- IAWG received comments on the IAF Overview during the 45 day All Member and IPR Review. These comments are being considered for making changes to the document.
- Kantara Initiative members identified a number of instances where interpretation of SP 800-63 rev.3 requirements has proven to be challenging. In response to these challenges, IAWG developed five Implementation Guidance Reports. IAWG submitted these comments to NIST requesting that they review the reports and provide feedback as to the correctness of Kantara’s interpretation and therefore of its recommended action(s). It should be noted that, in the interests of progressing adoption and encouraging provision of services which meeting the requirements of SP 800-63 rev.3, Kantara has adopted and is already applying the recommendations.
- IAWG approved the IAF Overview and it is undergoing a 45 day All Member and IPR Review. This document combines the current IAF Overview (IAF1000) and the IAF Glossary (IAF1100) into a single document.
- Work continues on overhauling the IAF Overview which will combine the current IAF Overview (IAF1000) and the IAF Glossary (IAF1100) into a single document. The new document will also be the IAF Overview but will have a new number IAF1050 to reflect that it is a combination.
- The Work Group's chair and vice-chair presented the specifications to the OAuth group (remotely) at the IETF 104 meeting in Prague and several other UMA2 stakeholders were present in the room. Discussions are ongoing with the OAuth group leadership about when and how to do a call for adoption of the documents. The UMA Work Group chair plans to do an extended in-person Q&A session IETF 105 in July in Montreal, in which there seems to be good interest.
- A plan is moving forward for reinvigorating the business model work and publishing a second report by September.
- Implementers are discussing how best to report out on interoperability testing work done to date at the Identiverse conference.
- The chair is doing an UMA 101 session by request at the upcoming IIW event.
- One or more profiles/extensions are expected to be contributed for discussion as potential work items shortly.
- Our meeting schedule in Q2 is lightened due to its being "identity conference season".
- During discussions on overhauling the IAF Overview, the IAWG decided to combine the IAF Overview (IAF1000) and the IAF Glossary (IAF1100) into a single document. The new document will also be the IAF Overview but will have a new number IAF1050 to reflect that it is a combination.
- On behalf of Kantara Initiative, IAWG submitted comments to DIACC on their Pan-Canadian Trust Framework (PCTF) Model Overview Discussion Draft V0.02.
- The Work Group has contributed the UMA 2.0 specifications to the IETF OAuth Working Group as Internet-Drafts, and is advocating that they be adopted as work items. Eve and Maciej (chair and vice-chair) will be presenting on the specs at the upcoming IETF 104 meeting in Prague in a couple of weeks.
- The Work Group has re-elected Tim Reiniger as our Legal Editor, and thanks Tim for his service! We have put our UMA business model work aside for the moment as we put our efforts into the IETF project.
- Interoperability is becoming a topic of greater interest, and we have been offered a short session at the Identiverse conference in June to present on interop testing results. We will be working out what to present over the next few months.
- Identos has the latest implementation appearing on our Implementations page.
- The Work Group continues its work on "decoupled" use cases.
- We have not yet published a draft of the business model mapping, but are working on it.
- We have started discussing some specifics of current IETF OAuth WG drafts and ways to comment on them, e.g. at the IETF 104 meeting.
- Revisions to the IAF Overview (IAF1000) continue. A draft has been sent to current Kantara Approved CSPs and their input has been received. The IAF Glossary (IAF1100) will be the next document to be revised.
- In the last couple of months, the Work Group has been reviewing the work of recent UMA2 implementers, the results of which – including profiling and extensions – can now be seen on the UMA Implementations page.
- The Work Group is considering "decoupled" use cases/flows (related to work being undertaken at the OpenID Foundation under the "CIBA" name), also known as "180 degrees", when the requesting party needs to come to trust the resource owner who is sharing resource access with them.
- Shortly we hope to consider some draft reports for business model use cases and technical artifact/legal device mappings based on work done earlier in the year.
- Updates to the SAC to accommodate challenges that have been encountered during assessments using NIST 800-63 Rev3 have been approved by an All-Member Ballot (October 27, 2018). These changes will be used by Assessors going forward.
- Revisions to the IAF Overview (IAF1000) continue. A draft has been sent to current Kantara Approved CSPs for their input. The IAF Glossary (IAF1100) will be the next document to be revised.
- The Group Charter has been endorsed by the Group and the current leadership team has been affirmed for another year.
Prepared with information provided by Jim Pasquelle (WGChair)
- The Group is well on the way to reframing Consent in general.
- The hard work and persistent effort of several team members resulted in a demo around sharing consent receipt information. Many people have experienced the demo at several conferences. Andrew Hughes and others have excited people many of whom have begun participating and contributing to the WG. Work continues to make improvements to the demo.
- Work on the demo has led to a series of high-level discussions around consent in general and how the WG would proceed with a features set for a specification for the next release. These discussions have improved participants’ understanding and grasping the language used around Consent Receipt which will undoubtedly result in improving the next version of the Consent Receipt Specification.
From Keith Uber:
Yesterday as part of the Kantara session at Consumer Identity World Europe in Amsterdam, I presented the work of the WG and the interop demo, largely based on Andrew's prior presentations. The audience was maybe 30 or 40.
The presentation was well received. I got one question about what happens when consent is revoked - is there a receipt for that action.
Nixu approached me at the event and told that they have implemented CR spec for a customer prestudy. I have asked them to submit some mention of this work to the "known implementations" page of the wiki.
VP Customer Success, Ubisecure Inc
- Updates to the SAC to accommodate challenges that have been encountered during assessments using NIST 800-63 Rev3 have developed and endorsed by IAWG. LC has, by a super majority ote, endorsed a zero day IPR review period. The changes are currently undergoing an All-Member Ballot expected to close Oct 27, 2018.
- Revisions to the IAF Overview (IAF1000) continue. The IAF Glossary (IAF1100) will be the next document to be revised.
The current chair, due to circumstances beyond his control, is resigning. One participant of the group (Scott Shorter) has proposed redirecting the DG to Smart Cities. He will assume being the Chair if there is support for this direction. Failing support, the DG will be dissolved.
- The Work Group has learned that some implementers have begun doing interoperability testing among themselves, and so is beginning to coordinate more formal "matrix testing" (a scheme for which can be seen here, from the UMA1 era). We will be also seeing a demo of WSO2's new UMA2 implementation at our Oct 18 meeting.
- The WG is undertaking an analysis of resource owner and requesting party notification requirements coming from a variety of sources, partly related to Open Banking's "decoupled" needs.
- Some offline progress is being made on finding opportunities to test the UMA business model, associated with the Vermont PIPC law.