United States: +1 (224) 501-3316, Access Code: 485-071-053
Quorum was reached.
Andi Moves to Approve, APPROVED
As shared on the UMA mailing list, a new WG has recently started: Advanced Notice & Consent Receipt - ANCR-WG
Goal, update consent receipt 1.1, update the fields captured around a specific consent receipt "the anchor receipt"
Meets Wednesday 1030ET
FAPI as a profile can notionally be supported by an UMA AS. How can we demonstrate that UMA/FAPI work nicely together? WIth a goal of getting some mutual recognition from FAPI(?)
In UK there is a push for strong consent+authorization+privacy, can UMA fill that need left by base security profiles? The federation and delegation cases seem to be realized as an afterthought in these solutions.
HEART started profiling UMA for the Healthcare use case, maybe this is a starting point for a UMA/FAPI security profile.
Another angle is that FAPI is a security profile for open banking use-case. Can UMA show it's value better in the use-case vs simply accepting security profiles. OpenBanking is defining the "implementation profile"/ wider ecosystem roles and interactions (eg specific client types like payment initiation service providers(sp?))
How can we take this further to include the Consent Receipt? The consent receipt today was designed to be the minimal international information needed for a real meaningful consent.
Can a consent receipt be a 'grant'? Person gives their 'grant'(s) at the AS, captured as a consent receipt, before the AS issues the technical grant(uma ticket) to a client. Tickets and token could refer to the specific receipt (ie as a uri). Human gives consent grant, which through law corresponds to outcomes/preferences as interpreted by an AS.
No major update. Let's setup a topic around the group IPR separate from the Pensions Dashboard topic
As of October 26, 2020, quorum is 5 of 9. (Michael, Karim, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve)