[WG-UMA] Draft Minutes of UMA telecon 2021-07-15

1 view
Skip to first unread message

Alec Laws

unread,
Jul 16, 2021, 8:33:07 AMJul 16
to wg-uma@kantarainitiative.org WG
https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2021-07-15

Minutes

Roll call

Quorum was NOT reached.

Approve minutes

Deferred


ANCR/UMA initial understanding

https://groups.google.com/g/kantara-initiative-uma-wg/c/EzbI7kjc_MU/m/NLX_0eYZCQAJ


Short flow

  1. Alice visit's Bob's Organization(site/service) website
  2. Bob returns a notice that references a third party registry
  3. Alice is able to independently lookup Bob's notice from the registry
  4. Alice requests a notarized receipt from the registry, including Bob's notice and her Rights (eg the law's of the country she lives in)
  5. Alice includes this receipt in requests as she interacts with Bob's service
  6. Bob is able to use the receipt token to interact with Alice's information, either in requests for authorization/information (eg as a token/claim)

ANCR current state: documentation of the receipt: Bob's notice, Alice's rights assertion, the notarized ANCR receipt

Next steps: Getting ANCR receipt fields to be part of the ISO 27560 consent receipt 1.2 spec, publish within Kantara. Move from receipt definition to flows/protocol integrations


The receipt creates transparency for Alice to discover and understand the sites/services terms, controller, etc. Steps 1-5 would be part of a Browser/extension implementation and could be broadcasted through headers (for example). Alice could include in her notarized receipt where BOb's service could discover her information, eg her UMA Auth server or relevant resource locations. 

From initial contact, Alice is able to monitor service term changes through the registry. The 'registry' doesn't necessarily need to be a 3rd party, the site itself could host this to achieve the transparency outcome. Self assertion like this can still reference third parties, who don't need to know about ANCR. For example in the UK there is a public business registry with the Controllers listed, the site itself can reference that endpoint.
Can a service be registered with multiple registries? yes


ANCR is having an off cycle meeting 1130(?) Monday. They usually meet Wednesday at 1030ET

Advanced Notice and Consent Receipt: Advanced Notice & Consent Receipt - ANCR-WG


Anyone attending HIMSS?

IDENTOS will have some representation there (not Alec), presenting their TrustSphere project in BC 


Has Kantara ever provided funding support to attend/present posters/papers? Kantara is open for funding requests, if interested please reach out to Alec(or any WG chair) and they'll help with the request to the Leadership Council. Largely attendance have been self-funded


Relationship Manager - user stories

Review the Diagram: https://groups.google.com/g/kantara-initiative-uma-wg/c/WAnizgl08Fg/m/YjflL1EbAwAJ

Last week we got into the details and questions around discovery. It may not need to be part of the core UMA AS function, and could be a 3rd service specification (with some intersection to the ANCR registry concepts)


Implementing the UMA spec is not enough, need to have use-cases to fill the gaps and details (and to 'get creative'). This has made interop challenging between implementations. There's a bunch of work around UMA that are required to show implementation. Maybe a simple interop profile around a use-case would allow us to show us working together. One example, who owns + stores the PAT. Communicating the handle (uri) from RO to RqP


AOB

Please welcome Kay Chopard as the new  Kantara Executive Director!

Attendees

As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)

Voting:

  1. Steve
  2. Alec
  3. Sal

Non-voting participants:

  1. Zhen
  2. Scott

Regrets:

Reply all
Reply to author
Forward
0 new messages