(The agenda/minutes page will be updated when I'm able to log in to Confluence.)


Agenda

  • Roll call
  • Approve minutes of UMA telecon 2019-03-142019-03-28, 2019-04-04, 2019-04-18, 2019-05-23
  • Meeting times and upcoming schedule
  • UMA interop results session at Identiverse
  • Continue IETF 105 and OAuth.XYZ/transactional authorization discussion
  • Business-legal framework (was business model) update
  • AOB

Minutes

Roll call

Quorum was reached.


Approve minutes


MOTION: Approve minutes of UMA telecon 2019-03-142019-03-28, 2019-04-04, 2019-04-18, 2019-05-23. APPROVED by acclamation.


Meeting times and upcoming schedule

Peter can't make our Thursday call times, nor even Tuesdays. Dare we renegotiate?


Q2 has been especially bad for others as well (Andi for Identiverse, Mike for the “world tour”, identity conferences generally). Peter’s standing conflicts are unfortunate but there will always be someone. Eve could offer occasional ad hoc catchups (perhaps using the Friday 7am slot, particularly if that already works for Peter) for those who persistently can’t make (intended to be) quorate meetings, though it may mean Peter might need to step back from his voting status if we keep the meetings where they are. Let’s see if a second voting participant starts having problems with the current Thursday slot and only reassess then.


We're off both Jun 6 (chair unavailable) and also Jun 13 (Identity Week in London). We do have a meeting on Jun 20, before Identiverse.


UMA interop results session at Identiverse

Gluu has started to collect interop results on this page, against their endpoints. So far there are results from Keycloak and Identos, and results from WSO2 are coming. Mike reports that Identos did a great job, even submitting PRs against the Gluu code, and not needing any direction. Right now Gluu’s test code doesn’t have a developer on it, but Mike is happy to have someone take over maintenance. Alec explains that the PRs he submitted reflected “client differences”, but he hasn’t yet deployed Gluu Gateway to test against it. There is a hosted version of the GG that would assist in testing, so Mike is thinking about making that available. Then we could just point people to the endpoints.


Andi is working on trying to find us an interop results report-out session. It could be just a “BOF” type of session over lunch or something. Alec/Identos will be at Identiverse, and could run such a session. (Yay!) We’ll have to see how formal or informal the session might end up being, but at least now we could say that there are some substantial results to report, and this would stimulate more interest, more results to be reported, and more implementations to come out of the woodwork.


Mike notes that GG is going to be re-licensed, such that it will have a free tier in a transaction volume pricing model.


UMA on Facebook

FYI, we’re shutting down the UserManagedAccess Facebook page due to lack of interest (and Eve leaving Facebook!).


Should we create some sort of LinkedIn page for UMA? It could be an organization. Kantara has a LinkedIn page. Mike mentions that he is an UMA WG member, and can’t link that mention to the organization. Also, any tweets from the UMAWG handle could be posted automatically to LinkedIn as well. Things like a mention of Mike’s blog post that he’s about to put up (about his demo of UMA+Axiomatics XACML policies) could be on both Twitter and LI.


AI: Eve: Consult with Colin on the idea of making the UMA WG a LinkedIn “company” that people can link to when they say they’re a member of it in their profiles.


Continue IETF 105 and OAuth.XYZ/transactional authorization discussion

See our notes from last week. Eve reached out to both Justin and Hannes regarding our new inclination to change what we recommended to the OAuth WG.


Thomas thinks “informational” is good because the specs would remain the most stable, if we continue down the new path we’re thinking of. So that would mean we would file the two UMA2 specs as informational RFCs. Mike would prefer that any version of UMA that starts being unstable again not be called “UMA”. Nancy comments on the amazing collaboration of subject matter experts in the venues she has experienced. Work at the OAuth WG level wouldn’t reflect the collaboration we’ve had here.


If we don’t see interest in adoption from the OAuth WG, on the other hand, we might not want to stimulate too much demand in the sense that it stimulates desire to change UMA in backwards-incompatible ways.


AI: Eve and Thomas: Send info to the list on what next steps would be in turning the UMA specs into informational RFCs, especially given our already-done contributions.


Rich mentions that there needs to be higher awareness of UMA among other Kantara WGs. Eve points to lots of material on our wiki home page, including “UMA 101” slide decks. Eve is willing to join WG meetings to walk through that material as interest arises. Rich will be a liaison!


Business-legal framework (was business model) update

There's a new spreadsheet reflecting our use cases work. Our notes are kept here. Please ask to be added to the calendar invitation if you're not on it.


There are some new and interesting topics of a technical nature coming up there.


Attendees

As of 28 May 2019, quorum is 5 of 9. (Domenico, Peter, Sal, Rich, Andi, Maciej, Eve, Mike, Cigdem)


  1. Domenico
  2. Rich Furr - new voting participant - coming out of (boring) retirement to join us for pro bono work - 20-year career Air Force, signals intel, biopharma (SAFE), Kantara’s birth, IAWG, HIAWG
  3. Maciej
  4. Eve
  5. Mike


Non-voting participants:

  • Adrian
  • Alec
  • Mark
  • Nancy
  • Thomas


Regrets:

  • Lisa
  • Cigdem

Eve Maler
Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl