UMA telecon 2020-09-17

Date and Time



Roll call

Quorum was reached.

Approve minutes

MOTION: Moved by Andi: Approve minutes of UMA telecon 2020-07-09, 2020-07-16, 2020-07-23, 2020-07-30, 2020-08-06, 2020-08-13, 2020-08-20, 2020-08-27, 2020-09-03, 2020-09-10.

APPROVED by acclamation.

Thank you to Andi for his stalwart service!

Policy Manager extension spec

The status of this draft is "editor's draft". If the voting participants of the WG vote to approve it, it becomes a "WG draft". It could then proceed to various levels of Kantara approval.

Regarding our issue backlog, it appears there is a cleanup step we need to perform. Then we need to review them all for substantive issues we would like to bring forward from the backlog. We have a process for step 1 and we'll proceed to step 2 when we have backlog clarity.

AI: Andi and Eve: Work through the issue backlog cleanup step, reaching out to Alec and Kate as required. Andi will set up a call with Eve to start the process.

AI: Eve: Add descriptions to all of the issue labels.

Eve's promise to the WG: Agendas 24 hours or more ahead of time, highlighting what spec text has changed in that timeframe from the previous call. Eve's ask: Any issues/comments to be framed in terms of "being the solution": New text proposals, new sets of options, etc.

Our first formal issue, likely, should be scope. It's hard to decide a timeline until we decide that. The current draft only has the RO-AS component (policy API). Let's call that option 1. Option 2 would also include the RO-RS component (manage API). Option 3 would also include the cascaded AS component ("trusted claims"), where there is a hierarchical directive about claims collection. The policy languages could still be internal to each source and don't have to be standardized, but new set math would have to be specified around a new source that we can think of as "trusted claims".

AI: Alec: Put in a new issue around extension scope for policymgr label, using the three-option language and including the pretty diagram in the issue.

Authorization-Enhanced Email System draft

Igor's document (see this WG list email thread, ironically enough at several levels) is about, instead of sending large attachments through SMTP, pushing a link to an UMA-protected resource and having mail clients pull the attachments as UMA clients performing REST pulls.

Eve suggests trying to use some of the graphical patterns of the draft in our auxiliary materials because they would be particularly helpful for conveying the "trusted claims" concept, at the very least.

In the world of health IT, SMIME has been used/tried for secure messaging, with mixed results. Sal notes: It's a little like REST SMIME.

Let's refer to this as "AEMS" (authorization-enhanced mail system).

AI: Everyone who is invested in this type of use case: Please put together thoughts on how to make the case for solving it in this fashion and to whom to make it.

What to do about GNAP

Liaison question raised by Adrian. We've discussed this before; what action is being requested?

He provides a MyData Korea call doc link – the call is at 9pm ET tonight.

He also asks what our relationship is to UDAP. Let's put this on the agenda for next week; Eve will put thoughts together.


As of September 3, 2020 (pre-meeting), quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Gaurav, Thomas, Andi, Maciej, Eve)

  1. Michael
  2. Domenico
  3. Sal
  4. Thomas
  5. Andi
  6. Eve

Non-voting participants: