Child pages
  • UMA telecon 2020-10-22

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Even dictating "required claims", we're sort of getting into the policy game a little bit. It seems like a slippery slope. And yet we don't think the RO really cares about the choice of language. An architecture where the AS would be a client of policy information points (PIPs) that could all speak the same policy language by agreement, even if the RO joined each pair together through OAuth in "protection API" fashion, would still be "paternalistic" rather than "self-sovereign" in outlook, though.   Our approach is intended to empower the RO more than that (and thus focuses on a client application the RO is able to choose).

We need to get clearer on our use cases/user stories. Our sample UX illustrated by Domenico doesn't (yet?) illustrate what happens if the client app interacts with multiple AS's. Can we construct user stories about what the RO wants to have happen when they have multiple AS's? multiple RS's (with resources that could be shared (and thus policy))? multiple RqP's necessitating sharing (and thus policy)? The answers to all this will dictate just what we need to solve in terms of policy and "required claims" interoperability. Alec is going to try to construct some.


As of October 22, 2020 (pre-meeting), quorum is 6 of 11. (Michael, Karim, Domenico, Mike, Peter, Sal, Gaurav, Thomas, Andi, Maciej, Eve)