Date
2018-07-1926
Status of Minutes
DRAFT
Approved at: <<Insert link to minutes showing approval>>
Attendees
Voting
- Andrew Hughes
- Oscar Santolalla
- Jim Pasquale
- Mark Lizar
- John WunderlichRichard Gomer
Non-Voting
- David Turner
- Chris Cooper
- Bev Corwin
- Sylvester Mbagwu
- Sal D'AgostinoClaire Denton
- Marvin van Wingerde (iQualitiy)
- Joss Langford
- Colin Wallis
- Tom Jones
Regrets
- Chris Cooper
- Richard GomerOscar Santolalla
- Kartik Venkatesh
- Jim Pasquale
Quorum Status
Meeting was <<>> quorate
Voting participants
...
Time | Item | Who | Notes |
|---|
| 4 mins | | | - Dev Team status
- Sequence diagram and roles status
- Storyboard status
- Stage narrative status
- Team issues and show stoppers
|
| 5 min | | All | Please review these blogs offline for current status on Kantara and all the DG/WG: There is a new wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Andrew of your implementation. Planning a Member Plenary meeting October 26-ish San Francisco (Friday after IIW) - Are there specific cross-group items you'd like to propose to work on?
|
| 40 min | Interoperable Consent Receipt demo at MyData Conference | All | 1) Dev team status Google drive folder for export/import of consent receipts - digi.me
- new internal release v2.2 is available this week
- some enhancements to Consent Access functions - some export functions
- created field mapping versus specification - spreadsheet has been available for a few weeks
- has new spreadsheet with updated JSON file info - has sent to David and Andrew for pre-review
- digi.me has drafted a 'vendor extension' - proposal for new objects to be added to the spec
- digi.me is done
- Consentua
- Service is ready to go - just need to create a format for the CR spec - a configuration change, not a code change
- work planned to start next week - planning session - will have more status on Monday
- Ubisecure
- Minimal prototype - no CR in product
- They will use the CR generator to create a sample app - a bookshop
- CR will be downloadable
- OpenConsent
- underway to create a Viewer plus Viewer API
- scheduling estimates underway - target is to demo this at the interop demo
- Trunomi (via Andrew)
- currently in their 2-week dev sprint - will have code after next week
- Telus
- Resource and scheduling estimates for creating an external CR for an existing app
| 2) Sequence diagram and roles status - Any questions?
- No other comments
| 3) Storyboard status - Mark talked with Joss - planning to make the COEL CR repo available
- No other comments
| 4) Stage narrative status - Starting work on this now
| 5) Team Issues and showstoppers discussion | AOB | - Colin - UK ICO grant funding proposal call is open now - Ubisecure, AdUnity interested in this
- Colin was on the bidders call earlier this week
https://ico.org.uk/about-the-ico/what-we-do/grants-programme-2018/ I (Andrew) quickly reviewed the Grant info linked above, and I think there might be a fit. The possible research topic and solution might be:
- purposes categories and examples for one or more industry verticals
- use of consent receipts to inform data subjects of their ongoing rights
- surveys of opinions of use of consent as a justification for data processing
- research into standardization of consent management (including market surveys to document current practices) Submission deadline is August 17.
| Next meeting | 2018-07-26 same time, same number GOAL IS TO HAVE ALL DEMO PARTICIPANTS JOIN THE CALL TO WORK OUT ANY MAJOR ISSUES |
...
- Consentua
- Developers have promised CR output Week of August 6-10 - we will be looking for the output in the shared google folder
- Ubisecure
- OpenConsent
- Viewer has been started - looking to get receipts from others
- Target is August 15 to be able to display CRs
- Open call to suggest features for OC to include - provide them this week if possible
- Trunomi
- currently in their 2-week dev sprint - target completion week of August 6-10
- clym
- Telus
- Resource and scheduling estimates for creating an external CR for an existing app
|
|
|
| 2) Sequence diagram and roles status - Any questions?
- No other comments
|
|
|
| 3) Storyboard status - OpenConsent is looking at how to make a pseudonymous CR repo available (but not for this demo project)
- Classification Of Everyday Living (COEL) Specification (OASIS) - incudes references to the CR Spec. Allows for standardized encoding of personal 'events' in a person's life - including consents. In this instance, this means that there is a centralized-architecture repository that could be used to store consents. Right now it is for 'research purposes' - Joss is looking into how to make this available for 'commercial purposes'.
- No other comments
|
|
|
| 4) Stage narrative status - Starting work on this now
|
|
|
| 5) Team Issues and showstoppers discussion |
| AOB |
| - Q: in the spec, Services is described as a 'business service'. But these days, companies are describing this as a 'category of business purposes'.
- A: 'Service' is the name and description of the service - an unspecified field - mainly for humans
- A: 'Purpose category' is to describe the business service purposes
- A: If there is a Service with the same Purposes and the same Data as anonther Service, then they are indistinguishable.
- Q: How are we envisioning asking the 'do you consent to this' question?
- A: The Notice part of the flows have not been worked out yet in this group, deliberately.
- Q: Have we decided on what format/location/interface will be recommended for the 'exported' CRs?
- A: Right now, it's files in the Downloads folder (or a user-selected folder) - the 'real' discussion about this will be deferred until after the demo in August.
- Q: How does COEL spec relate to the IETF secevent RFC?
- mydata session - Joss
- OneTrust, Nixu, JLINC, Kantara
- Andrew asked for 20 minutes for the demo
- Joss suggests that the Kantara demo goes last then transitions to Q&A for all
- Q: Are there special provisions needed on the mydata web site to help people interact with the demo?
- Need to focus the mydata demo presentation to trigger 'delivery' and action instead of 'interest'
- Colin - UK ICO grant funding proposal call is open now - Ubisecure, AdUnity interested in this
- Colin was on the bidders call earlier this week
https://ico.org.uk/about-the-ico/what-we-do/grants-programme-2018/ I (Andrew) quickly reviewed the Grant info linked above, and I think there might be a fit. The possible research topic and solution might be:
- purposes categories and examples for one or more industry verticals
- use of consent receipts to inform data subjects of their ongoing rights
- surveys of opinions of use of consent as a justification for data processing
- research into standardization of consent management (including market surveys to document current practices) Submission deadline is August 17.
|
| Next meeting |
| 2018-08-02 same time, same number GOAL IS TO HAVE ALL DEMO PARTICIPANTS JOIN THE CALL TO WORK OUT ANY MAJOR ISSUES |
From 2018-07-26 call:
- digi.me
- new internal release v2.2 is available this week
- some enhancements to Consent Access functions - some export functions
- created field mapping versus specification - spreadsheet has been available for a few weeks
- has new spreadsheet with updated JSON file info - has sent to David and Andrew for pre-review
- digi.me has drafted a 'vendor extension' - proposal for new objects to be added to the spec
- digi.me is done
- Consentua
- Service is ready to go - just need to create a format for the CR spec - a configuration change, not a code change
- work planned to start next week - planning session - will have more status on Monday
- Ubisecure
- Minimal prototype - no CR in product
- They will use the CR generator to create a sample app - a bookshop
- CR will be downloadable
- OpenConsent
- underway to create a Viewer plus Viewer API
- scheduling estimates underway - target is to demo this at the interop demo
- Trunomi (via Andrew)
- currently in their 2-week dev sprint - will have code after next week
- Telus
- Resource and scheduling estimates for creating an external CR for an existing app
From 2018-07-12 call:
1) Story board discussion - Richard
...
- Richard - the 'Export' consent receipt might be too disruptive to the user - maybe
- John Krogulski - what data formats? A: It's set out in the specification
- Mark - should we be using JWT for transfers?
- A: This might be a complexity that we should incorporate in later interops
- A: This is a complexity versus future-proofing question... ANDREW to ask the list/implementers
- ACTION: All to post comments to the wiki page about the sequence diagram, questions, clarifications etc.
- Storyboard
- Ready to draft a user story - aiming for delivery on next call
- Tom - there are prior activities that are not showing on the sequence - the Data Subject has to be identified to the Controller and Platform including any consents
- Mark - the "initial consent flow" - the sequence is not showing the bootstrapping sequence - the sequence is showing the ongoing interactions
- ACTION: Andrew to annotate with prerequistes and assumptions of user already being set up
- Richard
- ACTION: to document the technical flows of Consentua in the context of the interop demo sequence
- Sylvester's Action item:
Receipt Reader
A receipt reader is an application that parses (reads) consent receipts automatically. A reader only handles consent receipts in it's machine readable format and is a component of some automatic process.
Receipt Viewer
A receipt viewer is an application that a human uses to interpret the contents of a consent receipt. An application can only be considered a receipt viewer if it presents receipt data in a human readable form.
Receipt Dashboard
A receipt dashboard is an app used by humans to store and manage consent receipts. A user can use their dashboard to perform batch operations on multiple receipts at a time.
...