Exciting progress today!

Andrew still needs to keep some project details under wraps, but he notes that any provider whatsoever in that project needs to have SLAs etc., and for each of the identity roles, he’s created a list of archetypes for, e.g., IdPs and such. He’s also set out UMA archetypes — this is where the Binding Obs come in.

If you have an UMA authorization server defined and built as such, what are its proper functions? He has a notion of this, but he just needs the text. Being a framework, it can handle both an AS that serves multiple ROs, and an AS that serves a single RO. When you downselect the rules you want, that gives shape to your deployment.

Is it also interesting to attach the proper functions of the roles in terms of protocol state changes? Andrew is not so sure, for the work he’s doing right now in making a framework. Eve notes that it may simply have relevance only when it gets to “receipt” time, that is, when a particular norm gets executed by a particular role.

Andrew’s analysis tool is designed to be able to record that if someone is a signatory to an agreement, then they commit to being in a certain role. So: Click the box to be in a role. He needs the role definition. We can write the latter.

Scott asks: Have we talked about standards of care? Adopting a role in the real world comes with standards of care that are affected by statutes and/or contracts. Here’s where the CommonAccord approach could come in, with a flexible normative cross-reference. Andrew is planning to handle this in the base layer.

Andrew made a matrix of expectations and commitments. Contracts are just exchanges of promises! Say what you’re going to do, and then doing what you said you were going to do. This is the Invisible Hand model.

Offer and acceptance of a contract has a notion of the time of acceptance. This again suggests recording/logging as an important function. (Hence the blockchain mention as a ledger…)

In legal parlance, a “prohibition” is a "condition subsequent”. This is a way to effect the “chain-link confidentiality” effect Domenico has drawn our attention to. It’s useful for real estate, but people bristle at it when used for intellectual property. Think of software licensing. But then again, it’s used for NDAs, embargoes, etc. It’s tricky.

How different are “power” and “authorization”? This is the central preoccupation of Steve’s adult life. :-)

====

Can we draft statements of UMA role functions with required parts (clauses?) and optional parts (clauses?)? Should the latter include something about consent receipt/audit log entry generation, where appropriate? Andrew says this fits in pretty well with his goals. Obviously we’re not thinking about producing these statements in Word! They’d hopefully be in CommonAccord, and ultimately be available in a cool online tool with dropdowns and such. :-)

Who is interested to actively take part in the action item? Eve, Andrew, Steve, Ann… Scott is happy to do intense kibbitzing!

Eve and Andrew are meeting in depth later today, and will try and sketch a draft skeleton to help push things forward. Eve will round up those who are/may be interested to work together in the interim.