Screen sharing: http://join.me/findthomas - NOTE:IGNORE the join.me dial-in line shown here in favor of the dial-in info above (Kantara "line C" and the Skype line)
Review the recommendations for issue #239 and decide and execute on next actions
Proposal: Regardless of other decisions, develop a non-normative analysis of the attack and mitigations; revise as appropriate depending on other decisions taken (Sarah has this AI already)
Proposal: Develop an extension specification, Enhanced Claims-Gathering Security Extension, to require cycling of the permission ticket when using the claims-gathering extension
For discussion: Consider also handling issue #167 in this extension if it has a security rationale
For discussion (thanks Andi for these two new bullets!): Consider updating the UMA Core spec in some way to point non-normatively to the extension spec, and/or mention it from the UIG
For discussion (possibly at a later juncture): Consider if/when/how to fold the extension into a future UMA version (likely to be captured as a GitHub issue)
For meta-discussion: What to do right now, as soon as we decide all this?
Kicking off #wideeco discussion: inputs from Eve/James and others
Making plans for IIW
Thoughts on tasks we can accomplish there: CIS-flavored, legal-flavored, and interop-flavored efforts?
Who will definitely be there? Whose plans are contingent on the WG's plans?