UMA telecon 2015-06-11

Owned by Eve Maler
Last updated: Jun 11, 2015
3 min read

UMA telecon 2015-06-11

Date and Time

Agenda

  • Roll call
  • Minutes approval
  • Quick hits:
    • Kantara virtual plenary June 23-24
    • UIG – new section
    • Charter revision status – we last revised it in Sep 2013 but forgot to update the official page till now!
    • A few new minor issues in GitHub
    • Anyone up for helping on Wikipedia edits?
  • Binding Obligations – what to call them? how to tie in with "receipts" and other artifacts? delve into primary use cases
  • Interop testing – create single Platonic ideal test writeup (next time Roland joins us – June 25 – 90 minutes)
  • AI review and AOB

Minutes

Roll call

Quorum was not reached.

Minutes approval

Deferred.

Charter revision

The Sep 2013 charter revision is now published.

AI: Thomas: Review the charter for potential revisions in this annual cycle.

AI: Marcelo: Review the Wikipedia page(s) for potential revision (multiple languages).

Binding Obligations discussion

We looked at some of the academic literature on "commitments". Aligning with current legal terminology would be favored over academic terminology. Mark notes that there are some legal obligations for consent, but outside of those, there's room for a lot of other types of consent – e.g., peer to peer. In the Consent Receipt work, "obligations" seems to be favored. In the dim past, we had discussed both "obligations" and "responsibilities" with Tom S. Last time we had a list of terms to think about; there are even more:

  • Participant agreements
  • Binding obligations
  • Consent receipts
  • Trust frameworks
  • Contractual frameworks
  • Trustmarks
  • Access federations
  • Legal implications for UMA (the oldest one)
  • Smart contracts (a new one on this list)

In private communication, Eve had essayed some definitions: "We can define a “receipt” as an audit trail or machine-readable artifact of a transaction. We can define a “consent receipt” as a receipt of a consent given — and now we can ask 'what is consent?' :-) This is often answered pretty clearly in law, it seems, for each deployment — e.g., implied or explicit consent when a person uses a website, clicks a button, etc."

Does our Binding Obs spec have the notion of acceptance and rejection of terms in sub-transactions? What we have so far has the structure: "[Clause ID]. When [protocol interaction takes place], the [obligated Subject] gains an obligation to the [expecting Subject] to [behave towards it in a particular way]." Consent Receipts are still in early days, but they're more about issuing an audit trail.

We keep talking about Alice and Bob. What about a system that is acting on behalf of an offline person? This could be done potentially with an autonomous service or web service client that minted a PAT or AAT with a client credentials flow.

Tim asks: Any objection to conceiving of a consent to access/use as a license to access/use? That sounds promising! It gives power to both sides and fits into some existing legal structures.

AI: Tim: Expound on the licensing idea in email.

AI review and AOB

Outstanding AIs:

  • AI: Sal: Investigate IP implications of formal liaison activities with other Kantara groups with the LC, and ultimately draft an LC Note as warranted.
  • AI: Gil: Edit the UIG to add Ishan's content and excerpt it for Eve to add to the FAQ, pointing everyone to the UIG.
  • AI: Sal: Fill out IDESG form to have UMA adopted as a recommended standard for use in the IDESG framework.
  • AI: Mike: Rework UIG section on organizations as ROs and RqPs.
  • AI: Eve: Update GitHub.
  • AI: Maciej: Write as many sections for the UIG as he can.
  • AI: Justin: Write a UIG section on default-deny and race conditions.

Attendees

As of 8 Jun 2015, quorum is 7 of 13. (Dom, Sal, Mark, Thomas, Andrew, Robert, Maciej, Eve, Mike S, Jin, Ishan, John, Chris, François)

  1. Eve
  2. Domenico
  3. Thomas
  4. Sal
  5. Francois Andry - Philips - works in healthcare - based in Bay area - in charge of healthcare device and service platform - using ForgeRock, including for UMA features

Non-voting participants:

  • Tim
  • Marcelo
  • Mark L.

Regrets:

  • Maciej