Asking #wideeco "solution champions" to prepare to present their ideas at upcoming WG calls
Hi all-- The agenda for our call yesterday tried to summarize what I think is the most up-to-date list of ideas I've heard so far: - Examining solutions for wide ecosystem challenges (Eve's challenge analysis doc <https://docs.google.com/document/d/1lJXDFzlq8j-m0f8mELjqYcX6PPcYSjOuxiGHzwU7dDE/edit?usp=sharing>) – look at: - UMA-protected UserInfo? (various) *[Mike]* - Different patterns of Alice's AS and RS's accepting and providing federated logins? (Adrian) - "Multi-party" proposal? (Justin) (engages with #APIsec and #simplify use case buckets too) *[also #IoT as discussed on Thursday]* - AS requests claims and client does act_as Bob to send them? (Mike, James) - Alice's AS dynamically gets client credentials to Bob's claim sources? (various) *[Eve]* - Meta-suggestion: Should trust elevation methods be modularized? (James) - Others? Can the people identified above please take action items to present at upcoming calls? If you're not clear on what this is about, or if you can't do this action, please let me know. Thanks! And remember, we've got some upcoming "holes" in our Q2 WG meeting schedule. I've just deleted some of our Thursday meetings (Fridays haven't been impacted yet), with possibly a couple more to come. We've got some exciting work coming up, so let's try to press ahead with offline prep such as this. *Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
I've also done a little bit of suggested reordering of the roadmap <http://kantarainitiative.org/confluence/display/uma/UMA+Roadmap+for+2016> priorities to account for the appearance of so many use case buckets in the first bullet in the list, and other realities; please see what you think. Essentially, we can't really consider Justin's proposals for #wideeco without also considering their #simplify impact, and some of their #IoT impact, but some other #IoT analysis will have to wait a bit longer. Also, we don't have any #security work on our docket at the moment, but more could arise at any time, and there's some constant legal-subgroup work being done. Etc. Oh, and I've put the named people who I hope will take on action items directly on the cc list this time, to draw their attention to my request. Happy Friday! :-) *Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl On Fri, Apr 8, 2016 at 9:52 AM, Eve Maler <eve@xmlgrrl.com> wrote:
Hi all-- The agenda for our call yesterday tried to summarize what I think is the most up-to-date list of ideas I've heard so far:
- Examining solutions for wide ecosystem challenges (Eve's challenge analysis doc <https://docs.google.com/document/d/1lJXDFzlq8j-m0f8mELjqYcX6PPcYSjOuxiGHzwU7dDE/edit?usp=sharing>) – look at: - UMA-protected UserInfo? (various) *[Mike]* - Different patterns of Alice's AS and RS's accepting and providing federated logins? (Adrian) - "Multi-party" proposal? (Justin) (engages with #APIsec and #simplify use case buckets too) *[also #IoT as discussed on Thursday]* - AS requests claims and client does act_as Bob to send them? (Mike, James) - Alice's AS dynamically gets client credentials to Bob's claim sources? (various) *[Eve]* - Meta-suggestion: Should trust elevation methods be modularized? (James) - Others?
Can the people identified above please take action items to present at upcoming calls? If you're not clear on what this is about, or if you can't do this action, please let me know. Thanks!
And remember, we've got some upcoming "holes" in our Q2 WG meeting schedule. I've just deleted some of our Thursday meetings (Fridays haven't been impacted yet), with possibly a couple more to come. We've got some exciting work coming up, so let's try to press ahead with offline prep such as this.
*Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
AI for discussion: Different patterns of Alice's AS and RS's accepting and providing federated logins? (Adrian) I would like to champion a #wideeco solution called "A Lock to Alice's Shared Door" as follows: - The RS is an IoT lock on the shared door of a multi-unit condo. - The lock has to work even if disconnected from the internet. - Alice has her own AS in her own condo. - Alice has to be able to unlock the shared door even if disconnected from the internet. - Alice carries a smartphone that can connect to the RS and AS locally and via the internet. - Bob is a guest that wants to access the shared door based on Alice's AS policies. - Bob carries a smartphone that can connect to the RS and AS locally and via the internet. - The shared door RS and Alice's AS are each built on standard commodities that include a typical secure element. - e.g.: https://www.arduino.cc/en/Main/ArduinoMKR1000 including http://www.atmel.com/products/security-ics/cryptoauthentication/ecc-256.aspx - Bob can present claims to Alice's AS: 1. by referencing a personal certificate previously stored in the AS (e.g.: using PGP, a FIDO key, or equivalent) 2. by contacting Alice out-of-band for a one-time credential into her AS 3. by authenticating to the RS (assuming the RS has been configured as an IdP and is trusted by the AS) 4. by authenticating to an IdP (assuming the internet is working and the IdP is trusted by the AS) 5. by authenticating to a blockchain persona like https://medium.com/@ConsenSys/uport-the-wallet-is-the-new-browser-b133a83fe7... this could involve a camera and face recognition as in http://www.planetbiometrics.com/article-details/i/4238/desc/google-trialling... 6. by following a claims gathering process directed by Alice's AS I believe these 6 are the only distinct categories and I would hope that Alice's AS supports all of them if Alice is willing to take the time to configure them. Within each category, there will be various user experiences depending on what kind of technology Bob has in his pocket. Adrian On Fri, Apr 8, 2016 at 4:40 PM, Eve Maler <eve@xmlgrrl.com> wrote:
I've also done a little bit of suggested reordering of the roadmap <http://kantarainitiative.org/confluence/display/uma/UMA+Roadmap+for+2016> priorities to account for the appearance of so many use case buckets in the first bullet in the list, and other realities; please see what you think. Essentially, we can't really consider Justin's proposals for #wideeco without also considering their #simplify impact, and some of their #IoT impact, but some other #IoT analysis will have to wait a bit longer. Also, we don't have any #security work on our docket at the moment, but more could arise at any time, and there's some constant legal-subgroup work being done. Etc.
Oh, and I've put the named people who I hope will take on action items directly on the cc list this time, to draw their attention to my request.
Happy Friday! :-)
*Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
On Fri, Apr 8, 2016 at 9:52 AM, Eve Maler <eve@xmlgrrl.com> wrote:
Hi all-- The agenda for our call yesterday tried to summarize what I think is the most up-to-date list of ideas I've heard so far:
- Examining solutions for wide ecosystem challenges (Eve's challenge analysis doc <https://docs.google.com/document/d/1lJXDFzlq8j-m0f8mELjqYcX6PPcYSjOuxiGHzwU7dDE/edit?usp=sharing>) – look at: - UMA-protected UserInfo? (various) *[Mike]* - Different patterns of Alice's AS and RS's accepting and providing federated logins? (Adrian) - "Multi-party" proposal? (Justin) (engages with #APIsec and #simplify use case buckets too) *[also #IoT as discussed on Thursday]* - AS requests claims and client does act_as Bob to send them? (Mike, James) - Alice's AS dynamically gets client credentials to Bob's claim sources? (various) *[Eve]* - Meta-suggestion: Should trust elevation methods be modularized? (James) - Others?
Can the people identified above please take action items to present at upcoming calls? If you're not clear on what this is about, or if you can't do this action, please let me know. Thanks!
And remember, we've got some upcoming "holes" in our Q2 WG meeting schedule. I've just deleted some of our Thursday meetings (Fridays haven't been impacted yet), with possibly a couple more to come. We've got some exciting work coming up, so let's try to press ahead with offline prep such as this.
*Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
-- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
Adrian, so far this looks like a use case (and an interesting IoT use case at that) -- but not quite a solution description, in that we don't know if it actually resolves #wideeco problems we've identified. E.g., the mechanism of providing claims works great in narrow and medium ecosystems already, but it seems to break down in wide ecosystems for various reasons. Can you please start a new thread, and also be sure to describe which challenges in the challenge analysis document (and/or any other new challenges not previously discussed) your solution purports to solve? It's perhaps also worth noting that there are smart door looks and doorbell products on the market, if not ones with UMA capabilities; can we learn from what they do now? (We'll probably want a new thread per solution area.) *Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl On Sat, Apr 9, 2016 at 2:07 PM, Adrian Gropper <agropper@healthurl.com> wrote:
AI for discussion: Different patterns of Alice's AS and RS's accepting and providing federated logins? (Adrian)
I would like to champion a #wideeco solution called "A Lock to Alice's Shared Door" as follows:
- The RS is an IoT lock on the shared door of a multi-unit condo. - The lock has to work even if disconnected from the internet. - Alice has her own AS in her own condo. - Alice has to be able to unlock the shared door even if disconnected from the internet. - Alice carries a smartphone that can connect to the RS and AS locally and via the internet. - Bob is a guest that wants to access the shared door based on Alice's AS policies. - Bob carries a smartphone that can connect to the RS and AS locally and via the internet. - The shared door RS and Alice's AS are each built on standard commodities that include a typical secure element. - e.g.: https://www.arduino.cc/en/Main/ArduinoMKR1000 including http://www.atmel.com/products/security-ics/cryptoauthentication/ecc-256.aspx - Bob can present claims to Alice's AS: 1. by referencing a personal certificate previously stored in the AS (e.g.: using PGP, a FIDO key, or equivalent) 2. by contacting Alice out-of-band for a one-time credential into her AS 3. by authenticating to the RS (assuming the RS has been configured as an IdP and is trusted by the AS) 4. by authenticating to an IdP (assuming the internet is working and the IdP is trusted by the AS) 5. by authenticating to a blockchain persona like https://medium.com/@ConsenSys/uport-the-wallet-is-the-new-browser-b133a83fe7... this could involve a camera and face recognition as in http://www.planetbiometrics.com/article-details/i/4238/desc/google-trialling... 6. by following a claims gathering process directed by Alice's AS
I believe these 6 are the only distinct categories and I would hope that Alice's AS supports all of them if Alice is willing to take the time to configure them. Within each category, there will be various user experiences depending on what kind of technology Bob has in his pocket.
Adrian
On Fri, Apr 8, 2016 at 4:40 PM, Eve Maler <eve@xmlgrrl.com> wrote:
I've also done a little bit of suggested reordering of the roadmap <http://kantarainitiative.org/confluence/display/uma/UMA+Roadmap+for+2016> priorities to account for the appearance of so many use case buckets in the first bullet in the list, and other realities; please see what you think. Essentially, we can't really consider Justin's proposals for #wideeco without also considering their #simplify impact, and some of their #IoT impact, but some other #IoT analysis will have to wait a bit longer. Also, we don't have any #security work on our docket at the moment, but more could arise at any time, and there's some constant legal-subgroup work being done. Etc.
Oh, and I've put the named people who I hope will take on action items directly on the cc list this time, to draw their attention to my request.
Happy Friday! :-)
*Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
On Fri, Apr 8, 2016 at 9:52 AM, Eve Maler <eve@xmlgrrl.com> wrote:
Hi all-- The agenda for our call yesterday tried to summarize what I think is the most up-to-date list of ideas I've heard so far:
- Examining solutions for wide ecosystem challenges (Eve's challenge analysis doc <https://docs.google.com/document/d/1lJXDFzlq8j-m0f8mELjqYcX6PPcYSjOuxiGHzwU7dDE/edit?usp=sharing>) – look at: - UMA-protected UserInfo? (various) *[Mike]* - Different patterns of Alice's AS and RS's accepting and providing federated logins? (Adrian) - "Multi-party" proposal? (Justin) (engages with #APIsec and #simplify use case buckets too) *[also #IoT as discussed on Thursday]* - AS requests claims and client does act_as Bob to send them? (Mike, James) - Alice's AS dynamically gets client credentials to Bob's claim sources? (various) *[Eve]* - Meta-suggestion: Should trust elevation methods be modularized? (James) - Others?
Can the people identified above please take action items to present at upcoming calls? If you're not clear on what this is about, or if you can't do this action, please let me know. Thanks!
And remember, we've got some upcoming "holes" in our Q2 WG meeting schedule. I've just deleted some of our Thursday meetings (Fridays haven't been impacted yet), with possibly a couple more to come. We've got some exciting work coming up, so let's try to press ahead with offline prep such as this.
*Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
participants (2)
-
Adrian Gropper -
Eve Maler