UMA telecon 2021-09-16

Date and Time

Agenda

Minutes

Roll call

Quorum was NOT reached.

Approve minutes

Deferred


Correlated Authorization

https://github.com/uma-email/poc


Today in UMA can push the token, addition is binding the ticket to the pushed token 

There's nothing bad about this claim token profile, not sure what the specific use-case or outcome it tries to create

What is the motivation for needing the correlation? Is there a specific outcome the correlation creates over 'ticket challenge-less' claims pushing?


OAuth vs UMA content

Since this a common information request, could we create some good standard content/position?


EIC Points:

OAuth 

There are OAuth extensions that drive to UMA-like outcomes, such as Token Exchange which allows a Client to get a token representing another party. Or GNAP which takes a bunch of UMA + OAuth features and derives a new authorization protocol.

Typically considered as 1 RS and 1 AS, with many RPs/clients


UMA

People ofter struggle with the 'nicknamed tokens', understanding they are access token which specific scopes/purposes. PCT has often been a hard one to understand, not widely implemented today because of this?


UMA Outcomes:


UMA is very flexible and comprehensive, which creates it's own set of interoperability challenges. Requires interop/ecosystem profiles which immediately undercut the UMA goal of wide-ecosystem.



Trust Registry helps with decentralization and creating a more informed AS. More granularity around the purpose, state for authorization and checking for changes (new role for PCT?) Captures, AS endpoint, purpose, scope of permissions. There will be many of them, ideally not too many for each RS. How do they interact? Regional/local collaboration, and then combining regional networks with congruent code of practices to create a wider ecosystem. 


Topic for future weeks: outcome of user stories discussion, PDP architecture includes the concept, TOIP/SSI are starting to define this ecosystem function

Topic for future weeks: ANCR records update, Privacy as Expected. 


AOB

https://www.ontario.ca/page/consultation-policy-framework-ontarios-digital-identity-program Feel free to submit comments to Ontario about the DI strategy


Alec will be away next week


Attendees

As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)

Voting:

  1. Alec
  2. Sal

Non-voting participants:

  1. Zhen
  2. Ian

Regrets:

  1. Eve