Andi motions to approve ALL the minutes! Sal seconds. Motion Approved
Have resolved current comments, link to V0.2 Editor's Draft: Julie Use-case Report
Alec motions to move the Report to a Working Group Draft. Andi Seconds. Hearing no objections, motions passes!
Thanks to all the editor's and contributors who got the report to this point!!
This sheets starts to organize the comparison
https://docs.google.com/spreadsheets/d/1UWxhLoLFsVNmHulGvyS_3vx5hF9u2reFXT3gxc3bRnY/edit#gid=0
The HEART WG is having a session on this topic, will be April 4 2-3PM ET. Link and invite should be shared on the oidc heart mailing list: https://meet.goto.com/785234357
Eve, Nancy and Alec plan to attend.
Show UMAs understanding in relation to other standards. Could we introduce UMA to the HL7 connectathons?
Correlated Authorization Updates
https://github.com/umalabs/correlated-authorization
Kantara has a 4-hour workshop the day before the conference. Is anyone planning to attend in person? Steve, Andi, George
Do we want some of that time to present/get feedback on some of our work? Eg to review and solicit feedback on the Julie report
Have had questions about UMA + DID and their relationships
Some OAuth folks see UMA as complex, and can rebuild the features with OAuth drafts
UMA is for wide ecosystems where the RO can control policy. OAuth doesn't go this far, everything is still oriented around 1AS/1RS
As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)
Voting:
Non-voting participants:
Regrets:
Hi all,
I don't see the UMA standard as "too complex." On the contrary, in my opinion, the UMA is an "incomplete set" of specifications, as there are lots of "outside the scope of this specification" statements. I understand the reasons why this is so. The goal of WG-UMA was to design a universal OAuth-based access management protocol.
In my opinion, UMA is not a rival to the OAuth suite. UMA is a promising, versatile trust framework.
I have been trying for some time to extend the UMA standard to become a full-fledged trust framework; see https://github.com/umalabs/correlated-authorization. I apologize for the messy text—it's a living draft. It has a somewhat futuristic use case—Authorization-Enhanced Mail System; see https://github.com/umalabs/authorization-enhanced-mail-system. In either case, UMA excels when used with multiple security domains.
Regards
-Igor
_______________________________________________
WG-UMA mailing list
WG-...@kantarainitiative.org
https://kantarainitiative.org/mailman/listinfo/wg-uma