I'm sorry that I had to miss Friday's call. I just had a chance to read this UMA Legal Primer and I find it inscrutable even as I'm finding the discussions in HEART more confusing week by week. Here's an alternative suggestion:

Let's start with "UMA adds three dimensions of variability to OAuth:

- Multi-party (Are clients registered with the AS or the RS? does it need to be both?)

- Asynchronous (Alice can start by just delegating and add policies only after she gets some insight into what the Bobs want - forces us to focus on delegation)

- One delegation / location (Alice's authorization server is not domain-specific - neither should the legal agreements between RS and AS be domain specific.)

Let's focus on these three dimensions from a legal perspective. The BLT approach does not help. Neither does mentioning HEART help because HEART is even more confused than UMA. Once we get the Legal 3-D core down, a discussion of Business and Technical impacts on the Legal core might be unnecessary or just illustrative.

Adrian

On Fri, Jul 1, 2016 at 1:22 PM, Eve Maler <eve@xmlgrrl.com> wrote:

I vaguely thought there was a conflict on my calendar for next week, and just realized what it was. I'll be removing that meeting from the calendar. In the meantime, no reason not to go into the Primer to comment!... And if you have a burning desire to set up an alternate time to meet, let me know.

Eve Maler
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl

_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/