https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2021-11-18 UMA telecon 2021-11-18Date and Time - *Primary-week Thursdays 06:30am PT; Secondary-week Thursdays 10:00am PT* - Screenshare and dial-in: https://zoom.us/j/99487814311?pwd=dTAvZi9uN0ZmeXJReWRrc1Zycm5KZz09 - United States: +1 (224) 501-3316, Access Code: 485-071-053 - See UMA calendar for additional details: http://kantarainitiative.org/confluence/display/uma/Calendar Agenda - Approve minutes of UMA telecon 2021-09-09 <https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2021-09-09> , UMA telecon 2021-09-16 <https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2021-09-16> , UMA telecon 2021-09-23 <https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2021-09-23> , UMA telecon 2021-09-30 <https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2021-09-30> , UMA telecon 2021-10-14 <https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2021-10-14> , UMA telecon 2021-10-21 <https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2021-10-21> , UMA telecon 2021-10-28 <https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2021-10-28> , UMA telecon 2021-11-04 <https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2021-11-04> , UMA telecon 2021-11-11 <https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2021-11-11> - Delegation Use Cases - Proof of Chain of Possession (POCOP) Tokens - AOB MinutesRoll call - Quorum: No Approve minutes - Approve minutes of UMA telecon 2021-09-09 <https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2021-09-09> , UMA telecon 2021-09-16 <https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2021-09-16> , UMA telecon 2021-09-23 <https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2021-09-23> , UMA telecon 2021-09-30 <https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2021-09-30> , UMA telecon 2021-10-14 <https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2021-10-14> , UMA telecon 2021-10-21 <https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2021-10-21> , UMA telecon 2021-10-28 <https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2021-10-28> , UMA telecon 2021-11-04 <https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2021-11-04> Deferred *The Kantara All members meeting is Dec 8th, 11-1230ET (it's virtual, link TBD)* Delegation Use Cases Reviewed more pp2pi <https://www.drummondgroup.com/pp2pi/> use-cases, broken down by objective and mapped to whther uma or uma delegation can meet the goal Will continue this discussion next week - payer insurance codes are often opaque to the patient/covered person Proof of Chain of Possession (POCOP) Tokens https://github.com/uma-email/poc A client can use any IDToken with any UMA ticket. The Correlated Authorization mechanism ensures that there is some open UMA transactional context included in any pushed ID claims What is the threat that Proof of Possession <https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-04> (or mTLS) doens't address that requires the "chronological tamper-resistant record"? Report on FHIR Vulns reviewed some initial diagrams for this: https://docs.google.com/presentation/d/1aDTD6nv5vza8gDsSRGV6X5tzRoQdIv5V9aU8... - FHIR itself is simply the data model - FHIR had the author refine their statement that it was 'FHIR Implmentations' that had the vulnerabilities - SMART on FHIR is the HL7 'approved' authorization strategy - UDAP → artifacts that needs to exist from a trust framework to support DCR/wide-access - HEART → profiles of OAuth/UMA for SMARTonFHIR scopes AOB - We are planning a 3 hour working session on December 9th, we will use extend the normal call from 930-1230ET - Want to make progress on some of the in-progress docs, have them in a consistent state - Eve, Nancy, Alec, Andi - If you're up to attend, please email Alec, or leave a comment on these minutes Topic Candidates (from previous telcons) - Delegation and Guardianship - Outcome of user stories discussion - PDP architecture includes the concept of governance registry/discovery - TOIP/SSI are starting to define this ecosystem function - ANCR records update - Privacy as Expected/ANCR update : 2/3 weeks out (Sal?) Attendees As of October 26, 2020, quorum <http://kantarainitiative.org/confluence/display/uma/Participant+Roster> is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve) Voting: 1. Steve 2. Alec Non-voting participants: 1. Scott G 2. Scott F Regrets: 1. Sal 2. Nancy 3. Eve