Draft minutes of UMA telecon 2018-03-01
https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2018-03-01 MinutesRoll call Quorum was reached. Approve minutes Approve minutes of UMA telecon 2018-02-22 <https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2018-02-22>: APPROVED. Report on number of downloads Downloads of the PDF versions of the Recommendations on the increase, seemingly because of the press release that was put out. Call for interest in RS/C open source Eve is increasingly asked about libraries for RS's and clients. Gluu's OXD has a lot of language support. Its approach is to have a middleware service, with connectors. They're working on a Kong proxy that acts as an UMA RS. It swaps the contents of the authorization header for an RPT. Mike thinks the barrier to writing UMA client software is pretty high; the same is sort of true for OIDC, as demonstrated by the sheer number of libraries. So maybe with UMA a "clean slate" approach could be taken vs. just making random libraries. The demand surely seems to be there. Might this an IIW topic? Who is attending in the spring (Apr 3-5)? Mike, Eve, Sal possible, Thomas hopefully. Scope expression extension discussion Mike's email proposal is here <https://groups.google.com/forum/#!topic/kantara-initiative-uma-wg/ESSwRI7B-cA>. The idea is that it wasn't clear whether somebody meant "this scope AND this scope" or "this scope OR this scope" in selecting scopes in a policy-setting interface. He came across JSON Logic, a standard format for expressing Boolean expressions in JSON. There are some GUI tools out there with the ability to take JSON Logic and do something with it. He proposes extending the resource description with a scope_expressions parameter, which adds relationships of the scopes provided in the resource_scopes parameter. Example: An RS admin configures a /profile path into their API gateway; in order to do a GET on that endpoint, you need either a Customer or Partner scope and must have the 2Factor and FraudOk scopes. This drives resource registration. (The Gluu Gateway, coming out in roughly early April, will be MIT-license open source, but OXD will be a licensed solution, Mike says.) In FedAuthz Sec 3.1 <https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-federated-authz-2.0.html#resource-set-desc>, notice that we've been somewhat ambiguous about whether any resource_scopes are required to be supplied: "resource_scopes: REQUIRED. An array of strings..." Conclusion for now: There's no particular urgency around this. It would be good if Gluu writes up a "clean' extension document that could enable others to interoperate on the basis of this extension parameter and its operating rules. If there ends up being a community of interest around the extension, then that suggests it's worth taking up as a work item in the WG. Upcoming work Unless a request for an extension erupts, let's not meet next week. Note that gathering new security considerations also counts as "enhancing the current specs" for purposes of the fresh roadmap/charter we just hammered out. Attendees As of 7 Mar 2017, quorum is 4 of 7. (Domenico, Sal, Andi, Maciej, Eve, Mike, Cigdem) 1. Domenico 2. Sal 3. Andi 4. Maciej 5. Eve 6. Mike 7. Cigdem Non-voting participants: - Yuriy - Thomas *Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
I'll be at IIW and would love to talk about how to drive UMA adoption. Adrian On Thu, Mar 1, 2018 at 12:58 PM, Eve Maler <eve@xmlgrrl.com> wrote:
https://kantarainitiative.org/confluence/display/uma/UMA+ telecon+2018-03-01 MinutesRoll call
Quorum was reached. Approve minutes
Approve minutes of UMA telecon 2018-02-22 <https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2018-02-22>: APPROVED. Report on number of downloads
Downloads of the PDF versions of the Recommendations on the increase, seemingly because of the press release that was put out. Call for interest in RS/C open source
Eve is increasingly asked about libraries for RS's and clients.
Gluu's OXD has a lot of language support. Its approach is to have a middleware service, with connectors. They're working on a Kong proxy that acts as an UMA RS. It swaps the contents of the authorization header for an RPT. Mike thinks the barrier to writing UMA client software is pretty high; the same is sort of true for OIDC, as demonstrated by the sheer number of libraries. So maybe with UMA a "clean slate" approach could be taken vs. just making random libraries.
The demand surely seems to be there. Might this an IIW topic? Who is attending in the spring (Apr 3-5)? Mike, Eve, Sal possible, Thomas hopefully. Scope expression extension discussion
Mike's email proposal is here <https://groups.google.com/forum/#!topic/kantara-initiative-uma-wg/ESSwRI7B-cA>. The idea is that it wasn't clear whether somebody meant "this scope AND this scope" or "this scope OR this scope" in selecting scopes in a policy-setting interface. He came across JSON Logic, a standard format for expressing Boolean expressions in JSON. There are some GUI tools out there with the ability to take JSON Logic and do something with it. He proposes extending the resource description with a scope_expressions parameter, which adds relationships of the scopes provided in the resource_scopes parameter.
Example: An RS admin configures a /profile path into their API gateway; in order to do a GET on that endpoint, you need either a Customer or Partner scope and must have the 2Factor and FraudOk scopes. This drives resource registration. (The Gluu Gateway, coming out in roughly early April, will be MIT-license open source, but OXD will be a licensed solution, Mike says.)
