Quorum was reached.
Approve minutes of UMA telecon 2016-10-13, 2016-11-03: APPROVED by unanimous consent.
We ARE meeting next week, but Friday at 9am PT, not Thursday. That's right after the Legal call.
Syntax changes as listed above are confirmed OK. The new invalid_scope error is OK. We don't have to say "protected resource" all the time, particularly in syntax.
Eve is concerned that not being able to fully replace the permissions structure in the token introspection response is a bridge too far in having removed the token profile scaffolding. OAuth has token profiling. There is a use case for just conveying RqP identity claims for achieving fine-grained authorization at the edge (along with a use case for conveying RqP identity claims on top of permissions). UMA permissions on their own only convey "scope-grained" permissions. Can we reuse the UMA profiling capability to allow third parties to replace the permissions structure if they need to? It's already possible to create these (so Gluu could consider doing this).
We have some outstanding questions around the token profiling question and the permissions structure. Eve will send an email outlining these with all the options she can think of and possibly making some proposals so we can decide by next week. (She'll include the Sec Consid point from 7.1.1.)
AI: Eve: Email about token profiling, as above.
Instructions for Core rev 08:
As of 3 Oct 2016, quorum is 6 of 11. (Domenico, Sal, Nagesh, Andi, Robert, Maciej, Eve, Jeffrey, Mike, Cigdem, Sarah)
Non-voting participants:
Regrets: