UMA telecon 2012-06-28

Date and Time

WG telecon on Thursday, 28 June 2012, at 9am PT (time chart)
- Skype: +99051000000481
- US: +1-805-309-2350 (other international dial-in lines available) | Room Code: 178-2540

Agenda

Roll call
Approve minutes of 2012-06-21 meeting
Feature test progress
Review swimlane diagrams for accuracy and effectiveness
- Phase 1
- Phases 2 and 3
UMA education and FAQ news
- Domenico talk
- Lots of FAQ proposals
Spec/issues review
- #56: Standardized scope descriptions for well-known APIs
  - Follow up from last week, briefly
  - "JACML" an option?
- #58: Specify how to write UMA profiles
  - Follow up from last week, briefly
- Which additional UMA token profiles are most needed next? (related to issues #14, #24, #50, #51)
AOB

Minutes

Roll call

Quorum was not reached.

Andrew is based in Victoria BC. He does midsize IAM integration consulting. He's working with the Province. He's been listening in on the IAWG for a while.

Approve minutes of 2012-06-21 meeting

Deferred due to lack of quorum.

Feature test progress

Eve and Trey are trying to schedule a time to meet to review the proposed tests.

Review swimlane diagrams for accuracy and effectiveness

On the Phase 1 diagram, add a section reference to explain the OOB provisioning of the AM location by Alice.

On the Phases 2/3 diagram, add two assumptions in the note block at the top: the UMA bearer token profile is in use, and Roger deserves the requested permission.

Should we add these diagrams to the spec somehow? Or at least we should put it in the wiki and put a non-normative reference to the diagrams in the spec. It's incredibly useful to have these as pedagogical tools.

Issue #56 discussion: standardized scope descriptions for well-known APIs?

Looking at the worked example in the spec, the ultimate point of #56 is to consider unilaterally publishing scope descriptions for well-known third-party scopes where they use OAuth to protect their APIs. Trey mentioned last week that Google's gcal uses URIs for scopes, so that's one existence proof. Obviously we can't publish UMA-style scope descriptions for those, since they already have APIs. But we'd like to create scopes for some other well-known API that currently uses plain-string scopes, such as Flickr or Netflix or someone.

In fact, if we're going to do this, shouldn't we at least make our own "protection" and "authorization" scopes (corresponding to the PAT and AAT) into URIs, which resolve to UMA-style scope descriptions? We agreed to do this in the spec, and likely to publish the scope descriptions at docs.kantarainitiative.org.

Our scope descriptions are indeed similar to partial XACML policies. Though we didn't have enough support to literally use XACML in UMA, we want to absorb any work that takes place around putting XACML into JSON-based form ("jacml" effort?). We'll keep an eye on this.

Attendees

As of 23 June 2012, quorum is 6 of 10.

Voting participants:

Hardjono, Thomas
Machulak, Maciej
Maler, Eve
Moren, Lukasz

Non-voting participants:

Cox, Kevin
Davis, Peter
Hughes, Andrew

Regrets:

Drake, Trey
Fletcher, George
Abeti, Riccardo

Next Meetings

NO TELECON on Thursday, 5 July 2012
Otherwise we'll meet in July as normal

Browser not supported