- Alice visit's Bob's Organization(site/service) website
- Bob returns a notice that references a third party registry
- Alice is able to independently lookup Bob's notice from the registry
- Alice requests a notarized receipt from the registry, including Bob's notice and her Rights (eg the law's of the country she lives in)
- Alice includes this receipt in requests as she interacts with Bob's service
- Bob is able to use the receipt token to interact with Alice's information, either in requests for authorization/information (eg as a token/claim)
ANCR current state: documentation of the receipt: Bob's notice, Alice's rights assertion, the notarized ANCR receipt
Next steps: Getting ANCR receipt fields to be part of the ISO 27560 consent receipt 1.2 spec, publish within Kantara. Move from receipt definition to flows/protocol integrations
The receipt creates transparency for Alice to discover and understand the sites/services terms, controller, etc. Steps 1-5 would be part of a Browser/extension implementation and could be broadcasted through headers (for example). Alice could include in her notarized receipt where BOb's service could discover her information, eg her UMA Auth server or relevant resource locations.
From initial contact, Alice is able to monitor service term changes through the registry. The 'registry' doesn't necessarily need to be a 3rd party, the site itself could host this to achieve the transparency outcome. Self assertion like this can still reference third parties, who don't need to know about ANCR. For example in the UK there is a public business registry with the Controllers listed, the site itself can reference that endpoint.
Can a service be registered with multiple registries? yes
ANCR is having an off cycle meeting 1130(?) Monday. They usually meet Wednesday at 1030ET
Advanced Notice and Consent Receipt: Advanced Notice & Consent Receipt - ANCR-WG
Anyone attending HIMSS?
IDENTOS will have some representation there (not Alec), presenting their TrustSphere project in BC
Has Kantara ever provided funding support to attend/present posters/papers? Kantara is open for funding requests, if interested please reach out to Alec(or any WG chair) and they'll help with the request to the Leadership Council. Largely attendance have been self-funded
Relationship Manager - user stories
Last week we got into the details and questions around discovery. It may not need to be part of the core UMA AS function, and could be a 3rd service specification (with some intersection to the ANCR registry concepts)
Implementing the UMA spec is not enough, need to have use-cases to fill the gaps and details (and to 'get creative'). This has made interop challenging between implementations. There's a bunch of work around UMA that are required to show implementation. Maybe a simple interop profile around a use-case would allow us to show us working together. One example, who owns + stores the PAT. Communicating the handle (uri) from RO to RqP
Please welcome Kay Chopard as the new Kantara Executive Director!
As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)