UMA telecon 2021-11-18

Date and Time

• Primary-week Thursdays 06:30am PT; Secondary-week Thursdays 10:00am PT
  • Screenshare and dial-in: https://zoom.us/j/99487814311?pwd=dTAvZi9uN0ZmeXJReWRrc1Zycm5KZz09

  • United States: +1 (224) 501-3316, Access Code: 485-071-053

  • See UMA calendar for additional details: http://kantarainitiative.org/confluence/display/uma/Calendar

Agenda

• Approve minutes of UMA telecon 2021-09-09, UMA telecon 2021-09-16, UMA telecon 2021-09-23, UMA telecon 2021-09-30, UMA telecon 2021-10-14, UMA telecon 2021-10-21, UMA telecon 2021-10-28, UMA telecon 2021-11-04, UMA telecon 2021-11-11
• Delegation Use Cases
• Proof of Chain of Possession (POCOP) Tokens
• AOB

Minutes

Roll call

• Quorum: No

Approve minutes

• Approve minutes of UMA telecon 2021-09-09, UMA telecon 2021-09-16, UMA telecon 2021-09-23, UMA telecon 2021-09-30, UMA telecon 2021-10-14, UMA telecon 2021-10-21, UMA telecon 2021-10-28, UMA telecon 2021-11-04

Deferred

The Kantara All members meeting is Dec 8th, 11-1230ET (it's virtual, link TBD)

Delegation Use Cases

Reviewed more pp2pi use-cases, broken down by objective and mapped to whther uma or uma delegation can meet the goal

Will continue this discussion next week

• payer insurance codes are often opaque to the patient/covered person

Proof of Chain of Possession (POCOP) Tokens

https://github.com/uma-email/poc

A client can use any IDToken with any UMA ticket. The Correlated Authorization mechanism ensures that there is some open UMA transactional context included in any pushed ID claims

What is the threat that Proof of Possession (or mTLS) doens't address that requires the "chronological tamper-resistant record"?

Report on FHIR Vulns

reviewed some initial diagrams for this:   https://docs.google.com/presentation/d/1aDTD6nv5vza8gDsSRGV6X5tzRoQdIv5V9aU8o3Z632A/edit#slide=id.p

• FHIR itself is simply the data model
• FHIR had the author refine their statement that it was 'FHIR Implmentations' that had the vulnerabilities
• SMART on FHIR is the HL7 'approved' authorization strategy
  • UDAP → artifacts that needs to exist from a trust framework to support DCR/wide-access
  • HEART → profiles of OAuth/UMA for SMARTonFHIR scopes

AOB

• We are planning a 3 hour working session on December 9th, we will use extend the normal call from 930-1230ET 
  • Want to make progress on some of the in-progress docs, have them in a consistent state 
  • Eve, Nancy, Alec, Andi 
  • If you're up to attend, please email Alec, or leave a comment on these minutes

Topic Candidates (from previous telcons)

• Delegation and Guardianship

• Outcome of user stories discussion

• PDP architecture includes the concept of governance registry/discovery

• TOIP/SSI are starting to define this ecosystem function

• ANCR records update

• Privacy as Expected/ANCR update : 2/3 weeks out (Sal?)

Attendees

As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)

Voting:

1. Steve
2. Alec

Non-voting participants:

1. Scott G
2. Scott F

Regrets:

1. Sal
2. Nancy
3. Eve