Child pages
  • UMA telecon 2020-07-23
Skip to end of metadata
Go to start of metadata

UMA telecon 2020-07-23

Date and Time


  • Approve minutes of UMA telecon 2020-07-09, 2020-07-16
  • Webinar report
  • New profiles
    • Resource definition profile
    • Wallet profile
  • AOB


Roll call

Quorum was reached.

Approve minutes


New profiles

  • Resource definition profile status
  • Wallet profile

We should be driving towards revised spec text, ideally putting it into GitHub.

Last week, folks concentrated on the ASCII "spiral" diagram and draft spec text. Alec has a new draft diagram to try on us.

In the original UMA diagram, "manage" and "control" are out of scope. Alec is proposing that we bring these functions in scope. He states this explicitly by saying that he's specifying the "management and control interfaces". In UMA1 we used to call this Phase 1 vs. Phase 2. Now we think of this as the grant mechanism and the federated authorization mechanism, which is modular and optional with respect to grant. Is the wallet extension/profile modular and optional with respect to federated authorization? Alec illustrated it with a concentric Venn.

Since "wallet" is such a fraught term, calling it something else, ideally descriptive, could help us get beyond the challenge that it means something really specific elsewhere. What about "relationship manager"? That goes back to our roots. Eve asks everyone to think about what could be a good name that would serve us, for now, in a spec. Maybe something around the fact that we are finally standardizing the user side of the management and control interface (ironic that we are finally doing something about deeply standardizing "user management of access", eh?).

The cascading authorization server notion, which Pauldron implemented, bears some similarity to this idea. It has a "principal AS" within a specific domain, and a secondary AS that is RO-controlled. However, that original notion was intended to explicitly empower (in a sense) the AS against the RO's wishes, rather than to privacy-enhance the AS to protect the RO.

FHIR meetup

For those interested in HealthCare, Nancy provides this three-hour video from the FHIR meetup:

She suggests checking out at least the first half-hour. It is important to understand the perspective of the HL7 security group as they will be moving this along in Healthcare as the recognized experts. She also points to this FHIR chat (anyone can get a login). Nancy recommends that UMA's perspective be represented here. HEART came up, a little bit. Justin presented. Our webinar content could usefully be presented here.

Here is info on the video structure (original here):

Overview of fine-grained authorization approaches in FHIRJosh Mandel15minSlides here
Access control in aidboxNikolai Ryzhikov15minSlides here
XYZJustin Richer15minSlides here
An ABAC Architecture ApproachMatthew Tyler15minYes, can't share yet
Classification and LocalityChris Grenz15minSlides here
FHIR Data Segmentation for Privacy IGKathleen Connor15min
Parameterized compartmentsMichael Hansen15minSlides here

AI: Nancy: Find out how we get onto the agenda of the next HL7 meetup or the next appropriate gathering. Adrian also suggests reaching out to Josh. Nancy suggests also John Moehrke, Kathleen, and Graham.

We will, in the meantime, figure out the right content to present.

Webinar report

Alec reports pretty good attendance and some really good questions afterwards. Colin thought the content flowed well and was pitched just right. It was at the right technical level and had a relaxed tone. Nancy attended and thought it was great too. People can find the recording on the Kantara site's Resources area (Adrian says Safari is a better browser than Firefox due to a bug that's being worked on). The FHIR folks could handle more technical detail than was provided.


As of July 8, 2020, quorum is 6 of 10. (Michael, Domenico, Peter, Sal, Gaurav, Thomas, Andi, Maciej, Eve, Mike)

  1. Michael
  2. Domenico
  3. Sal
  4. Thomas
  5. Maciej
  6. Eve

Non-voting participants:

  • Colin
  • Alec
  • Nancy
  • George
  • Adrian
  • Anik
  • Lisa
  • Patrick
  • Bjorn
  • No labels