In FedAuthz Sec 3.1 <https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-federated-authz-2.0.html#resource-set-desc>, notice that we've been somewhat ambiguous about whether any resource_scopes are required to be supplied: "resource_scopes: REQUIRED. An array of strings..."
Conclusion for now: There's no particular urgency around this. It would be good if Gluu writes up a "clean' extension document that could enable others to interoperate on the basis of this extension parameter and its operating rules. If there ends up being a community of interest around the extension, then that suggests it's worth taking up as a work item in the WG. Upcoming work
Unless a request for an extension erupts, let's not meet next week.
Note that gathering new security considerations also counts as "enhancing the current specs" for purposes of the fresh roadmap/charter we just hammered out. Attendees
As of 7 Mar 2017, quorum is 4 of 7. (Domenico, Sal, Andi, Maciej, Eve, Mike, Cigdem)
1. Domenico 2. Sal 3. Andi 4. Maciej 5. Eve 6. Mike 7. Cigdem
Non-voting participants:
- Yuriy - Thomas
*Eve Maler*Cell +1 425.345.6756 <(425)%20345-6756> | Skype: xmlgrrl | Twitter: @xmlgrrl
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
-- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: https://patientprivacyrights.org/donate-3/
Thanks, Adrian! *Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl On Thu, Mar 1, 2018 at 11:24 AM, Adrian Gropper <agropper@healthurl.com> wrote:
I'll be at IIW and would love to talk about how to drive UMA adoption.
Adrian
On Thu, Mar 1, 2018 at 12:58 PM, Eve Maler <eve@xmlgrrl.com> wrote:
https://kantarainitiative.org/confluence/display/uma/UMA+tel econ+2018-03-01 MinutesRoll call
Quorum was reached. Approve minutes
Approve minutes of UMA telecon 2018-02-22 <https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2018-02-22>: APPROVED. Report on number of downloads
Downloads of the PDF versions of the Recommendations on the increase, seemingly because of the press release that was put out. Call for interest in RS/C open source
Eve is increasingly asked about libraries for RS's and clients.
Gluu's OXD has a lot of language support. Its approach is to have a middleware service, with connectors. They're working on a Kong proxy that acts as an UMA RS. It swaps the contents of the authorization header for an RPT. Mike thinks the barrier to writing UMA client software is pretty high; the same is sort of true for OIDC, as demonstrated by the sheer number of libraries. So maybe with UMA a "clean slate" approach could be taken vs. just making random libraries.
The demand surely seems to be there. Might this an IIW topic? Who is attending in the spring (Apr 3-5)? Mike, Eve, Sal possible, Thomas hopefully. Scope expression extension discussion
Mike's email proposal is here <https://groups.google.com/forum/#!topic/kantara-initiative-uma-wg/ESSwRI7B-cA>. The idea is that it wasn't clear whether somebody meant "this scope AND this scope" or "this scope OR this scope" in selecting scopes in a policy-setting interface. He came across JSON Logic, a standard format for expressing Boolean expressions in JSON. There are some GUI tools out there with the ability to take JSON Logic and do something with it. He proposes extending the resource description with a scope_expressions parameter, which adds relationships of the scopes provided in the resource_scopes parameter.
Example: An RS admin configures a /profile path into their API gateway; in order to do a GET on that endpoint, you need either a Customer or Partner scope and must have the 2Factor and FraudOk scopes. This drives resource registration. (The Gluu Gateway, coming out in roughly early April, will be MIT-license open source, but OXD will be a licensed solution, Mike says.)
In FedAuthz Sec 3.1 <https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-federated-authz-2.0.html#resource-set-desc>, notice that we've been somewhat ambiguous about whether any resource_scopes are required to be supplied: "resource_scopes: REQUIRED. An array of strings..."
Conclusion for now: There's no particular urgency around this. It would be good if Gluu writes up a "clean' extension document that could enable others to interoperate on the basis of this extension parameter and its operating rules. If there ends up being a community of interest around the extension, then that suggests it's worth taking up as a work item in the WG. Upcoming work
Unless a request for an extension erupts, let's not meet next week.
Note that gathering new security considerations also counts as "enhancing the current specs" for purposes of the fresh roadmap/charter we just hammered out. Attendees
As of 7 Mar 2017, quorum is 4 of 7. (Domenico, Sal, Andi, Maciej, Eve, Mike, Cigdem)
1. Domenico 2. Sal 3. Andi 4. Maciej 5. Eve 6. Mike 7. Cigdem
Non-voting participants:
- Yuriy - Thomas
*Eve Maler*Cell +1 425.345.6756 <(425)%20345-6756> | Skype: xmlgrrl | Twitter: @xmlgrrl
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: https://patientprivacyrights.org/donate-3/
participants (2)
-
Adrian Gropper -
Eve Maler