline review (see Next Meetings list below)
  • Approve minutes of 2011-11-17 and 2011-12-01 meetings
  • Webinar prep - very important!
  • Trust model subteam update
  • FAQ update
  • UMA core spec editing and issues status
    • I-D contribution plans - very important!
  • AOB

Attendees

As of 18 Nov 2011, quorum is 7 of 13.

  1. Bryan, Paul
  2. Catalano, Domenico
  3. Fletcher, George
  4. Hardjono, Thomas
  5. Machulak, Maciej
  6. Maler, Eve
  7. Moren, Lukasz
  8. Szpot, Jacek
  9. Wray, Frank

Non-voting participants:

  • Kevin Cox
  • Hoffmann, Mario

Regrets:

  • Mohammad, Alam
  • Morrow, Susan
  • Nederkoorn, Cordny

Minutes

New AI summary

2011-12-08-1

Eve

Open

Set up webinar dry-run meeting.

 

2011-12-08-2

Maciej, Lukasz, Mario

Open

Send draft webinar slide content by COB Friday.

 

2011-12-08-3

Eve

Open

Draft webinar slide deck by dry-run time.

 

2011-12-08-4

Eve

Open

Create a Fraunhofer AISEC FAQ from Mario's slide content.

 

Roll call

Quorum was reached.

Approve minutes of 2011-11-17 and 2011-12-01 meetings

Minutes of 2011-11-17 and 2011-12-01 meetings APPROVED.

Webinar prep

Don't forget to tweet, FB, and G+ the news! If you can, retweet the @UMAWG status update, so that it also simultaneously advertises that Twitter handle:

http://twitter.com/#!/UMAWG/status/144805389194629120

Planning to be on the webinar to present: Frank (which part?), Eve (intro), Maciej/Lukasz (SMART impl), Mario (Fraunhofer impl), Paul (why become a host: "distributed access management is hard") – also Sampo/Luk?

Planning to join the webinar live (vs. listen to the recording later): Thomas, Domenico, possibly George.

Let's plan on a webinar dry-run next Monday at 7am PT.

The use case explored by the Fraunhofer implementation is photo sharing. The SMART implementation is exploring a personal data store (PDS) use case.

  1. What is UMA and why do we need it? (Eve)
    1. Explain the major entities and parties but don't get into technical detail
    2. Explain the OAuth and OpenID Connect connections at a very high level
    3. Thank sponsors
  2. UMA use cases – including the use cases explored by the implementations? (Frank and Eve)
    1. hData – including requirements for high security plus dynamic party introductions
    2. G2C/FICAM/NSTIC – including trust model and trust framework implications
    3. Photo sharing – including Alice-to-Bob sharing implications
    4. Personal data locker/separation of IdP and (trusted) attribute providers – including personal data economy implications
  3. Why would an organization want to operate an Authorization Manager? – including Street Identity thoughts (Maciej)
  4. Why would an organization want to operate an UMA-enabled host app? (Eve and Paul)
  5. Implementation presentations
    1. SMART – in slides and live demo (Maciej and Lukasz)
    2. Fraunhofer AISEC – in slide form (Mario)
    3. Synergetics/TAS3? (Sampo/Luk?)
  6. Technical architecture
    1. Trust model in one slide (Domenico)
  7. Status and next steps
    1. IETF I-D
    2. Interop testing

FAQ update

Lukasz has begun to fill in a new SMART implementation FAQ. He'll fill this in over the next few days. A suggestion for a new question: Is SMART planning to add support for policies that work with more than just Facebook friend lists?

UMA core spec editing and issues status

Last week, the WG went through some issues.

Regarding issue #3, should the AM always return a policy URI regardless of whether the host is creating, reading, or updating a resource set? Lukasz says yes, and this is what SMART does. George describes it as a "pseudo-deep link into the AM". Do we have to say anything about this as a security consideration? We should make clear that the host MUST not expose this policy URI to anyone other than the user on whose behalf the resource set was registered, and the AM SHOULD NOT send policy URIs that expose in-the-clear policy details to the host. Thomas will incorporate all this. Let's now definitely close #3!

Regarding issue #8, Thomas will close the issue and incorporate the result. This closes Paul's related AI.

Regarding issue #16, can we just get away with continuing to say the host SHOULD register a permission? Let's do that, and wait for feedback from various implementers. Thomas will close the issue with no action.

MOTION by George, second by Frank: Submit the latest UMA core draft, as edited according to 2011-12-08 telecon instructions, as IETF I-D 02. APPROVED.

RSA plans

Thomas suggests an UMA get-together at RSA in February. Eve and Frank will also be around that week, and maybe others. Let's discuss at the next telecon.

Next Meetings

  • Webinar dry run on Monday, 12 Dec 2011, at 7am PT (time chart) – dial-in TBS
  • Webinar on Wednesday, 14 Dec 2011, at 10am PT (time chart) – Webinar! must register to attend live
  • WG telecon on Thursday, 15 Dec 2011, at 9am PT (time chart)
  • WG telecon on Thursday, 22 Dec 2011, at 9am PT (time chart)
  • NO WG telecon on Thursday, 29 Dec 2011 – Happy new year!