UMA telecon 2021-11-11

Date and Time

Agenda

Minutes

Roll call

Approve minutes

Deferred


The Kantara All members meeting is Dec 8th, 11-1230ET (it's virtual, link TBD)


FIDO authenticate conference recap

  1. Alex Weinert at Microsoft enumerated attributes of a secure authentication credential:

Interesting that "strength" isn't in the list of attributes. ie is being discussed vs what is being taken for granted/table-stakes


UP: user prescense (tap the device)
UV: user verification (pin/face rec) → unlock entire store of keys

RP decides what is required of the authenticator (UP or UV)

New FIDO Spec, Device On-board, secure provisioning of IOT devices. 


Any FIDO device users? 

Will Apple/Google be the mDL device providers of the future? Wil there be other competitors?

On going work to be done about the convenince vs security of solutions, eg with private keys that can follow between devices like how pw managers work


Other ongoing/upcoming confernces?

A lot of (US) conferences are requiring people to setup the clear pass, and provide recent/on-site tests


OAuth vs UMA content

Defer

Delegation Use Cases

Reviewed more pp2pi use-cases, broken down by objective and mapped to whther uma or uma delegation can meet the goal

Will continue this discussion next week


Report on FHIR API Vulnerabilities 


AOB



Topic Candidates (from previous telcons)


Attendees

As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)

Voting:

  1. Andi
  2. Steve
  3. Sal
  4. Alec

Non-voting participants:

  1. Joe - w/ FR IAM backgroud
  2. Scott
  3. Nancy

Regrets: