UMA telecon 2011-12-08

Date and Time

WG telecon on Thursday, 8 Dec 2011, at 9am PT (time chart) – Last telecon before webinar! Approve new I-D rev
- Skype line "C": +9900827042954214
- US: +1-201-793-9022 (other int'l numbers) | Room Code: 295-4214

Agenda

Roll call
2011 timeline review (see Next Meetings list below)
Approve minutes of 2011-11-17 and 2011-12-01 meetings
Webinar prep - very important!
Trust model subteam update
FAQ update
UMA core spec editing and issues status
- I-D contribution plans - very important!
AOB

Attendees

As of 18 Nov 2011, quorum is 7 of 13.

Bryan, Paul
Catalano, Domenico
Fletcher, George
Hardjono, Thomas
Machulak, Maciej
Maler, Eve
Moren, Lukasz
Szpot, Jacek
Wray, Frank

Non-voting participants:

Kevin Cox
Hoffmann, Mario

Regrets:

Mohammad, Alam
Morrow, Susan
Nederkoorn, Cordny

Minutes

New AI summary

2011-12-08-1	Eve	Open	Set up webinar dry-run meeting.
2011-12-08-2	Maciej, Lukasz, Mario	Open	Send draft webinar slide content by COB Friday.
2011-12-08-3	Eve	Open	Draft webinar slide deck by dry-run time.
2011-12-08-4	Eve	Open	Create a Fraunhofer AISEC FAQ from Mario's slide content.

Roll call

Quorum was reached.

Approve minutes of 2011-11-17 and 2011-12-01 meetings

Minutes of 2011-11-17 and 2011-12-01 meetings APPROVED.

Webinar prep

Don't forget to tweet, FB, and G+ the news! If you can, retweet the @UMAWG status update, so that it also simultaneously advertises that Twitter handle:

http://twitter.com/#!/UMAWG/status/144805389194629120

Planning to be on the webinar to present: Frank (which part?), Eve (intro), Maciej/Lukasz (SMART impl), Mario (Fraunhofer impl), Paul (why become a host: "distributed access management is hard") – also Sampo/Luk?

Planning to join the webinar live (vs. listen to the recording later): Thomas, Domenico, possibly George.

Let's plan on a webinar dry-run next Monday at 7am PT.

The use case explored by the Fraunhofer implementation is photo sharing. The SMART implementation is exploring a personal data store (PDS) use case.

What is UMA and why do we need it? (Eve)
1. Explain the major entities and parties but don't get into technical detail
2. Explain the OAuth and OpenID Connect connections at a very high level
3. Thank sponsors
UMA use cases – including the use cases explored by the implementations? (Frank and Eve)
1. hData – including requirements for high security plus dynamic party introductions
2. G2C/FICAM/NSTIC – including trust model and trust framework implications
3. Photo sharing – including Alice-to-Bob sharing implications
4. Personal data locker/separation of IdP and (trusted) attribute providers – including personal data economy implications
Why would an organization want to operate an Authorization Manager? – including Street Identity thoughts (Maciej)
Why would an organization want to operate an UMA-enabled host app? (Eve and Paul)
Implementation presentations
1. SMART – in slides and live demo (Maciej and Lukasz)
2. Fraunhofer AISEC – in slide form (Mario)
3. Synergetics/TAS3? (Sampo/Luk?)
Technical architecture
1. Trust model in one slide (Domenico)
Status and next steps
1. IETF I-D
2. Interop testing

FAQ update

Lukasz has begun to fill in a new SMART implementation FAQ. He'll fill this in over the next few days. A suggestion for a new question: Is SMART planning to add support for policies that work with more than just Facebook friend lists?

UMA core spec editing and issues status

Last week, the WG went through some issues.

Regarding issue #3, should the AM always return a policy URI regardless of whether the host is creating, reading, or updating a resource set? Lukasz says yes, and this is what SMART does. George describes it as a "pseudo-deep link into the AM". Do we have to say anything about this as a security consideration? We should make clear that the host MUST not expose this policy URI to anyone other than the user on whose behalf the resource set was registered, and the AM SHOULD NOT send policy URIs that expose in-the-clear policy details to the host. Thomas will incorporate all this. Let's now definitely close #3!

Regarding issue #8, Thomas will close the issue and incorporate the result. This closes Paul's related AI.

Regarding issue #16, can we just get away with continuing to say the host SHOULD register a permission? Let's do that, and wait for feedback from various implementers. Thomas will close the issue with no action.

MOTION by George, second by Frank: Submit the latest UMA core draft, as edited according to 2011-12-08 telecon instructions, as IETF I-D 02. APPROVED.

RSA plans

Thomas suggests an UMA get-together at RSA in February. Eve and Frank will also be around that week, and maybe others. Let's discuss at the next telecon.

Next Meetings

Webinar dry run on Monday, 12 Dec 2011, at 7am PT (time chart) – dial-in TBS
Webinar on Wednesday, 14 Dec 2011, at 10am PT (time chart) – Webinar! must register to attend live
WG telecon on Thursday, 15 Dec 2011, at 9am PT (time chart)
WG telecon on Thursday, 22 Dec 2011, at 9am PT (time chart)
NO WG telecon on Thursday, 29 Dec 2011 – Happy new year!

Browser not supported