Hi Igor,

I welcome your initiative and framing of the problem with email. We certainly are seeing new tech encroaching on email including Slack and text messages even as innovation continues around how to triage email into various levels of urgency. Slack is particularly interesting as it has now crossed over into Zoom territory. With the rapid pace of improvement in Jitsi and slower pace of improvement around ActivityPub, open source and open standard messaging will need the document integration features associated with the resources in your proposal.

From the protocol perspective, the relationship between messaging and access control to resources is currently undergoing a lot of innovation. In the self-sovereign identity standards (SSI) workgroups we have efforts like DIDComm that I will not attempt to explain to anyone as well as discussions of so-called service endpoints linked to decentralized identifiers. Notification and Authorization service endpoints seem likely to be standardized.

In the UMA group, the question of how to handle notification comes up every once in a while. Notification is necessary when the Authorization Server needs to ask the Resource Owner a question because the policies it has are insufficient for an autonomous reply to a request. Notification is also necessary when a Resource Server invokes the "Adrian Clause" and ignores or acts differently than what the Authorization Server expects.

Going forward, I see the need to converge the SSI standards and practices with the OAuth-y standards and practices (SIOP is well on this road already) and this will likely open new opportunities to consider the role of messaging (where identifiers are clearly first-order objects) relative to authorization (where resources are clearly the first-order objects). My work under the Gold Button flag is an attempt to merge authentication and authorization protocols into the same interoperability badge. Here are two links https://github.com/w3c/did-use-cases/issues/101 and https://docs.google.com/document/d/1kZ7_Skcn4zb3zOfEu7XZDrYAmLR1T_pbBoSk8AEfrSg/edit#

My question to you and our group is about RS-first vs. AS-first flows and how they might relate to the email-specific problem you are addressing in your paper as it relates to the broader issues of blending messaging with authorization that I describe above.

- Adrian

On Tue, Sep 15, 2020 at 6:00 AM Igor Zboran <izboran@gmail.com> wrote:

Hello UMAnitarians,

I'd like to ask if someone from WG UMA would be interested to participate in the Authorization-Enhanced Mail System proposal. Please see the attached document.
It is an early draft proposal I've been working on for over a month.

Please send your questions, comments and suggestions to the WG-UMA mailing list.

Regards

Igor Zboran
_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
https://kantarainitiative.org/mailman/listinfo/wg-uma