I'm sorry that I had to miss Friday's call. I just had a chance to read
this UMA Legal Primer and I find it inscrutable even as I'm finding the
discussions in HEART more confusing week by week. Here's an alternative
suggestion:
Let's start with "UMA adds three dimensions of variability to OAuth:
- Multi-party (Are clients registered with the AS or the RS? does it need
to be both?)
- Asynchronous (Alice can start by just delegating and add policies only
after she gets some insight into what the Bobs want - forces us to focus on
delegation)
- One delegation / location (Alice's authorization server is not
domain-specific - neither should the legal agreements between RS and AS be
domain specific.)
Let's focus on these three dimensions from a legal perspective. The BLT
approach does not help. Neither does mentioning HEART help because HEART is
even more confused than UMA. Once we get the Legal 3-D core down, a
discussion of Business and Technical impacts on the Legal core might be
unnecessary or just illustrative.
Adrian
On Fri, Jul 1, 2016 at 1:22 PM, Eve Maler
I vaguely thought there was a conflict on my calendar for next week, and just realized what it was. I'll be removing that meeting from the calendar. In the meantime, no reason not to go into the Primer https://docs.google.com/a/wunderlich.ca/document/d/1HGM5-PoJFMnepyrTX91hqHKQ... to comment!... And if you have a burning desire to set up an alternate time to meet, let me know.
*Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-uma
-- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/