UMA telecon 2015-09-24
UMA telecon 2015-09-24
Date and Time
- Thu Sep 24, 9-10am PT
- Voice: Skype: +99051000000481 or US +1-805-309-2350 (international dial-in lines), room code 178-2540#
- Screen sharing: http://join.me/findthomas - NOTE: IGNORE the join.me dial-in line shown here in favor of the dial-in info above (Kantara "line C" and the Skype line)
- UMA calendar:Â http://kantara.atlassian.net/wiki/display/uma/Calendar
Agenda
- Quick hits:
- Let's go back to our previous usual pattern of weekly "ad hoc" meetings and last-week-of-the-month "quorate" meetings
- Public Review status and outstanding comment review
- UIG review and next steps
- Interop and IIW planning
- AIs
- AOB
Minutes
Public review status
Please retweet the @UMAWG tweet about the public review!
Take a look at the new Release Notes document.
UIG status
For the Organizations as Resource Owners and Requesting Parties section, is there really that much to say? Mike's folks are developing a sample resource server and an UMA client in Python, and will use the client credentials flow. His use cases typically use this grant flow. This will be Hello, World level. The org=RO circumstance is always the case for Mike, but the RqP might be an org or a human.
For the Ensuring Resource Server Access to an Authorization Server When the Resource Owner Is Offline section, it's worth pointing out that the RO might not be a human at all, in which call "offline" isn't the right word. We might also want to mention "break glass" as a phrase specifically, since everybody knows this phrase. We don't want to burden developers with trust framework knowledge, but it might be a good idea to call out to the Binding Obs at this point, because it's around here that UMA protection might tip over into enterprise access management.
AI: Eve: Make edits to the Ensuring Resource Server Access... section.
AI:Â Andi and Zhanna: Please look at the section on optional and extension properties to see what might need an update to account for V1.0.1.
AI: Maciej: Review and correct the Redirecting the Requesting Party to the Client After Claims Gathering section.
AI: Maciej: Write up some recommendations for the RPT Refreshing section.
AI: Maciej: Try to find Justin's old recommendations for the Permission Ticket Management section.
AI: Eve: Ask Allan to write up why default-permit isn't a good idea.
Logistics
Next week, let's do a quick check-in on UIG status and Roland interop topics if possible.
Let's go back to our previous usual pattern of weekly "ad hoc" meetings and last-week-of-the-month "quorate" meetings. Â (LATER: Eve notices that the last week of October would be IIW, when we won't be having a meeting, so let's strive for reaching quorum on both Oct 22 and Nov 5 so we can handle Public Review issues and results.)
Previous AI status
- AI: Thomas: Review the charter for potential revisions in this annual cycle.
- AI: Sal: Investigate IP implications of formal liaison activities with other Kantara groups with the LC, and ultimately draft an LC Note as warranted.
- AI:Â Gil: Edit the UIG to add Ishan's content and excerpt it for Eve to add to the FAQ, pointing everyone to the UIG.
- AI: Mike: Write SCIM protection case study to highlight client claims-based use case.
Attendees
As of 10 Sep 2015 (post-meeting), quorum is 6 of 11. (François, Domenico, Sal, Thomas, Andi, Robert, Maciej, Eve, Sourav, Arlene, Mike)
- Eve
- Arlene
- Maciej
- François
- Mike
- Domenico
Non-voting participants:
- James
- Katie
- Ishan
- Scott
- Marcelo
- Jin
Regrets:
- Thomas
Â