UMA telecon 2012-06-28
UMA telecon 2012-06-28
Date and Time
- WG telecon on Thursday, 28 June 2012, at 9am PT (time chart)
- Skype: +99051000000481
- US: +1-805-309-2350 (other international dial-in lines available) | Room Code: 178-2540
Agenda
- Roll call
- Approve minutes of 2012-06-21Â meeting
- Feature test progress
- Review swimlane diagrams for accuracy and effectiveness
- UMA education and FAQ news
- Domenico talk
- Lots of FAQ proposals
- Spec/issues review
- AOB
Minutes
Roll call
Quorum was not reached.
Andrew is based in Victoria BC. He does midsize IAM integration consulting. He's working with the Province. He's been listening in on the IAWG for a while.
Approve minutes of 2012-06-21 meeting
Deferred due to lack of quorum.
Feature test progress
Eve and Trey are trying to schedule a time to meet to review the proposed tests.
Review swimlane diagrams for accuracy and effectiveness
On the Phase 1 diagram, add a section reference to explain the OOB provisioning of the AM location by Alice.
On the Phases 2/3 diagram, add two assumptions in the note block at the top: the UMA bearer token profile is in use, and Roger deserves the requested permission.
Should we add these diagrams to the spec somehow? Or at least we should put it in the wiki and put a non-normative reference to the diagrams in the spec. It's incredibly useful to have these as pedagogical tools.
Issue #56 discussion: standardized scope descriptions for well-known APIs?
Looking at the worked example in the spec, the ultimate point of #56 is to consider unilaterally publishing scope descriptions for well-known third-party scopes where they use OAuth to protect their APIs. Trey mentioned last week that Google's gcal uses URIs for scopes, so that's one existence proof. Obviously we can't publish UMA-style scope descriptions for those, since they already have APIs. But we'd like to create scopes for some other well-known API that currently uses plain-string scopes, such as Flickr or Netflix or someone.
In fact, if we're going to do this, shouldn't we at least make our own "protection" and "authorization" scopes (corresponding to the PAT and AAT) into URIs, which resolve to UMA-style scope descriptions? We agreed to do this in the spec, and likely to publish the scope descriptions at docs.kantarainitiative.org.
Our scope descriptions are indeed similar to partial XACML policies. Though we didn't have enough support to literally use XACML in UMA, we want to absorb any work that takes place around putting XACML into JSON-based form ("jacml" effort?). We'll keep an eye on this.
Attendees
As of 23 June 2012, quorum is 6 of 10.
Voting participants:
- Hardjono, Thomas
- Machulak, Maciej
- Maler, Eve
- Moren, Lukasz
Non-voting participants:
- Cox, Kevin
- Davis, Peter
- Hughes, Andrew
Regrets:
- Drake, Trey
- Fletcher, George
- Abeti, Riccardo
Next Meetings
- NO TELECON on Thursday, 5 July 2012
- Otherwise we'll meet in July as normal
Â