[Wg-uma] Draft minutes of UMA telecon 2009-09-17

Eve Maler eve at xmlgrrl.com
Thu Sep 17 17:02:48 PDT 2009


The draft minutes are here; please let me know if you see any  
inaccuracies:

http://kantarainitiative.org/confluence/display/uma/UMA+telecon+2009-09-17

The action item and resolution summary is here:

http://kantarainitiative.org/confluence/display/uma/Meetings+and+Minutes

The scenario docket is here:

http://kantarainitiative.org/confluence/display/uma/Working+Drafts

The minutes are also pasted below, for your convenience.

	Eve

Date and Time
Day: Thursday, 17 Sep 2009
Time: 9:10-10:30am PDT | 12:10-1:30pm EDT | 16:10-17:30 UTC (time chart)
Dial-In: +1-218-862-7200 or +1-712-432-3100 (if one doesn't work, try  
the other)
Code: 987-632 (do not press #)
Attendees
As of 17 Sep 2009, quorum is 12 of 23.

Adams, Trent
Akram, Hasan
Bryan, Paul
Catalano, Domenico
Holodnik, Tom
Maler, Eve
Regrets
Christian Scholz
Michael Hanson
Iain Henderson
Maciej Machulak (possibly)
Jeff Stollman
Agenda
Roll call
Approve minutes of UMA telecon 2009-09-10
Action item review
Kantara informal UMA meeting report/discussion
Brief report/discussion on [recursive delegation|OAuth recursive  
delegation
Discuss and approve A-priority scenarios
AOB
Minutes
Roll call
Quorum not achieved.

Approve minutes of UMA telecon 2009-09-10
Deferred due to lack of quorum.

Action item review
Nothing changed; we have a number of aging pending items.

Kantara informal UMA meeting report/discussion
An informal meeting was held at the Kantara F2F meetings in Las Vegas,  
colocated with Digital ID World. We were not quorate and we didn't  
record formal minutes. We reviewed the UMA proposition by going  
through IIW8 backgrounder slides and the current status of UMA  
scenarios, and Trent kindly took notes to record Q&A that came up. We  
reviewed Trent's notes and discussed related items on this call.

Comment by Doc: The use of the term "Allow..." in the charter makes it  
seem that the protocol is in control, but allowing the user to do  
something. Consider a rewording along the lines of "Preserve the  
ability for the user to..."
The charter does use the "Allow..." wording; it is indeed shorthand  
for "Preserve an individual's ability to...". We're not planning to  
change it.

Comment by Doc: How does ProtectServe + Relationship Manager interact  
with the various other options listed on page 15 of the slides (i.e.  
titled "Some comparisons, FWTW"); specifically in relation to Kim's  
5th Law of plurality of providers (suggestion: might want to update  
the "Some comparisons, FWTW" slide to include XRD)
AI: Eve: Revise and extend the "compare/contrast" matrix in the  
background slides, and put them on the wiki.

AI: Eve: Make links to the backgrounder slides more visible on the wiki.

Question by Joe: How does this approach fit into the model of XRI and  
Link Contracts?
The original ProtectServe sketch wasn't designed with XRI link  
contracts in mind, but it turns out they are conceptually identical,  
and UMA may provide a useful "protocol binding" for the XRI concept.  
XRI is one of our liaison targets and we have several liaison  
touchpoints between the efforts (such as Andy Dale and, now, Nat  
Sakimura).

Question by Joe: Does the scope include the need to parse the contract  
terms, or only end at the resolution of an existing contract URI?
We want to be scenario-driven about this. If we have important  
scenarios that require something like "you must satisfy these terms  
'or better'", we may have to figure out what "better" means. If we  
have important scenarios that offer n pieces of data for terms X, but n 
+m pieces for terms Y, that's a complex thing we may have to solve. We  
discussed whether machine readability of terms is strictly needed at  
first, since a URI that persistently refers to a human/lawyer-readable  
version seems to suffice in a lot of cases today for string-matched  
satisfaction (no complex negotiation), including very complex  
enterprise cases.

The UD-VPI group is reportedly building terms that meet the human/ 
lawyer/machine-readable goal, and may be looking to us to solve the  
minimum level of functionality around term offers, negotiation,  
acceptance, etc.

Nat Sakimura's recent blog post and the comments thereon suggest even  
more ways. How we answer these questions also has an impact on our  
goals around simplicity, particularly our emerging goal around not  
adding undue cryptography burdens.

Paul's preference for a design decision that would meet our principles  
is: Express terms as a Web resource whose representation can be  
retrieved with an HTTP GET and modified (with an affirmation that the  
terms are being met) with an HTTP POST.

AI: Eve: Revise the Issue in the scenario doc regarding how requesters  
can meet terms, to incorporate the discussions that have taken place  
to date.

Brief report/discussion on [recursive delegation|OAuth recursive  
delegation
We don't yet have feedback from Michael on this, but Paul reviewed the  
I-D further, and concluded that the spec is about allowing an existing  
OAuth Consumer/Client to dole out tokens to other Consumers to access  
resources without your involvement. This makes a pretty big assumption  
about the user's trust of the subsequent (Second etc.) Clients;  
transitivity of trust generally isn't safe to assume. It would  
therefore be useful to see the use case that motivated the I-D.

The OAuth redirection flow ensures that the user has a say in  
permissioning, so in a way this extension is the antithesis of OAuth  
(unless there's some user permissioning process that's mandated but  
done out of band?).

Discuss and approve A-priority scenarios
Deferred till we have more, and a better mix of, people on the call.

AOB: Update on the teleconferencing situation
A strong recommendation was made to the Kantara Board of Trustees this  
week to fund, at relatively low incremental cost, a series of "hi-def"  
lines that would provide better reliability and quality. We will see  
what happens. More problems were encountered on today's call (no  
surprise).

Next Meeting: UMA telecon 2009-09-24
Eve can't attend this meeting; Paul will chair in her stead.

Day: Thursday, 24 Sep 2009
Time: 9:10-10:30am PDT | 12:10-1:30pm EDT | 16:10-17:30 UTC (time chart)
Dial-In: +1-218-862-7200 or +1-712-432-3100 (if one doesn't work, try  
the other)
Code: 987-632 (do not press #)


Eve Maler
eve at xmlgrrl.com
http://www.xmlgrrl.com/blog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-uma_kantarainitiative.org/attachments/20090917/6ee64b43/attachment-0001.html>


More information about the Wg-uma mailing list