UMA telecon 2015-09-10
Date and Time
- Thu Sep 10, 9-10am PT
- Voice: Skype: +99051000000481 or US +1-805-309-2350 (international dial-in lines), room code 178-2540#
- Screen sharing: http://join.me/findthomas - NOTE: IGNORE the join.me dial-in line shown here in favor of the dial-in info above (Kantara "line C" and the Skype line)
- UMA calendar: http://kantarainitiative.org/confluence/display/uma/Calendar
- Roll call
- Minutes approval
- Sample motion: Approve the minutes of UMA telecon 2015-09-03.
- Discuss any outstanding spec issues
- Consider approval of specs for 45-day Public Review
- Discuss and consider approval of IETF I-D publication
- If time, discuss Independent Submission plans
- If time, discuss UIG
Quorum was reached.
MOTION: Approve the minutes of UMA telecon 2015-09-03. APPROVED by unanimous consent.
Since the client already has to pass a state parameter, that can carry the burden of the ticket state anyway and enable the client to be stateless if it wants to be. It's good practice for the client to bind up the ticket into encrypted form in the state.
- Stand pat: Keep the AS requirement and change nothing else
- Keep the AS requirement and encourage the client to check it ("MAY") - Justin
- Keep the AS requirement and encourage the client to ignore it
- Soften the AS requirement, making it optional ("MAY"), and encourage the client to ignore it – and indicate that we intend to remove it in a later release - George, Mike, Maciej, Andi
- Remove it from the AS's response – not backwards compatible
Editorial instruction: Change to option #4 in the spec.
Mike and Justin have reviewed and are okay with it. We're fine.
Editorial instruction: Add "client's" to "the...request" at the end.
Editorial instruction: Instead of "Errors can occur at the OAuth level and the UMA level.", say "Both OAuth and UMA errors can occur.", and check for "level" throughout.
George and Mike are good with it. We're fine.
Formatting will be taken care of! Thanks, Maciej!
Claims-awareness as a concept
Claims-redirect-uri should be registered not just if client is claims-unaware, but if it anticipates being untrusted or needing to redirect rqp ever (appears multiple times)
Mention claims-unawareness and also untrustworthiness etc. in claims-redirect section?
Tiny editorial things
Smart quotes, UMA-configuration file path and https: mention need spanx, Add period to IPR statements in stylesheet, Sort Core references, Remove this from 188.8.131.52: An example of the use of these properties appears in Section 3.5.4, if we approve the docs for Public Review: change Status of This Document section and appropriate other metadata.
Editorial instruction: Excise claims-awareness and claims-unawareness language from the spec.
Consider approval of specs for 45-day Public Review
MOTION: Andi moves and Maciej seconds: Approve of the Core and RSR specs of 2015-09-09, as amended according to the instructions of UMA telecon 2015-09-10, for progression to 45-day Public Review. APPROVED by unanimous consent.
AI: Eve: Work with Jane C and the Kantara staff on the review process.
Discuss and consider approval of IETF I-D publication
Could be confusing to people as to what the canonical specification is. If we let the current I-Ds expire on October 6, then they have to come to Kantara for the latest specs.
On the other hand, having the UMA specs on the IETF site helps with marketing. Mike's experience with the Open Interconnect Consortium showed this.
No conclusion for now!
Can we press forward on this? Arlene can be one of our test readers.
Katie and Andi offer help.
Let's not meet next Thursday.
Upcoming meetings will have a theme of interop testing.
- AI: Thomas: Review the charter for potential revisions in this annual cycle.
- AI: Sal: Investigate IP implications of formal liaison activities with other Kantara groups with the LC, and ultimately draft an LC Note as warranted.
- AI: Gil: Edit the UIG to add Ishan's content and excerpt it for Eve to add to the FAQ, pointing everyone to the UIG.
- AI: Mike: Write SCIM protection case study to highlight client claims-based use case.
- AI: Maciej: Write as many sections for the UIG as he can.
- AI: Justin: Write a UIG section on default-deny and race conditions.
As of 10 Sep 2015 (pre-meeting), quorum is 6 of 10. (François, Domenico, Sal, Thomas, Andi, Robert, Maciej, Eve, Arlene, Mike)