Quorum was reached.
Approve minutes of UMA telecon 2018-06-07: APPROVED by unanimous consent.
The Michigan HIE had a connectathon with a use case that was very UMA-like. A patient who has just reached the age of 18 is able to share info with another app or whoever she wants, using her right of access. The use case involves using filters and labels so that HPV information doesn't reach her parents. It's a healthcare + education use case.
No meeting Jun 28, no meeting Jul 5, chop out some meetings in Jul and Aug.
Who might be available for a Kantara plenary? Chris Blanton from Gluu, Adrian, Eve, possibly Maciej. Adrian has tried to bring the SSI and Kantara communities together. Gluu has demonstrated that a "SSI claim" can be used to satisfy policy, and IIW itself can be used for discussing combining UMA and SSI to the extent that this is of interest, or if there are challenges that are arising. On the other hand, there are potentially opportunities not yet being exploited.
Other cross-group agenda items Eve had thought of were along the lines of the "cradle-to-grave scenarios" and solving them with suitable application of IRM workflows and throwing off receipts, but we haven't gotten any farther than that.
Adrian has been advocating for UMA being a component of DIF's "hub" role. Kim Cameron spoke on this at EIC18. Let's start to take a look at what this might mean over the summer.
Deferred.
Mike showed a demo; find it here. It uses Kong underneath. Question: Kathleen: Can it handle scopes like HEART has? The Gluu take is that scopes map to policies on the Gluu Server. An UMA scope might be something like "OutSideUS", and the policy is a Python script. The policy provides context: Who is the subject? What is the client? It could call an external RBAC or XACML PDP. The gateway (proxy) is really simple; it's the PEP; it doesn't know anything about that. (See the documentation.) It introspects the token and caches the results. So if an API comes with whatever scope design, can it handle that and map to policy as necessary? Yes. You can switch from "UMA Resources" (settings for resources with their scopes) to "OAuth Scope Security".
Mike is seeing a lot of consumer use cases for the gateway these days, and use with microservices. What is the business case?
Eve walked through the draft slides for the masterclass she and Mike are doing at Identiverse. The "federated authorization" language is challenging to people, so it's now "externalized" authorization. People will review the deck more before Monday.
As of 7 Mar 2017, quorum is 4 of 7. (Domenico, Sal, Andi, Maciej, Eve, Mike, Cigdem)
Non-voting participants:
Regrets: