UMA telecon 2022-09-08
Date and Time
- Primary-week Thursdays 06:30am PT; Secondary-week Thursdays 10:00am PT
- Screenshare and dial-in: https://zoom.us/j/99487814311?pwd=dTAvZi9uN0ZmeXJReWRrc1Zycm5KZz09
United States: +1 (224) 501-3316, Access Code: 485-071-053
- See UMA calendar for additional details: http://kantarainitiative.org/confluence/display/uma/Calendar
Agenda
- Approve minutes since UMA telecon 2022-06-30
- Core UMA content (no use-case)
- FAPI discussion
- AOB
Attendees
- NOTE: As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)
- Voting:
- Non-voting participants:
- Regrets:
Quorum: No
Meeting Minutes
Approve previous meeting minutes
- Approve minutes of UMA telecon 2022-08-11, UMA telecon 2022-08-25
- Deferred - no quorum
Topics
Core UMA content (no use-case)
FAPI discussion
AOB
Potential Future Work Items / Meeting Topics
- 100 FAPI Review (FAPI + UMA)
- scope: how the FAPI work could be applied to UMA ecosystems
- review may inform what profiling work is required, eg if UMA must support PAR to work with FAPI
- 20 Confluence clean up, archive old items and promote the latest & greatest
- 10 UMA glossary – Steve has started
- 600 Review of the email-poc correlated authorization specification
- 120 A financial use-case report (following the Julie healthcare template)
- either open banking or pensions dashboard
- openbanking is to FHIR(data model) as FAPI is to SMARTonFHIR(authZ protocol profile)
- Who would lead this/ needs this for UMA in open banking contexts? Should come after FAPI review?
- 300 mDL + UMA
- scope: how mDL could work in UMA ecosystems, how mDL could be a claim to UMA
- is there a role for UMA in token fabrication and referencing it as the RS?
- 500 UMA + GNAP https://oauth.xyz/specs/
- would we have an UMA GNAP version (eg extension of GNAP or UMA? UMAonGNAP)
- will GNAP meet all the UMA outcomes?
- 170 UMA + Verifiable Credentials
- how would VCs work in an UMA ecosystem? How could VCs be used as claims in UMA
- There are openapi specs for VC formats
- Could UMA protect a VC presentation or issuance endpoint?
- There's a lot of openid4vc profiles
- IDPro knowledge base articles
- UMA 2 playground/sandbox
- 150 Minor profiling work,
- resource scopes → scopes
- PAR as dynamic scopes eg fhir query params
- 110 pushed claims types: templates + profiles (beyond IDTokens): 171 VCs, 113 consent, policy, mDL
- use-case, consent as claims (needs_info),
- if the client has gathered RqP consent, can it be presented to the AS
- the policy to access a resource says "you must have agreed to this TOS/consent"
- compare to interactive claims gathering where the AS would present this consent/TOS to the RqP
- intersection with ANCR/consent receipt/trust registry work in other Kantara groups
- use-case, consent as claims (needs_info),
Upcoming Conferences
- IIW 35, November 15 - 17