UMA telecon 2011-12-01

Owned by Former user (Deleted)
Last updated: Dec 04, 2011Version comment
3 min read

UMA telecon 2011-12-01

Date and Time

  • WG telecon on Thursday, 1 Dec 2011, at 9am PT (time chart) – Eve regrets; vice-chair Maciej is chair pro tem (Thomas took the reins)
    • Skype line "C": +9900827042954214
    • US: +1-201-793-9022 (other int'l numbers) | Room Code: 295-4214

Agenda

  • Roll call
  • 2011 timeline review (see Next Meetings list below)
  • Approve minutes of 2011-11-17 meeting
  • Action item review
  • Trust model user guide update
  • FAQ update
  • Webinar prep
    • Review and refine outline
    • Confirm demo/implementation participants
  • * UMA core spec editing and issues status
    • I-D contribution plans
  • AOB

Attendees

As of 16 Nov 2011, quorum is 7 of 12.

  1. Catalano, Domenico
  2. D'Agostino, Salvatore
  3. Hardjono, Thomas
  4. Machulak, Maciej
  5. Moren, Lukasz
  6. Szpot, Jacek
  7. Wray, Frank

Non-voting:

  • Cox, Kevin

Regrets:

  • Eve Maler
  • Paul Bryan
  • George Fletcher
  • Susan Morrow

Minutes

Roll call

Quorum was reached.

2011 timeline review

  • Monday 5 Dec at 1PM-EST: Trust Model ad-hoc call
  • Thursday 8 December: weekly UMA telecon.
  • Monday 12 December: dry run of Webinar.
  • Wednesday 14 December: Webinar day
  • Thursday 15 December: weekly UMA telecon.

Approve minutes of 2011-11-17 meeting

Deferred.

Action item review

FAQ on Wiki:

  • Paul & Susan absent.
  • Lukasz planning to update Wiki (covering Smart-AM) before the webinar.
  • Slides from Sampo could be converted for Wiki entry.

Trust model user guide update:

  • Group had a telecon on Monday this week to discuss Trust Model.
  • The group went through Domenico's slides.
  • User Guide remains "work in progress"
    • Next step is to put together a written guide as to how to deploy the model with an AM (eg. explaining delegated
      authority, etc).
    • Thomas suggest using the Health Case use-case to concretize. Folks agree.
    • The adhoc group will setup another telecon call (Mon 5 Dec).
    • Thomas to send Webex dialin info for Monday 5 Dec ad-hoc call.

Webinar prep

  • Prep and dry run scheduled for Monday 12 Dec.
    • Frank is taking the lead for preparing the Webinar.
    • List of Webinar presenters/demos:
      • Mario Hoffman
      • Lukasz
      • Sampo
  • Thomas to post Webinar invite/info on IETF OAUTH WG list.
  • Folks invited to send answers (to the Webinar questions below) to the UMA list:
    • Why would an organization want to operate Authorization Manager?
    • Why would an organization want to operate an UMA-enabled host app?
  • Frank will attempt to merge the answers into the slides for the webinar.

UMA core spec editing and issues status

Issue #3 [Thomas]

  • Thomas has added some text in Section 2.4.3.1 about policy URI.
  • Lukasz says that in Smart-AM the policy URI is returned by AM to Host also in the case of a READ and UPDATE commands. This answers Thomas's question to the list on 11/30/2011.
  • Thomas will added relevant text to Sections 2.4.3.2 and 2.4.3.3.

Issue #8 (Expiration field in permission ticket)

  • Deferred (waiting for Paul's comments on GitHub).

Issue #16 (Host must register permission?)

  • Deferred

Issue #24 (audit)

  • Group thinks audit is desirable feature for both the AM and the Host.
  • From UMA Minutes of 27-Oct-2011, George points out that this whole proposition only makes sense with our current opaque-token option.
  • Thomas added github comment yesterday that it would desirable if AM and Host could have a set of audit logs that when brought together could be synchronized (ie. for every token issued by AM, the Host can show a log of events relating to the token/requester).

Issue #25 (limiting claims demanded from AM)

  • Summary of issue (thomas): how to prevent the AM from asking claims about my Social Security Number (SSN) when I (as the requester) know that my access request does not need info about my SSN number.
  • Domenico: we need to understand better how OpenID-Connect addresses this matter (of AM asking too much attributes).
  • Perhaps a set of "cookie-cutter" (pre-published) set of attributes could be made known to the requester so that he/she knows in advance what answers is expected by the AM.
  • Domenico and Thomas to take AI to read the relevant OpenID-Connect specs.

Next Meetings

  • Trust model ad hoc on Monday, 5 Dec 2011, at 10am PT (time chart) – Thomas's WebEx
  • WG telecon on Thursday, 8 Dec 2011, at 9am PT (time chart) – Last telecon before webinar! Approve new I-D rev
  • Webinar on Wednesday, 14 Dec 2011, at 10am PT (time chart) – Webinar!
  • WG telecon on Thursday, 15 Dec 2011, at 9am PT (time chart)
  • WG telecon on Thursday, 22 Dec 2011, at 9am PT (time chart)
  • NO WG telecon on Thursday, 29 Dec 2011 – Happy new year!