UMA telecon 2021-05-06
Date and Time
- Alternate-week Thursdays 10:00am PT
- Screenshare and dial-in: https://global.gotomeeting.com/join/485071053
United States: +1 (224) 501-3316, Access Code: 485-071-053
- See UMA calendar for additional details: http://kantarainitiative.org/confluence/display/uma/Calendar
- Approve minutes of UMA telecon 2021-04-22, UMA telecon 2021-04-29
- Profiles Discussion, relationship manager draft
Quorum was reached.
Pension Dashboard Update
Kantara is waiting to make a press release on this topic. Next steps, reach out and get latest versions of profile + design docs from PDP
This program has started to generate some new inbound requests/question about UMA! Asking about US implementation/deployments. Focus was financial/enterprise use-cases, not health care. UMA profile of FAPI anyone?
The topic of UMA + <other standard> continues to come up. (UMA + Openbanking, UMA + UDAP, UMA + SSI).
There has some very early interest for Kantara (and Direct Trust, EHNAC, SafeIdentity) to assess + certify UDAP solutions.
This re-raises the idea to create a UMA certification process/program.
Please feel free to update your entry with any developments or deployments! UMA Implementations
IIW Review and Thoughts
There is a lot of different communities and group to follow, all working on very similar (but different!) technology stacks, and very few in true production (beyond pilots).
On the Good Health Pass front, there has been some 'softening' of the SSI positioning such that it will also interop and trust x509 based certifications, not only DID registries. The use of certs + cert chains is exactly the technology used in the passports + their chips. mDL is also using x509/certs and achieving the same outcome of distributed trust. Single root (Root CA vs DID registry) that has distributed authority through (certification vs VCs). A major challenge is the ability of technology to be live & deployed, by the time tech solutions are available, the need has changed (contact tracing → testing → vaccines).
EU green cards or physical vaccination receipts will be the most ubiquitous way to demonstrate vaccination. For US Citizens re-entering US, the solution today is that the airline MUST ask for vaccination, and the traveller MUST answer accurately. No test result or quarantine requirements. The liability is on the traveller to answer accurately.
Profiles Discussion, relationship manager draft
Identos has started to implement parts of this profile, will have some api specs to share from this effort. Still looking to find some overlap with SSI and VC issuance, eg through https://mattrglobal.github.io/oidc-client-bound-assertions-spec/ . Through the impl, will not implement any of the authorization server management api, instead focus on the RS declaring available resources and letting Alice capture those resources as 'credentials', such that proof of ownership can be including the RPT/introspection. Giving the RS a mechanism to verify not only Alice's relationship to the AS, but also Alice's explicit approval of the RPT issuance.
As of October 26, 2020, quorum is 5 of 8. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve)