Versions Compared

Old Version 133

changes.mady.by.user Eve Maler

Saved on

compared with

New Version 134

changes.mady.by.user Eve Maler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

UMA legal subgroup notes

...

  • Agreement that turns a service provider into an RSO (wasn't included in business model report)
  • Agreement that turns a service (or app) provider into a CO (wasn't included in business model report)
  • Agreement that enables a Person to acts act on behalf of a Data Subject
  • Agreement(s) that delegates authorization for an ASO to grant access permissions on behalf of an RO (typically Ts & Cs, privacy notice, EULA...)
  • Agreement(s) that delegates authorization for an RSO to manage resources on behalf of an RO (typically Ts & Cs, privacy notice, EULA...)
  • Does the PAT simply link to all these previous agreements in order to establish that the RO has agreed to the "licensing of access granting permissions on RO's behalf"? We think so
    • It's possible to profile UMA to require that the basis for PAT issuance is interactive vs. silent – this is something we could consider building in to the agreements above, to ensure that a human RO is given the change to consent in a GDPR-compliant way
    • There should be a way to force interactive user consent again if there is a new version of the agreement available
  • (to be continued next time - licensing of permissions and the requesting party side of the equation)

...

Arrgh, so close! Tim and Eve will try and wrap up all the remaining comments in the doc by Monday and get the e-ballot out.

2018-01-12

Attending: Eve, Colin, Tim

...