UMA telecon 2011-07-28
Date and Time
- WG telecon on Thursday, 28 Jul 2011, at 9-10:30am PT (time chart)
- Skype line "C": +9900827042954214
- US: +1-201-793-9022 (other int'l numbers) | Room Code: 295-4214
- Roll call
- Approve minutes of 2011-07-07 and 2011-07-21 meetings
- No meeting Thu Aug 4; Eve and Maciej regrets
- Action item review
- Review of publicity and webinar efforts
- Review of ongoing news from Cloud Identity Summit and IETF81
- Fraunhofer AISEC implementation news
- UMA WG next steps
- Discuss implementation best practices (start doc?)
- Core protocol open issues
As of 21 July 2011 (pre-mtg), quorum is 8 of 13.
- Catalano, Domenico
- D'Agostino, Salvatore
- Maler, Eve
- Morrow, Susan
- Szpot, Jacek
- Wray, Frank
- Hardjono, Thomas
- Machulak, Maciej
- Moren, Lukasz
Quorum not reached. (Eve will need to get in touch with the new voting participants to ensure they know their attendance responsibilities.)
Approve minutes of 2011-07-07 and 2011-07-21 meetings
Deferred due to lack of quorum.
No meeting Thu Aug 4; Eve and Maciej regrets
PLEASE NOTE: No meeting next week!
Review of publicity, webinar efforts, Cloud Identity Summit, IETF81
We noted that Google+ is another channel we need to use to get the word out! We're also hopeful that Circles can eventually be used by authorizing users to control their UMA-based sharing. We don't think APIs are available yet.
The webinar was a great success, despite the audio difficulties. Don't forget to "like" and share the Facebook content! RWW posted their UMA article on their own Facebook page, and Frank followed up.
Eve had the opportunity to mention UMA to the new NIST Smart Grid group, and they expressed interest.
Thomas's news from IETF81: He had a chance to present UMA to the OAuth meeting. It seemed pretty well received, and there was interest in both considering it in the October timeframe when OAuth recharters, and also ensuring that the Kantara side would stop work on it if it got picked up in IETF.
Fraunhofer AISEC implementation news
We do have an uma-dev list, but it's not well used. Maybe now is the time to resurrect it, and from this, we can collect best-practice data.
UMA WG next steps
In the Sep/Oct timeframe, we anticipate both multiple independent UMA implementations (at least some open-sourced) so that they can be examined and used. We also anticipate active piloting and experimentation with OpenID Connect integration, in concert with John et al. Finally, the OAuth group will be considering new charter scope items by October.
So let's plan to revise our I-D up through that timeframe and put an emphasis on implementation considerations. And let's also plan to put a focus on healthcare use cases to vet our work. Sal expressed interest in helping Frank carry this forward.
Healthcare has interesting properties: both highly sensitive data and highly dynamic discovery of data. This is friendly to the OpenID Connect view of the universe, which needs "discovery-service-initiated" access to "claims". By contrast, UMA has been solving for "requester-initiated" access to "arbitrary resources". It could be said that claim assumes a very well known API (that is, semantics for accessing it) while its location may be late-bound (discoverable). By contrast, an UMA-protected resource has been assumed to have an early-bound location but possibly late-bound API. We think there's probably a way to "square" these two flows and two views of resources, making for a comprehensive solution for all options.
Core protocol open issues
Thomas hasn't had time to put the current list of issues into tracked form yet. Jacek will have more comments on the spec shortly.