Versions Compared

Old Version 43

changes.mady.by.user Eve Maler

Saved on

compared with

New Version 44

changes.mady.by.user Eve Maler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Review Digital Contracts event
    • DG
    • CommonAccord directions
    • Legal POC appetite
    • ...
  • IDE directions
  • Model definitions: next steps

Attending: Eve, John W, Adrian, Ann, Jon N (Andrew regrets)

We were a bit dubious about today's call working out, given the continuing crazy conference etc. schedule for everyone. It's a small group today.

Adrian is on the FHIR group, along with Kathleen. The conversation at that table around "policies on the wire" is very live there. The motivation to source policies from multiple places in the FHIR conversation seems to be internal to a single domain.

Given our capturing of notes last week, we'd like to write a short document for a nontechnical, legally inclined, even regulatorily inclined audience. John has stuck his hand up to outline such a doc, and he and Eve can review the results together at Privacy@Scale (run by FB) next Tuesday. (Microsoft is running a similar event the next day(s), NIST is running a Named Data Networking event on May 31-Jun 1, and there's a Health Privacy Summit at Georgetown Law June 7-8, and it will be streamed.)

Looking at it from a business/strategic point of view, the benefits are privacy-preserving because no authorization/permission policy transmission is needed, and the AS is not a data controller, and individual/patient/consumer/citizen-centric because the AS exists to enable that party's wishes (their "agent" in some fashion). Looking at it from a legal point of view, we are working on a system of model text to protect the interests of all the parties engaging with each other.

(As we said last week, if an institution running that domain wants to federate policies in some fashion a la the methods that XACML makes available, they're free to, behind the "UMA façade" of the standardized APIs of AS. If it turns out to be valuable to develop a companion technical paper that answers questions that technical people have about the architecture that supports our contentions, we could write that afterwards.)

It seems like we really need a proper use case document now too, identifying why and how the parties might be equivalent or not equivalent (note that in UC4, "offlice Alice/gov agency", the Grantor happens to be the ASO, but in UC1-3, it's not). We need more use cases showing how the Grantor could equal the Grantee, the Grantee could not equal the human end user that is acting on behalf of the Grantee (like Dr. Bob working for the hospital that wants access), etc. Once we have a full, non-repeating set of use cases, we'll know we're close to being done with the model term definitions. (smile) Eve's interested to coauthor; John W's tentatively interested to coauthor; Jon N's interested to review.

There's a new Kantara Blockchain and Smart Contracts Discussion Group – feel free to join!

Note that the actual original EU Model Clauses are under threat. But we seem to be happy with the lowercase phrase for our work, still.

We should have a CHEDDAR rundown on a future call.

...