Child pages
  • UMA telecon 2021-09-02
Skip to end of metadata
Go to start of metadata

UMA telecon 2021-09-02

Date and Time

Agenda

Minutes

Roll call

Quorum was NOT reached.

Approve minutes

Deferred


European Identity Conference

https://www.kuppingercole.com/sessions/4591/1 

UMA content for 15 mins spot: https://docs.google.com/presentation/d/1GdvHFYEPVpWT55nXZtkShCZ8RQC696KJ5oghlHJrnuU/edit#slide=id.g8dc579d6b5_0_528 


Practitioners familiar with OAuth, getting pushed to implement UMA-like flows on their OAuth Authorization Server

  • OAuth vs UMA, what is well solved by each. ← could we add 1 slide to this
  • There was an identiverse session, Jared Hansen → UMA lite
  • should we create this content in general for the wiki, will start getting this from other communities eg SSI
    • UMA + DID/VC


Minimal Interop Profile

To look at the UMA Grant side


Goal: make sure that AS's are interoperable , eg one AS can be 'swappable' with other ASs. Understanding of 'extras'/vendor specific values that degrade that interop. As an RS the more ASs I can support define the 'wide' ecosystem I can support


Scope of test

  • 1 AS under test
  • 1 Mock Client test suite
  • 1 Mock IDP for claims pushing

Input to Mock Client Test Suites

  • uma2 well-known
  • permission tickets ← how are they generated
  • claim tokens ← how are they generated
    • acceptable claim token
    • unacceptable claim token


Need to test the variations of the AS interface, however this required vendor specific configuration

There are way more required initial conditions to be setup at the AS, and the Client is validating that the expected result matches what happens

  1. Have many registered resources
  2. set specific policy settings against registered resources
  3. validate the AS executes the policy(s) correctly


Two Tables

  1. registered resource, specific policy ( pushing + token formats, interaction)
  2. permission ticket, expected flow


Test Setup Phase (Done by the AS operator)

  • pre-create many resources (static or however) 
  • set specific policy determined by the test suite against each resource
  • generating permission tickets for each test case → input to the Mock UMA Client


Test Cases (Table 2)

  • ticket with 1 resource, user interaction, denied
  • ticket with 1 resource, user interaction, rpt granted
  • ticket with 1 resource, claims pushing, denied
  • ticket with 1 resource, claims pushing, rpt granted
  • unknown ticket, result is invalid_grant
  • claims pushing, 3 required_claims, where any 1 pushed results in an RPT
  • claims pushing, 3 required_claims, where all need to be pushed to result in an RPT
  • claims pushing, 3 required_claims, where 2/3 need to be pushed to result in an RPT
  • claims pushing and gathering, 1 required claims and user interaction results in an RPT
  • claims pushing, after pushing claims, then interaction is required, 


needs_info, clarify optionals


Are there existing Kantara interop examples? Not really, there was some interop testing done for identiverse in 2017(?)
UMA1 Interop Features and Feature Tests




Attendees

As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)

Voting:

  1. Andi
  2. Alec
  3. Domenico
  4. Steve

Non-voting participants:

  1. George
  2. Scott

Regrets:

  • No labels