It seems to me that this elides several use cases. If we set aside the currently unrealistic expectation that each person will own one or more AS’s, then the most likely location for a self-owned AS is in the home, or in a cloud service provided to the individual (a cloud home so to speak). I can see where I’ll want to use an authoritative IdP for some kinds of transactions and identities - health (hospital as IdP) and finance (bank as IdP) - but I can see multiple scenarios involving social identity where I would want to self assert to have the capability for multiple (disposable) identities. This isn’t just the case for teenagers and trolls, but would also be the case for human rights workers and democracy activists in any number of countries. 

Sincerely,
John Wunderlich
(@PrivacyCDN)



Privacist & PbD Ambassador




On Feb 18, 2016, at 19:47, Eve Maler <eve@xmlgrrl.com> wrote:

A question to Adrian about the goal of making an AS lighter and more generic so that each individual can own one: Do you think it's likely that the AS function and the IdP function are likely to remain entirely separate, and not be co-located in at least some instances? (I'm guessing your answer will be yes, because you've separated out the "lightweight AS" and the "RS-as-IdP" roles here, but I may be wrong.)


Eve Maler
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl


On Thu, Feb 18, 2016 at 11:05 AM, Adrian Gropper <agropper@healthurl.com> wrote:
To be clear, my suggestion about IdP in the #wideeco is for the #wideeco AS to be given the option of using the RS as Bob's IdP. That is very different from the RS being the IdP and AS if that's how I read the minutes.

In general, I'm looking for ways to make the AS lighter and more generic so that each individual can own one. In the HIE of One brand #wideeco model, the UMA AS is also always an OpenID Connect Client so that any RS that chooses to support OIDC Dynamic OP can offer this as part of the resource registration agreement with a #wideeco AS. This also enables the AS to register other well-known IdPs like Google and make these available as a NASCAR to Bob. As blockchain ID catches on (onename and uPort), the #wideeco AS will be able to offer this as an option as well.

Adrian



On Thu, Feb 18, 2016 at 1:09 PM, Eve Maler <eve@xmlgrrl.com> wrote:
Great meeting, all!

http://kantarainitiative.org/confluence/display/uma/UMA+telecon+2016-02-18

Minutes

Roll call

Quorum was reached.

Approve minutes

Minutes of UMA telecon 2016-01-07 approved.

Issue #239

  • Proposal: Regardless of other decisions, develop a non-normative analysis of the attack and mitigations; revise as appropriate depending on other decisions taken (Sarah has this AI already)

Proposal accepted.

  • Proposal: Develop an extension specification, Enhanced Claims-Gathering Security Extension, to require cycling of the permission ticket when using the claims-gathering extension

Sal and Eve just discussed in email whether a stronger authentication mitigation would work. Session fixation happens after victim authentication, so it wouldn't help.

Robert mentioned to Eve offline that Wikipedia has some comments on session fixation that might be useful. Eve believes that since the permission ticket gets passed in UMA JSON messages, the countermeasures there may not apply, but we could look (for purposes of the non-normative analysis if ultimately nothing else).

  • For discussion: Consider also handling issue #167 in this extension if it has a security rationale

If the AS uses the flexibility to give a new endpoint, then there's the danger of giving an attacker new information outside of the discovery document that it didn't have before, which is a degradation of security. If the AS doesn't avail itself of the flexibility, then it doesn't seem to add anything. In any case, we're not thinking of a security rationale for adding this feature to the extension. In any case, it sounds like taking up #167 as part of the extension work doesn't meet our "#security use case bucket" goals, so we'll defer that till such time as we take up "#simplify use case bucket" work.

Consensus: We want to write and publish the extension specification.

  • For discussion (thanks Andi for these two new bullets!): Consider updating the UMA Core spec in some way to point non-normatively to the extension spec, and/or mention it from the UIG
  • For discussion (possibly at a later juncture): Consider if/when/how to fold the extension into a future UMA version (likely to be captured as a GitHub issue)

The WG itself can self-approve a technical specification, and the LC can approve that group output. (Are these "WG Reports"? Eve will check with the LC.) In other words, this could remain at a level sort of equivalent to an IETF I-D and not progress to an "RFC" level before it eventually gets absorbed into a later version of the UMA Core spec. We do want to recommend that everyone using the claims-gathering endpoint use this approach, but it all depends on the timing of any new UMA "V.next" version. We basically need to defer the decision about its "track" until we execute on the rest of our roadmap.

AI: Eve, Domenico, Maciej: Write the extension spec.

Can we publish these by next Thursday? Let's give the old college try. We want to publish and publicize the draft docs at the same time.

Wide ecosystem challenges

Eve presented a set of high-level statements that describe the dual nature of the challenges. Eve/James and Maciej will share some material on the challenges.

John observes that it's an ouroboros – a snake eating its own tail (or as Eve likes to call it, the bubble under the wallpaper that you can move but you can't remove).

Some discussion arose about different solutions, e.g.:

  • UMA-protected user claims endpoint ("UserInfo")
  • Agreed-on central authority (e.g. hospital) serving as a claims endpoint/AS (?) – akin to the question that has arisen over the last decade-plus about "who's the IdP"

The group agreed to collect all the potential solutions "without fear or favor" and then analyzes how well they solve the challenges.

Attendees

As of 16 Feb 2016, quorum is 6 of 10. (François, Domenico, Kathleen, Sal, Thomas, Andi, Robert, Maciej, Eve, Mike)

  1. Eve
  2. Kathleen
  3. François
  4. Domenico
  5. Sal
  6. Mike
  7. Maciej

Non-voting participants:

  • John W
  • Sarah
  • Adrian
  • George
  • Scott
  • Mark

Eve Maler
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl


_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma




--

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/

_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma



This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.