[WG-UMA] For email and Oct 9 discussion/closure: trust elevation profile (issue 92)

Eve Maler eve at xmlgrrl.com
Tue Oct 7 09:54:31 CDT 2014


The issue is here:

https://github.com/xmlgrrl/UMA-Specifications/issues/92

The profile is proposed here:

http://ox.gluu.org/doku.php?id=oxauth:uma_profile

On 1 Oct 2014, at 5:38 PM, Eve Maler <eve at xmlgrrl.com> wrote:

> (Attendance was very attenuated at this meeting. I'm getting a bit wary of the "APAC-friendly scheme" as a result, since we have so much to do in the coming weeks. Thoughts?)
> 
> http://kantarainitiative.org/confluence/display/uma/UMA+telecon+2014-10-01
> Minutes
> ...
> 92: trust elevation profile
> This can come up for financial data, and also for legal accountability over access to health data in break-the-glass situations. E.g., Alice might want to have a policy that says Bob has to have LOA3 when accessing her data, so she can find him and sue him if something goes wrong. Mike's profile enables revocation of the AAT, not just the relevant permission in the RPT, if the AAT were issued on the strength of a too-weak requesting party authentication. We looked at the written profile and thought that it might need to be abstracted away a bit from OpenID Connect, but otherwise seems like it's probably a good addition. We need to discuss this with a larger group.
> ...
> 


Eve Maler                                  http://www.xmlgrrl.com/blog
+1 425 345 6756                         http://www.twitter.com/xmlgrrl

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-uma/attachments/20141007/cd713bbb/attachment.html>


More information about the WG-UMA mailing list