UMA telecon 2018-12-20

(Many thanks to Domenico for his many years of awesome graphics!)

Date and Time



Roll call

Quorum was not reached.

Meeting logistics

If you subscribe to the Kantara calendar, updates there (which Eve will do shortly) should simply show up. If you are a non-voting participant and wish to receive an invitation (through your email address so that it goes on to your preferred calendar) in addition to your subscription to the Kantara calendar, let Eve know.

Approve minutes


Reminder: Identiverse call for presentations is open till Jan 11

Your holiday break is the perfect time to write those proposals! Don't think in terms of "the single UMA talk" or whatever. Implementation details are awesome. "Forward-thinking" / "theoretical" can be considered as well. Particularly if you're new to all this, you can reach out to Andi (see the email address on the site). Treat January 11 as a hard deadline this time!

High assurance of the RO to the RqP

Deferred until we can put Peter on the spot. (smile) 

UMA business model

Eve has been working to capture our "UMA Legal Role Definitions" work in a new document (request access if you can't get in to the GDoc). Andi spoke in favor of publishing it as a draft report and is willing to help with developing a new deliverable that focuses on the "IRM" aspects (use cases at the transitions of the numbered cradle-to-grave scenarios in the slide deck). This is not fully "standards-based" yet but could go in that direction. Tim asks: Are the reports key to encouraging adoption of UMA at this point? Certain use cases, at least, seem common – particularly going from state 1, managing a minor's resources, to state 2, enabling the now-adult person to take over management of their own resources. This seems particularly frequent in healthcare.

AI: Andi and Eve: Met early in the new year to work on that second deliverable on "UMA relationship use cases".

AI: Tim and Domenico: Review the GDoc over the holidays.

What are the sectors where UMA is being seen? Eve: financial and healthcare; for financial, the specific use cases differ (enterprise/employee delegation, API protection, pensions dashboard, etc.). Various IoT use cases as well across sectors. Alec: healthcare, giving access to someone in their circle of care. The biggest challenge is compliance of all the parties. The RO is not able to choose their own AS/ASO, and ensuring privacy is important. Government-to-citizen as well, where SSI tends to come in, and also giving businesses access from an authoritative source. Colin: IDoT discussion in Kantara was ahead of its time.

UMA and VCs discussion

This thread in October sort of petered out because it was on two lists, but it's an interesting one. Let's think about it in the new year.

IETF 104

Let's also think about plans for this in the new year.

Schemas and overlays

Colin: The core of this work is starting up, so please be aware of it.


As of 18 Oct 2018, quorum is 5 of 8. (Domenico, Peter, Sal, Andi, Maciej, Eve, Mike, Cigdem)

  1. Domenico
  2. Andi
  3. Eve

Non-voting participants: