[WG-UMA] Draft minutes of UMA telecon 2012-06-28

Eve Maler eve at xmlgrrl.com
Thu Jun 28 23:10:09 EDT 2012

(Haha, I'm mastering the new Confluence. Don't forget: No meeting next week!)

Roll call
Quorum was not reached.

Andrew is based in Victoria BC. He does midsize IAM integration consulting. He's working with the Province. He's been listening in on the IAWG for a while.

Approve minutes of 2012-06-21 meeting
Deferred due to lack of quorum.

Feature test progress
Eve and Trey are trying to schedule a time to meet to review the proposed tests.

Review swimlane diagrams for accuracy and effectiveness
On the Phase 1 diagram, add a section reference to explain the OOB provisioning of the AM location by Alice.

On the Phases 2/3 diagram, add two assumptions in the note block at the top: the UMA bearer token profile is in use, and Roger deserves the requested permission.

Should we add these diagrams to the spec somehow? Or at least we should put it in the wiki and put a non-normative reference to the diagrams in the spec. It's incredibly useful to have these as pedagogical tools.

Issue #56 discussion: standardized scope descriptions for well-known APIs?
Looking at the worked example in the spec, the ultimate point of #56 is to consider unilaterally publishing scope descriptions for well-known third-party scopes where they use OAuth to protect their APIs. Trey mentioned last week that Google's gcal uses URIs for scopes, so that's one existence proof. Obviously we can't publish UMA-style scope descriptions for those, since they already have APIs. But we'd like to create scopes for some other well-known API that currently uses plain-string scopes, such as Flickr or Netflix or someone.

In fact, if we're going to do this, shouldn't we at least make our own "protection" and "authorization" scopes (corresponding to the PAT and AAT) into URIs, which resolve to UMA-style scope descriptions? We agreed to do this in the spec, and likely to publish the scope descriptions at docs.kantarainitiative.org.

Our scope descriptions are indeed similar to partial XACML policies. Though we didn't have enough support to literally use XACML in UMA, we want to absorb any work that takes place around putting XACML into JSON-based form ("jacml" effort?). We'll keep an eye on this.

As of 23 June 2012, quorum is 6 of 10.

Voting participants:

Hardjono, Thomas
Machulak, Maciej
Maler, Eve
Moren, Lukasz
Non-voting participants:

Cox, Kevin
Davis, Peter
Hughes, Andrew

Drake, Trey
Fletcher, George
Abeti, Riccardo
Next Meetings
NO TELECON on Thursday, 5 July 2012
Otherwise we'll meet in July as normal

Eve Maler                                  http://www.xmlgrrl.com/blog
+1 425 345 6756                         http://www.twitter.com/xmlgrrl

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-uma/attachments/20120628/e1346cd5/attachment.html 

More information about the WG-UMA mailing list