UMA telecon 2012-09-20
UMA telecon 2012-09-20
Date and Time
- Focus meeting on Thursday, 20 September 2012, at 9am PT (time chart) - trust
- Skype: +99051000000481
- US: +1-805-309-2350 (other international dial-in lines available) | Room Code: 178-2540
Agenda
- Review legal/trust-related open AIs
- Opportunities at IIW XV: Oct 23-25
- Review Binding Obligations document, starting with section 2
- AOB
Minutes
Review legal/trust-related open AIs
Opportunities at IIW XV: Oct 23-25
Review Binding Obligations document, starting with section 2
Instead of "gains" throughout, say "undertakes" or "is bound by". The former is stronger and in the active voice.
R1a. If an RP is given access accidentally, it may never have been informed about obligations that this party would need to take on, and thus it hasn't undertaken the promissory obligation. This model is about consent, not notice. Also, note that the obligation is "late-bound" and doesn't apply until access is actually granted. The consent is a lightweight form of "signing". Without the requesting party providing more identification claims, it's lightweight to the point of being similar to clicking on an "I Agree" button in an anonymous browsing session. (Add this to the comments on the clause.) Should we add "an obligation to the Authorizing Party to adhere to promises it made in order to get access authorization granted to that resource"? It doesn't seem necessary because you can have an HTTP audit log trail of request and response messages that name the resource in question.
R1b. This is kind of an "axiom" promise that comes with UMA. Is it fair to impose this on an requesting party? Said another way, you can't delegate a right you don't have. Should this be done only at the layer of promissory claims rather than building it in here? Can we see a use case for Bob to legitimately delegate some sort of access to Carlos that Alice has, but that Bob himself wasn't granted? Maybe he could do it if Alice gave him some sort of superuser/admin right. This is a fundamental issue in licensing law. Is the set of licensing rights "opt-in" or "opt-out" in the sense of listing everything possible or everything impossible? Dazza will share some relevant stuff about tos;dr on the list. Let's consider dropping R1b in our next convo.
Attendees
- Thomas
- Alam
- Eve
- Kevin
- Tom
- Maciej
- Dazza
- Sal
Regrets:
- Domenico
Next Meetings
- All-hands meeting on Thursday, 27 September 2012, at 9am PT (time chart)
- Focus meeting on Thursday, 4 October 2012, at 9am PT (time chart) – educational
- Focus meeting on Thursday, 11 October 2012, at 9am PT (time chart) – interop
- Focus meeting on Thursday, 18 October 2012, at 9am PT (time chart) – (hold telecon during IIW?)
- All-hands meeting on Thursday, 25 October 2012, at 9am PT (time chart)