The Leadership Council has discussed whether a second IPR review period might be required for the changes made to the UMA2 specifications since our first Public Comment/IPR Review period began on May 25th.

Colin has asked me to:

Highlight our Work Group's IPR policy to all of you (it is "Option Patent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non discriminatory (RAND)" (HTML version), as can be seen on our wiki home page)

Ask you all to let me/Kantara know, if possible, if you intend to opt out to RAND prior to the Leadership Council taking up its certification process (it would do this starting in approximately the next 7 days, once our week-long e-ballot, starting tomorrow, closes)

This will help the LC in its deliberations as it determines what sort of additional Public Review period might be needed.

To help you in your own deliberations, I have taken extra care to document the nature of the technical changes in the Disposition of Comments document. Here's a summary:

#337c,d: Added claims_redirect_uris OpenID Connect Dynamic Client Registration metadata field: design tracks OAuth redirect_uris metadata field
#340: Reintroduced UMA1 not_authorized error code and renamed it to request_denied
#341: Added interval parameter to request_submitted; design tracks OAuth Device Flow interval parameter
#354-1: Added optional invalid_request error code to resource registration endpoint; design tracks OAuth and OAuth bearer token error codes
#354-2: Reintroduced UMA1 requirement for PAT as bearer token to be supported

(Note that the technical changes fall into two categories: Reintroducing UMA1 design elements (items 2 and 5) and tracking existing OAuth design elements (items 1, 3, and 4) -- the latter aligning with one of our key roadmap design priorities, btw.)

If you have any questions, please let me know.

Please conclude your review today, as I'll send out the e-ballot tomorrow first thing!)

Eve Maler
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl