40 minutes | Report content discussion & review | All | - reviewed the terms and definitions pages
- reviewed the front matter draft in Dropbox
- reviewed the PEMC templates
Image Added- Next step: brainstorm/come up with a TOC for the Implementer's Guidance document
- Audience: Architects/designers, developers, organization policy setters, standards organizations
- Scope of this WG concerns:
- 18013-5 is transactional and implied consent - it is insufficient and that's why this WG exists
- This provides no assurances to the individual that the entities/actors operating or providing the systems and the operating organizations should or can be trusted to provide privacy protective/respecting services.
- The individual should be able to reasonably assume (especially if the organization is certified as conforming to the specifications) that the organizations are 'doing what they should be doing'.
- Specify a set of principles for mobile credentials and associated data
- Define expectations on the organizations and suppliers regarding their mobile credential-related products, mobile credential-related services and use of those products and services
- Need to be cautious to avoid trying to cover all of data protection and information management
- Organizations are expected to operate their own privacy program - this WG will give them material to address mobile credentials - this WG will not define their privacy program generally
- Should document the foundation principles up front and put them in the Implementer's guidance so that readers of any of the documents starts from the same understanding
- QQ: Is credentials/presentation aggregation in scope?
|