UMA telecon 2011-07-28

Date and Time

WG telecon on Thursday, 28 Jul 2011, at 9-10:30am PT (time chart)
- Skype line "C": +9900827042954214
- US: +1-201-793-9022 (other int'l numbers) | Room Code: 295-4214

Agenda

Roll call
Approve minutes of 2011-07-07 and 2011-07-21 meetings
No meeting Thu Aug 4; Eve and Maciej regrets
Action item review
Review of publicity and webinar efforts
Review of ongoing news from Cloud Identity Summit and IETF81
Fraunhofer AISEC implementation news
UMA WG next steps
Discuss implementation best practices (start doc?)
Core protocol open issues
AOB

Attendees

As of 21 July 2011 (pre-mtg), quorum is 8 of 13.

Catalano, Domenico
D'Agostino, Salvatore
Maler, Eve
Morrow, Susan
Szpot, Jacek
Wray, Frank

Regrets:

Hardjono, Thomas
Machulak, Maciej
Moren, Lukasz

Minutes

Roll call

Quorum not reached. (Eve will need to get in touch with the new voting participants to ensure they know their attendance responsibilities.)

Approve minutes of 2011-07-07 and 2011-07-21 meetings

Deferred due to lack of quorum.

No meeting Thu Aug 4; Eve and Maciej regrets

PLEASE NOTE: No meeting next week!

Review of publicity, webinar efforts, Cloud Identity Summit, IETF81

We noted that Google+ is another channel we need to use to get the word out! We're also hopeful that Circles can eventually be used by authorizing users to control their UMA-based sharing. We don't think APIs are available yet.

The webinar was a great success, despite the audio difficulties. Don't forget to "like" and share the Facebook content! RWW posted their UMA article on their own Facebook page, and Frank followed up.

Eve had the opportunity to mention UMA to the new NIST Smart Grid group, and they expressed interest.

Thomas's news from IETF81: He had a chance to present UMA to the OAuth meeting. It seemed pretty well received, and there was interest in both considering it in the October timeframe when OAuth recharters, and also ensuring that the Kantara side would stop work on it if it got picked up in IETF.

Fraunhofer AISEC implementation news

We do have an uma-dev list, but it's not well used. Maybe now is the time to resurrect it, and from this, we can collect best-practice data.

UMA WG next steps

In the Sep/Oct timeframe, we anticipate both multiple independent UMA implementations (at least some open-sourced) so that they can be examined and used. We also anticipate active piloting and experimentation with OpenID Connect integration, in concert with John et al. Finally, the OAuth group will be considering new charter scope items by October.

So let's plan to revise our I-D up through that timeframe and put an emphasis on implementation considerations. And let's also plan to put a focus on healthcare use cases to vet our work. Sal expressed interest in helping Frank carry this forward.

Healthcare has interesting properties: both highly sensitive data and highly dynamic discovery of data. This is friendly to the OpenID Connect view of the universe, which needs "discovery-service-initiated" access to "claims". By contrast, UMA has been solving for "requester-initiated" access to "arbitrary resources". It could be said that claim assumes a very well known API (that is, semantics for accessing it) while its location may be late-bound (discoverable). By contrast, an UMA-protected resource has been assumed to have an early-bound location but possibly late-bound API. We think there's probably a way to "square" these two flows and two views of resources, making for a comprehensive solution for all options.

Core protocol open issues

Thomas hasn't had time to put the current list of issues into tracked form yet. Jacek will have more comments on the spec shortly.

Next Meetings

WG telecon on Thursday, 11 Aug 2011, at 9-10:30am PT (time chart)
WG telecon on Thursday, 18 Aug 2011, at 9-10:30am PT (time chart)
WG telecon on Thursday, 25 Aug 2011, at 9-10:30am PT (time chart)
- Skype line "C": +9900827042954214
- US: +1-201-793-9022 (other int'l numbers) | Room Code: 295-4214