Hello UMA Community,

For those of you who are interested in the intersection of human rights and digital identity systems, there will be an American Bar Association webinar today at 1pm EST;https://www.americanbar.org/events-cle/mtg/web/401314443/. I am on the panel along with the General Counsel of AccessNow and an attorney/Project Director from the American Association for the Advancement of Science. I do plan to mention UMA as a positive example of human rights-centric design. Apologies for the late notice.

Regards,

Tim

On Thu, Jul 23, 2020 at 10:37 AM Eve Maler <eve@xmlgrrl.com> wrote:
https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2020-07-23

Minutes

Roll call

Quorum was reached.

Approve minutes

Deferred.

New profiles

  • Resource definition profile status
  • Wallet profile

We should be driving towards revised spec text, ideally putting it into GitHub.

Last week, folks concentrated on the ASCII "spiral" diagram and draft spec text. Alec has a new draft diagram to try on us.

In the original UMA diagram, "manage" and "control" are out of scope. Alec is proposing that we bring these functions in scope. He states this explicitly by saying that he's specifying the "management and control interfaces". In UMA1 we used to call this Phase 1 vs. Phase 2. Now we think of this as the grant mechanism and the federated authorization mechanism, which is modular and optional with respect to grant. Is the wallet extension/profile modular and optional with respect to federated authorization? Alec illustrated it with a concentric Venn.

Since "wallet" is such a fraught term, calling it something else, ideally descriptive, could help us get beyond the challenge that it means something really specific elsewhere. What about "relationship manager"? That goes back to our roots. Eve asks everyone to think about what could be a good name that would serve us, for now, in a spec. Maybe something around the fact that we are finally standardizing the user side of the management and control interface (ironic that we are finally doing something about deeply standardizing "user management of access", eh?).

The cascading authorization server notion, which Pauldron implemented, bears some similarity to this idea. It has a "principal AS" within a specific domain, and a secondary AS that is RO-controlled. However, that original notion was intended to explicitly empower (in a sense) the AS against the RO's wishes, rather than to privacy-enhance the AS to protect the RO.

FHIR meetup

For those interested in HealthCare, Nancy provides this three-hour video from the FHIR meetup: [see wiki]

She suggests checking out at least the first half-hour. It is important to understand the perspective of the HL7 security group as they will be moving this along in Healthcare as the recognized experts. She also points to this FHIR chat (anyone can get a login). Nancy recommends that UMA's perspective be represented here. HEART came up, a little bit. Justin presented. Our webinar content could usefully be presented here.

Here is info on the video structure (original here):

Overview of fine-grained authorization approaches in FHIRJosh Mandel15minSlides here
Access control in aidboxNikolai Ryzhikov15minSlides here
XYZJustin Richer15minSlides here
An ABAC Architecture ApproachMatthew Tyler15minYes, can't share yet
Classification and LocalityChris Grenz15minSlides here
FHIR Data Segmentation for Privacy IGKathleen Connor15minhttp://hl7.org/fhir/uv/security-label-ds4p/2020May/
Parameterized compartmentsMichael Hansen15minSlides here

AI: Nancy: Find out how we get onto the agenda of the next HL7 meetup or the next appropriate gathering. Adrian also suggests reaching out to Josh. Nancy suggests also John Moehrke, Kathleen, and Graham.

We will, in the meantime, figure out the right content to present.

Webinar report

Alec reports pretty good attendance and some really good questions afterwards. Colin thought the content flowed well and was pitched just right. It was at the right technical level and had a relaxed tone. Nancy attended and thought it was great too. People can find the recording on the Kantara site's Resources area (Adrian says Safari is a better browser than Firefox due to a bug that's being worked on). The FHIR folks could handle more technical detail than was provided.

Attendees

As of July 8, 2020, quorum is 6 of 10. (Michael, Domenico, Peter, Sal, Gaurav, Thomas, Andi, Maciej, Eve, Mike)

  1. Michael
  2. Domenico
  3. Sal
  4. Thomas
  5. Maciej
  6. Eve

Non-voting participants:

  • Colin
  • Alec
  • Nancy
  • George
  • Adrian
  • Anik
  • Lisa
  • Patrick
  • Bjorn

Eve Maler
Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl

_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
https://kantarainitiative.org/mailman/listinfo/wg-uma