I'm working on the agenda, which will include a series of concrete issues to work through, mostly not huge and some from email (e.g. the latest from the set math thread). For now, if you haven't yet familiarized yourself with rev 10, please do. https://docs.kantarainitiative.org/uma/ed/uma-core-2.0-10.html Also, please make a note to do your best to attend all meetings through Feb 9. Here's the key part of the newly changed TOC; it could yet be changed further and I've already collected some good feedback: 1. Introduction 1.1 Roles and High-Level Communications 1.2 Notational Conventions 1.3 Federated Authorization 1.3.1 HTTP Usage 1.3.2 Resource and Scope Interpretation 1.4 Protocol Flow Summary 1.4.1 Protection API and Related Resource Owner Actions 1.4.2 Authorization Interface and Related Authorization Server and Requesting Party Actions 1.4.3 Protected Resource Interface and Related Resource Server Actions 1.5 Time-to-Live Considerations 2. Authorization Server Configuration 2.1 Configuration Properties 2.2 Configuration Document 2.3 Requests to Authorization Server for Configuration Document 2.4 Authorization Server Response Containing Configuration Document 3. Protocol Flow Details 3.1 Resource Server Obtains PAT 3.2 Resource Server Registers Resources for Protection 3.3 Client Attempts Access to Protected Resource With No Token 3.4 Resource Server Requests Permissions on Client's Behalf With Authorization Server 3.4.1 Resource Server Request to Permission Endpoint 3.4.2 Permission Ticket Creation and Management 3.4.3 Authorization Server Response to Resource Server on Permission Request Success 3.4.4 Authorization Server Response to Resource Server on Permission Request Failure 3.5 Resource Server Responds to Client's Tokenless Access Attempt 3.5.1 Resource Server Response to Client on Permission Request Success 3.5.2 Resource Server Response to Client on Permission Request Failure 3.6 Authorization Process: The UMA Grant 3.6.1 Client Request to Authorization Server for RPT 3.6.2 Client Request to Authorization Server for RPT With Pushed Claims 3.6.3 Client Redirect of User Agent to Authorization Server for Interactive Claims-Gathering 3.6.4 Authorization Server Redirect of User Agent Back to Client After Interactive Claims-Gathering 3.6.5 Authorization Assessment 3.6.6 Authorization Server Response to Client on Authorization Success 3.6.7 Authorization Server Response to Client on Authorization Success With PCT 3.6.8 Authorization Server Response to Client on Authorization Failure 3.7 Client Attempts Access to Protected Resource With RPT 3.8 Resource Server Determines RPT Status 3.8.1 Resource Server Request to Token Introspection Endpoint 3.8.2 Authorization Server Response to Resource Server on Token Introspection Success 3.9 Resource Server Responds to Client’s Access Attempt With RPT 3.9.1 Permissions Assessment 3.9.2 Resource Server Response to Client on Sufficiency of Authorization 3.9.3 Resource Server Response to Client on Insufficiency of Authorization Eve Maler (sent from my iPad) | cell +1 425 345 6756