Attending: Eve, Paul, Allan

Agenda bashing:

- Looking at UMA in the context of sport (Australian Digital Transformation Office has an interest)

There are similarities to health, and there are customer relationships as well. An under-6 soccer game involves two teams, two clubs, a competition organizer, a venue manager, and a referees’ organization. There are different legal entities, and a lot of personal data flying between them. This is what makes it a little similar to health.

“Children checks” involves officials who are members of sport organizations that cross state-level jurisdictions. And a lot of people involved are volunteers. If a dad is a volunteer coach, he still has to go through the check. If one person is a coach for two different teams/kids/sports, the person may have to go through the check multiple times. Paper forms are often still involved in this world. There are also sport associations at local, state, national, and international levels, responsible for different parts of the process. The vision would be, e.g., that a volunteer coach could go through a single check and have it be valid for other activities as long as it’s fresh enough. Along with underage child regulations, there are also anti-doping regulations to think about.

There’s an interest in trust frameworks around this. What’s the relationship between UMA trust framework opportunities and the Kantara and OIX work on trust frameworks and the UMA legal subgroup work?

The Kantara trust framework came out of the US FICAM and NIST SP 800-63 material, but is not US-specific. Kantara has approved assessors that approve organizations under that trust framework. A key motivation for doing this is actual FICAM acceptance, which is valuable for (likely) being accepted sight unseen by the US General Services Administration. There’s work ongoing to map US and UK trust frameworks.

OIX runs a registry that can hold registrations, for communities of interest that have a trust framework, of members in good standing in that framework. Right now it only holds one set of entries, for a technical-level community run by OpenID Foundation recording self-certified conformance to the specs.

So Kantara sort of specializes in “config-time” and OIX sort of specializes in “run-time”.

Some other identity federations in higher education and research have their own trust frameworks.

What is the UMA legal subgroup doing? The mission of record is:

"Develop recommendations about resource owner-and-requesting party [Alice-and-Bob], resource server-and-authorization server [service-and-hub], and any other transactional relationships in the UMA environment, keeping in mind international jurisdictional friendliness; applicability to many different vertical and horizontal use cases, including health; and support of higher-level access federation trust frameworks and similar efforts.”

The parallels between health and sport are actually pretty strong, as long as we stay away from only government, only health, only US, etc. One difference is that the people and even some of the organizations involved are at a small, non- or under-funded scale. It’s mom-and-pop a lot of times, and volunteers can’t deploy IT infrastructure.

AI: Paul: Follow up on these notes with some specifics on “legal use cases” that arise out of the sport scenario. Who would be the Principal of interest in each? Etc.

- V1.0.1 status update?

We should close the specs for 45-day public review as of next Thursday or earlier. That would mean it’s effectively stable at that point, modulo public review period comments.


Eve Maler | cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl | Calendar: xmlgrrl@gmail.com

_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma