http://kantarainitiative.org/confluence/display/uma/UMA+telecon+2017-04-20 Date and Time - *Thursdays, 9-10am PT* - Screenshare and dial-in: http://join.me/findthomas - UMA calendar: http://kantarainitiative.org/confluence/display/uma/Calendar Agenda - Roll call - Approve minutes of UMA telecon 2017-03-09 <http://kantarainitiative.org/confluence/display/uma/UMA+telecon+2017-03-09> - UMA V2.0 work: - All GitHub issues for V2.0 <https://github.com/KantaraInitiative/wg-uma/issues?q=is%3Aopen+is%3Aissue+label%3AV2.0>/ dynamic swimlane <http://www.websequencediagrams.com/files/render?link=Pu0sP0Oe2kjKc2WgdKZd> - Core is up to 21 <https://docs.kantarainitiative.org/uma/ed/uma-core-2.0-21.html> and RReg is up to 08 <http://docs.kantarainitiative.org/uma/ed/oauth-resource-reg-2.0-08.html> (back to editors' drafts) - Most issues were proactively closed because we had good consensus on substantive issue discussions and/or the issues were editorial - What was done (you've had this list since Monday): - #293 <https://github.com/KantaraInitiative/wg-uma/issues/293>: Check/fix all examples for missing required (and optional) fields; other editorial (the not-quite-editorial change to "flatten" the pushing of claim tokens so that a client pushes one claim token at a time; see Core Sec 3.6.1 <https://docs.kantarainitiative.org/uma/ed/uma-core-2.0-21.html#uma-grant-type> ) - #294 <https://github.com/KantaraInitiative/wg-uma/issues/294>: Consider a proof-of-possession option for the RPT core security (see Core Sec 6.2 <https://docs.kantarainitiative.org/uma/ed/uma-core-2.0-21.html#rfc.section.6.2> ) - #295 <https://github.com/KantaraInitiative/wg-uma/issues/295>: When a requesting party needs to withdraw their access core (see Core Sec 3.11 <https://docs.kantarainitiative.org/uma/ed/uma-core-2.0-21.html#token-revocation> ) - #302 <https://github.com/KantaraInitiative/wg-uma/issues/302>: Typo in RReg source regarding the stylesheet editorial rsrc-reg (trivial; RReg didn't change substantively) - Your turn to yell (*before* the call) if you're not happy with this - *#290 <https://github.com/KantaraInitiative/wg-uma/issues/290>* (Generality of RReg spec?) and *#296 <https://github.com/KantaraInitiative/wg-uma/issues/296>* (Out-of-the-box profiling for tight AS-RS coupling): Should have a concrete proposal for discussion - *#298 <https://github.com/KantaraInitiative/wg-uma/issues/298>* (Reconsider whether ticket should be on all redirect-back AS responses): a "flattened" claim token in native form-urlencoded format was implemented in Core Sec 3.6.3 <https://docs.kantarainitiative.org/uma/ed/uma-core-2.0-21.html#redirect-back> -- didn't close this issue yet because only a relatively small subset of us discussed the recommendation, so let's review - *#303 <https://github.com/KantaraInitiative/wg-uma/issues/303>* (Cleaning up the security considerations: JSON Usage): Possibly pass a quick eye over this one - *New:* *#304 <https://github.com/KantaraInitiative/wg-uma/issues/304>* (Do we need the UMA error invalid_request?): Let's consider this - *#297 <https://github.com/KantaraInitiative/wg-uma/issues/297>* (Add the authorization process flowchart or some other visual explanation): To be closed without action unless someone speaks up - Logistics/timing - AOB *Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl