Minutes

Roll call

Quorum was reached.

Minutes approval

MOTION: Approve the minutes of UMA telecon 2015-09-03. APPROVED by unanimous consent.

Issue #205

Since the client already has to pass a state parameter, that can carry the burden of the ticket state anyway and enable the client to be stateless if it wants to be. It's good practice for the client to bind up the ticket into encrypted form in the state.

Options:

1. Stand pat: Keep the AS requirement and change nothing else
2. Keep the AS requirement and encourage the client to check it ("MAY") - Justin
3. Keep the AS requirement and encourage the client to ignore it
4. Soften the AS requirement, making it optional ("MAY"), and encourage the client to ignore it – and indicate that we intend to remove it in a later release - George, Mike, Maciej, Andi
5. Remove it from the AS's response – not backwards compatible

Editorial instruction: Change to option #4 in the spec.

Issue #225

Mike and Justin have reviewed and are okay with it. We're fine.

Editorial instruction: Add "client's" to "the...request" at the end.

Issue #207

Editorial instruction: Instead of "Errors can occur at the OAuth level and the UMA level.", say "Both OAuth and UMA errors can occur.", and check for "level" throughout.

Issue #185

George and Mike are good with it. We're fine.

Issue #198

Formatting will be taken care of! Thanks, Maciej!

Claims-awareness as a concept

Claims-redirect-uri should be registered not just if client is claims-unaware, but if it anticipates being untrusted or needing to redirect rqp ever (appears multiple times)
Mention claims-unawareness and also untrustworthiness etc. in claims-redirect section?

Tiny editorial things

Smart quotes, UMA-configuration file path and https: mention need spanx, Add period to IPR statements in stylesheet, Sort Core references, Remove this from 3.5.4.2: An example of the use of these properties appears in Section 3.5.4, if we approve the docs for Public Review: change Status of This Document section and appropriate other metadata.

Editorial instruction: Excise claims-awareness and claims-unawareness language from the spec.

Consider approval of specs for 45-day Public Review

MOTION: Andi moves and Maciej seconds: Approve of the Core and RSR specs of 2015-09-09, as amended according to the instructions of UMA telecon 2015-09-10, for progression to 45-day Public Review. APPROVED by unanimous consent.

AI: Eve: Work with Jane C and the Kantara staff on the review process.

Discuss and consider approval of IETF I-D publication

Could be confusing to people as to what the canonical specification is. If we let the current I-Ds expire on October 6, then they have to come to Kantara for the latest specs.

On the other hand, having the UMA specs on the IETF site helps with marketing. Mike's experience with the Open Interconnect Consortium showed this.

No conclusion for now!

UIG

Can we press forward on this? Arlene can be one of our test readers. 

Katie and Andi offer help.

Logistics

Let's not meet next Thursday.

Upcoming meetings will have a theme of interop testing.

AI status

• AI: Thomas: Review the charter for potential revisions in this annual cycle.
• AI: Sal: Investigate IP implications of formal liaison activities with other Kantara groups with the LC, and ultimately draft an LC Note as warranted.
• AI: Gil: Edit the UIG to add Ishan's content and excerpt it for Eve to add to the FAQ, pointing everyone to the UIG.
• AI: Mike: Write SCIM protection case study to highlight client claims-based use case.
• AI: Maciej: Write as many sections for the UIG as he can.
• AI: Justin: Write a UIG section on default-deny and race conditions.

Attendees

As of 10 Sep 2015 (pre-meeting), quorum is 6 of 11. (François, Domenico, Sal, Thomas, Andi, Robert, Maciej, Eve, Arlene, Mike, Jon)

1. Eve
2. Domenico
3. Arlene
4. Maciej
5. Mike
6. Andi
7. Sal

Non-voting participants:

• Adrian
• Ishan
• Justin
• Sarah
• George
• Katie
• Scott
• Colin

Regrets:

• James