UMA telecon 2013-06-20

UMA telecon 2013-06-20

Date and Time

  • Focus meeting on Thursday, June 20, at 9am PT (time chart)
    • Skype: +99051000000481
    • US: +1-805-309-2350 (other international dial-in lines available) | Room Code: 178-2540

Agenda

  • (Get on join.me)
  • Action item review
  • CIS plans
  • Research on, around, related to, etc. UMA
    • Multiple owners
    • Binding obligations
  • XACML presentation next week
  • GPII early-phase news
  • Issue #83 (see last week's notes)
  • Issue #67: RS=AS (OAuth-like colocation)
  • Issue #?: RS=C
  • Review proposed "ox" claim profile
  • Discuss testing needs: test harness? other?
  • AOB

Minutes

Domenic is new to our table. He recently joined Accenture's IdM and policy space. They're looking at attribute-based policies for managing access to Medicare and Medicaid systems. They're thinking UMA's approach may be viable for patient and beneficiary data access management.

Action item review

Done. See the page for updates.

CIS plans

Come one, come all! We'll try and get a dial-in and a room. Dave Coxe, Ken Klingenstein, Roland H, the Respect/XDI folks, UMAnitarians, and others will be in attendance. Eve's classic example of what we want to optimize: The old OpenID 2.0/OAuth 1.0 inefficiency around two sets of double redirects. This is exactly the area where Maciej and team have done some optimizations, with proactive token distribution. They'll present next week on this.

Research on, around, related to, etc. UMA

  • Multiple owners: A researcher, Artur Toltenco, is working on mutual ownership, e.g. a wife and husband who both have a joint banking account. We're working with him to explore UMA implications of solving this. George comments that this could help meld the world of web resources and the "Internet of Things" (IoT). Can the RO effectively be the resource, with the administrators of the resource being people? The self-owned resource (e.g., a car or an iPhone) could delegate authorized access (e.g., "can use their iPhone to start me" or "can use me to start the car" (smile) ) to the administrators and operators of the thing (e.g., George and his wife). Classically, middleware solutions would enable a group to be the owner of a resource. We have made some simplifying assumptions that take the solution pretty far. But if the AS is confused about conflicting policies over the "same resource", or if the RS is confused about conclicting ROs over the "same resource", then at a minimum we'd have some work to do.
  • Binding obligations: An NCL researcher specializes in this area! See his IEEE paper "A Model for Checking Contractual Compliance of Business Interactions". This relates to our issue 63 (Audit logs to support legal enforceability). We can imagine a Contract Compliance Checker that functions as an online service run by a trust framework provider, to which events are thrown (e.g.).

XACML presentation next week

Hal Lockhart says: "I have recently published to the OASIS XACML TC and the OpenAz Project, the outline of a scheme which would allow a fully generalized form of OAuth Scope to be represented by means of XACML policies." He will present it to us next week.

Optimization opportunities

  • Issue #67: RS=AS (OAuth-like colocation)
  • Issue #?: RS=C
  • Issue #?: AS=C

Lengthening meetings again

Should we lengthen the meetings to 90 minutes? Let's consider it.

Attendees

  1. Eve
  2. Andrew
  3. Mark
  4. George
  5. Keith
  6. Domenico
  7. Thomas
  8. Sal 
  9. Maciej
  10. Domenic DiLullo

Next Meetings

  • All-hands meeting on Thursday, June 27, at 9am PT (time chart) - George and Thomas regrets; Hal Lockhart presentation; GPII demo; Cloud Identity OO preso
  • (No meeting Thursday, July 4 because of the US holiday) 
  • No meeting – vs. potential F2F/summit during CIS – on Thursday, July 11? - Eve, Andrew, George, are attending CIS

Â