This is our last telecon of the year. We got only a couple of regrets from voting participants last week for this meeting -- hope we can get good representation, and raise a virtual cup of egg nog while solving lots of open issues in this last session of 2016. :-) http://kantarainitiative.org/confluence/display/uma/UMA+telecon+2016-12-22 Date and Time - *Thursdays,* 9-10am PT - Skype: +99051000000481 / US +1-805-309-2350 / international lines <https://www.turbobridge.com/join.html> / web calling interface <https://panel.turbobridge.com/webcall/> / code 1782540 - Screen sharing: http://join.me/findthomas - NOTE: do not use the join.me dial-in line - UMA calendar: http://kantarainitiative.org/confluence/display/uma/Calendar Agenda - Roll call - Approve minutes of UMA telecon 2016-12-01 <http://kantarainitiative.org/confluence/display/uma/UMA+telecon+2016-12-01> - Logistics - This is our last meeting of the year - Refer to telecon 2016-12-01 <http://kantarainitiative.org/confluence/display/uma/UMA+telecon+2016-12-01> minutes to see how voting/balloting process goes - UMA V2.0 workAOB - 2016 roadmap <http://kantarainitiative.org/confluence/display/uma/UMA+Roadmap+for+2016> - Core is up to 09 <https://docs.kantarainitiative.org/uma/ed/uma-core-2.0-09.html> and RReg is up to 02 <http://docs.kantarainitiative.org/uma/ed/oauth-resource-reg-2.0-02.html> (no changes from last meeting) - Dynamic swimlane <http://www.websequencediagrams.com/files/render?link=Pu0sP0Oe2kjKc2WgdKZd> - Complete set math decisions *today*: see email proposal <https://groups.google.com/forum/#!topic/kantara-initiative-uma-wg/QVr9EgbfvQM> - Proposal for "the rest of the issues to consider/take out of the backlog"; let's decide the final list by our first meeting in January and figure out our completion roadmap: - Use Cases for FHIR Security Authorization with Patient Consent <http://kantarainitiative.org/confluence/download/attachments/17760302/Use%20Cases%20for%20FHIR%20Security%20Authorization%20with%20Patient%20Consentv06.docx?api=v2> ("cascading authorization servers") - Shoebox endpoint/"audit whether RS gave access per permissions" (issues 24 <https://github.com/KantaraInitiative/wg-uma/issues/24> , 224 <https://github.com/KantaraInitiative/wg-uma/issues/224>) - Hashed claims discovery (issue 254 <https://github.com/KantaraInitiative/wg-uma/issues/254>) - Issues that came up in editing: - What is the proper way to complete the specification of the UMA grant? e.g., how do the client's credentials actually get used in the flow? - Remove policy-specific resource/scope description properties from RReg and add as extensions in Core? - claim_token_profiles_supported: Provide real profiles for OIDC and maybe SAML? - What to do with the extensibility profiles? - Need to have IANA registry entries for both old uma-configuration and uma2-configuration? *Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl