Standing agenda for 2019: Work on producing our second legal-business framework report by September, initially focusing the work on use cases that illustrate each of our mappings from business relationships (and changes in those relationships) to UMA technical artifacts.
...
"Legal" topics are currently being covered in a separate legal-business framework meeting series. See the UMA calendar for details.
2019-07-09
Attending: Eve, Lisa, Adrian, Domenico, Andi, Thomas, Tim, Colin (regrets: Cigdem, Nancy)
Eve briefly walked through the paper that she and Lisa have submitted to the IEEE ComSoc CfP. It's called Beyond Consent: A Right-to-Use Licensing Agreement for Mutual Agency. The argument made by the paper is that digital consent and Terms acceptance (perceived as consent) are failing and don't meet a strict definition of consent (Nancy Kim's Consentability framework is used), and using a Me2B lens (centering on the user of the digital services) shows that a licensing agreement is more appropriate. A taxonomy for license agreement contents is proposed, and some challenges are discussed. The paper points to the UMA report where a license is already proposed, but starts "earlier" in the personal data usage chain to be more comprehensive.
What about consent receipts? They record the results of consent. Lisa and Eve meant to cite them in the paper and hope to have a chance to add this.
Adrian discusses a link between DIDs and standards such as UMA; the link is what's called the service endpoint. The DTD standards don't talk about what the service endpoint might be. They're trying to put a personal data store there. Thomas spoke with Microsoft's Ankur Patel (who was with Preeti Rastogi) at Identiverse about the challenge of getting personal data into wallets/personal data stores. There seems to be a lack of recognition of this challenge.
It should be kept in mind that the paper treats personal data permission use cases that go beyond UMA.
Tim recommends removing the "IANAL" disclaimer in the paper! Lisa and Eve have both worked with many lawyers and have sourced ideas from legal experts.
We started to walk through the Right-to-Use License Agreement (Figure 5 in the paper) and analyze which would already be baked into some artifact, such as the RPT, and which might need to be captured separately. For example, the digital asset, grantee (licensee), and actions, would be captured as resource ID, requesting party and client, and scopes. But other information might need to be captured in some other structure, with perhaps a link off to it that is stored in the token. If a requesting party or client received and agreed to such a license, maybe by signing it, the result might be a "receipt". Trunomi has something called a "certificate", which sounds similar, as their consent receipt.
Eve will email a copy of the paper to all interested to review.
2019-06-18
Attending: Eve, Lisa, Thomas
...
- Agreement that turns a service provider into an RSO (wasn't included in business model report)
- Agreement that turns a service (or app) provider into a CO (wasn't included in business model report)
- Agreement that enables a Person to act on behalf of a Data Subject [which puts them into position to act as a Resource Owner -- otherwise RO=DS]
- Agreement(s) that delegates authorization for an ASO to grant access permissions on behalf of an RO (typically Ts & Cs, privacy notice, EULA...)
- Agreement(s) that delegates authorization for an RSO to manage resources on behalf of an RO (typically Ts & Cs, privacy notice, EULA...)
- Agreement that enables a Person to act on behalf of a Requesting Party [which puts them into position to act as a Requesting Party Agent -- otherwise RqPA=RqP]
- Agreement that delegates access seeking to a CO on behalf of a Requesting Party
- Agreement that delegates permission to know and persist personal data to an ASO on behalf of a Requesting Party
Jim H has started on a CmA version of the model.
...
Arrgh, so close! Tim and Eve will try and wrap up all the remaining comments in the doc by Monday and get the e-ballot out.
2018-01-12
Attending: Eve, Colin, Tim
...