UMA telecon 2013-05-30

Owned by Eve Maler
Last updated: May 30, 2013
4 min read

UMA telecon 2013-05-30

Date and Time

  • All-hands meeting on Thursday, May 30, at 9am PT (time chart) - leadership elections: chair, vice-chair
    • Skype: +99051000000481
    • US: +1-805-309-2350 (other international dial-in lines available) | Room Code: 178-2540

Agenda

  • (Get on join.me)
  • Roll call: quorum?
  • Leadership elections
    • Chair (nominees so far: Eve - others?)
    • Vice-chair (nominees so far: Maciej - others?)
    • Spec editor (is Thomas willing to stand again? others?)
  • CIS-timeframe plans
  • "Implementor's Draft" and interop plans for October/November
  • RS=C optimization opportunities
  • Authentication strength/assurance optimization opportunities
  • Review any other action items not already touched on
  • AOB

Minutes

Roll call

Quorum was reached.

Minutes approval

MOTION: Approve minutes of UMA telecon 2013-04-25, and read into today's minutes the notes from UMA telecon 2013-05-02UMA telecon 2013-05-16, and UMA telecon 2013-05-23: APPROVED by unanimous consent.

Leadership elections

  • Chair (nominees so far: Eve - others?)
  • Vice-chair (nominees so far: Maciej - others?)
  • Spec editor (nominees so far: Thomas - others?)

MOTION and second: Re-elect Eve to chair, Maciej to vice-chair, and Thomas to spec editor roles respectively for another year: APPROVED by unanimous consent.

Assurance discussion and relying party guidelines

Andras gives an update: There was a multi-group thread on relying party guidelines. One goal is to reduce RP friction. Guidelines on what to do with user info that's been passed downstream have been part of the discussion. The IAWG discussed this today, and is planning to send out a call for participation for an ad hoc group to frame this challenge. It will collect successful and unsuccessful onboarding strategies, and a first round of use cases. It will write up a recommendation for the LC to advise on what path Kantara should take. Myisha is taking the lead. There's high interest. This would likely end up being a Discussion Group.

EIC report-out

Joni reports: At this EIC, there's been significant interest in its progress. Recall that Mario H presented a demo (which was recorded) last year. Perhaps unexpectedly, there's been considerable forward movement in the "Life Management Platform" efforts – it's the European incarnation of the personal cloud concept. They have a lot of transportation use cases, e.g. booking tickets for trains etc. There was an LMP track at the conference. In every session of that track, UMA was referenced as a potential core component for how to administer an LMP. Joni will make introductions to make sure that we follow up.

Domenico is preparing a blog entry on LMPs, which will publish next week.

Eve wonders: Is there a distinction with a difference between LMPs and personal clouds? We're not sure. Andrew notes that LMPs have been evolving along with VRM (Doc was at EIC) and personal clouds. (Eve points to this old blog post showing UMA's relevance to the intersection of all of the above, plus enterprise use cases.)

George notes that Drummond was discussing the "respect" angle on all this at IIW. There's delegation at the identity level that needs to be accomplished, at scale. Some people are taking the old OpenID V1.0 idea of personal identity assertion to new heights in a multi-server model. Eve points to Domenico's long history of work around true technical trust on which UMA relationships can be based. George and Sal express confidence that PKI/asymmetric key methods of technical trust may yet find success at scale, given new developments. Eve points to Gluu work on policy management, OpenID Connect-friendly authentication context, and centralized scope access management. Essentially, UMA is already proving that it has the technical underpinnings to support many expressed LMP/PC/VRM use cases. We'd like to take this further by optimizing usage with OpenID Connect in particular (and possibly other technologies such as XDI).

UMAWG Twitter handle

Eve, Sal, and Joni are willing to co-administer the UMAWG handle. We will set this up with the Meshfire tool.

CIS-timeframe plans

Eve has asked Mark Diodati for a room with a capacity of 10. Joni will approach Jeremy with the idea of an NSTIC-affiliated working meeting/summit at CIS and let us know; Eve will write a short abstract to help Joni make the case.

"Implementor's Draft" and interop plans for October/November

In addition to our nascent plans around an interop at the MIT event, Joni notes that there's a workshop being planned for Oct 29-31 in Amsterdam. It's early days for that. It's potentially a joint venture between Kantara, OASIS, and IEEE.

Securing space, securing funds, and doing education/outreach are all things the LC could help with. Eve needs to capture the scope and goals in her note to the LC.

RS=C optimization opportunities

Deferred.

GPII use case

Keith has shared a Cloud4all/GPII architecture overview. The Preferences Server could be a resource server fronting an authorization server. The overall architecture seems kind of heavyweight. However, Keith's pilot work is focusing simply on the needs/preferences data, protecting it, and governing access to it. The matchmaking capability is simply a necessary function given the use case: there needs to be a site/app/device/user capabilities intersection that's non-empty. Keith also reports that he has now logged in to the Gluu stack that Mike is making available for experimentation, and he's forwarded info about a Gluu webinar in their role as InCommon affiliate.

UMA open source

Publishing under an Apache license is free for anyone to do. But if you want to get code into one of the official projects, we're not sure. Joni notes that Kantara can help with the former process, using the Apache CLA. Andrew notes that Allan Foster is likely a good source of info.

Registration-time constraints on the resource server

Eve briefly described Alan Karp's request for UMA to specify tighter constraints on the resource server not to register any resource that Alice doesn't have a right to control access to. This is perhaps related to further downstream sharing on Bob's part, and perhaps to Domenico's suggestion around "right to be forgotten" handling. Let's add this to the issues list and discuss more fully next time; Eve will send out more info. This may also relate to the RS=C scenario.

Attendees

As of 16 May 2013, quorum is 6 of 10.

  1. Eve
  2. Maciej
  3. Keith
  4. George
  5. Domenico
  6. Sal

Non-voting participants:

  • Andrew
  • Joni

Regrets:

  • Thomas

Next Meetings

  • Focus meeting on Thursday, June 6, at 9am PT (time chart
  • Focus meeting on Thursday, June 13, at 9am PT (time chart
  • Focus meeting on Thursday, June 20, at 9am PT (time chart
  • All-hands meeting on Thursday, June 27, at 9am PT (time chart) - George regrets
  • (No meeting Thursday, July 4 because of the US holiday) 
  • (No meeting – vs. potential F2F/summit during CIS – on Thursday, July 11?)