Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Date

2018-05-0230

Status of Minutes

...

...

titleRemove this box when creating meeting notes

...


DRAFT

...

DRAFT

Approved at: <<Insert link to minutes showing approval>> DRAFT 2018-06-13 Meeting notes

Agenda

  1. Call to order
    1. Roll Call & Determination of quorum status
    2. Agenda bashing
    3. Kantara Organization updates 
  2. WG Motions
    1. Motion to approve << links to meeting notes needing approval >>
    Presentation/Demo 
    1. Mircea Patachi - UNLOQ
    2. Ken Klingenstein - Consent-Informed Attribute Releaseapprove DRAFT 2018-04-04 Meeting notes and DRAFT 2018-05-02 Meeting notes
  3. Discussion of initial Table of Contents - Corné
  4. Upcoming conferences and events
  5. All Other Business (AOB)
  6. Adjourn

...

  •  Corné van Rooij, Andrew Hughes, Jim Pasquale, John Wunderlich

Non-Voting

  •  Ken Klingenstein, Marlena Erdos, Jaap Franke, Joss Langford, David Turner, Mircea Patachi Chris Olsen, David Turner, Ken Klingenstein, Colin Wallis, Chris Olsen

Regrets

  •  



Quorum Status


Meeting was <<>> quorate


Voting participants

Participant roster (CMS) - Quorum is 4 of 6 as of 2018-04-02

...

Time

Item

Who

Notes

5 min
  • Call to order
  • Roll call
  • Agenda bashing
  • Organization updates
Chair



5 minWG Motions
Quorum required 		Chair

Meeting was not quorate at the time of motion-making - deferred

Motion to approve DRAFT 2018-04-04 Meeting notes and DRAFT 2018-05-02 Meeting notes

Moved by:

Seconded:

Result:


5 min

Introductions

All

Mircea Patachi - UNLOQ - working on consent / data privacy platform

Ken Klingenstein - Internet2 - open source consent management platform - developers from Duke University

Marlena Erdos - Lead Architect

Chris Olsen - Walt Disney - IAM Pro


15 min

Presentation/Demo - UNLOQ

Mircea Patachi

Clym - product

  • building a fit-for-purpose cookie consent tool
  • Target market - SME - a quick way to become minimally compliant for cookie management/consent
    • Feature: Consent transferability between partners
    • NOTE: this might be a good candidate to add to the myData interop demo
20 minPresentation/Demo - Consent-Informed Attribute ReleaseKen Klingenstein
  • Consent as a Service
  • Wants group to discuss 'special categories of data' - how to deal with this - e.g. obfuscation on UI
  • "Manage the cognitive load" - lots of UI research on this to make this manageable
    • Use of colors, language, etc
  • Demo uses the Duke IdP
  • Q: Is there a way to discover the "purpose for processing" on the policy management screen? A: working on adding Purposes now. IDP will need to record the basis for release, but not necessary to present to user all the time. A: The user does see a description - it's not named 'purpose'.
  • Trustmarks will be added into the UI - there are operational trustmarks now
  • Q: Does CAR adjust the attributes in the SAML assertion on the fly? A: yes - "Information Items" (scopes and claims) are adjusted (based on IDP and RP requirements) and shown to the user as appropriate
  • Note: much of this can be shown as Notification instead of Consent if consent is not the justification
  • Q: How are the API offerings? A: APIs are open for the Policy aspects - rich set available.
    • Q: Have you seen data retention and consent policies yet? A: Not yet - would be good to see new use cases.Interview style to collect information    		Corné
    • Corné introduced the idea of using interviews to collect practices from organizations
      • Use several viewpoints: Consumer (UI/UX); data controller (lifecycle, system interactions, auditability)
    • There will be an interaction diagram to help structure the discussions
    30 minDiscussion on document draftingCorné

    The draft is in a Google doc - feel free to comment - Chairs and Editor will control acceptance of material.

    • Ken suggests prioritizing topics that are not well defined - 
      • e.g. the Facebook/Google coarse grained authorization/consent - it is not fine-grained
      • gathering informed content that makes for effective decisions
      • explaining the minimum attribute set that is required for application function
    • The origins of the document and target audience has been for small-medium enterprises - to help them with a 'known-good' set of practices to follow
    • Also, should change the name to 'Common Practices'
    5 minUpcoming conferences and eventsAndrew

    Events that Kantara will have an active role: https://kantarainitiative.org/events/

    5 minAOBChair
    • myData conference Helsinki - the proposal to the Interoperability track has been accepted - contact Jim at digi.me to get in on the demo
    • Jim notes: 
      • MEF has replied and is setting up a call to discuss some kind of cross-participation
      • IAPP is willing to post new articles on their best practices blog
    • Corné is discussing with KNAB, Roche, DFDS to ask them to present here
    • Jim
      • Personal Data Trade Association - NY/USA based non-profit - did a 2017 'Personal data week'
      • Propose to do a hackathon in September at their Personal data week
      • Cornell has a degree program with projects backed by venture capital - this might be a catalyst for adoption

    		AdjournChair

    Next WG meeting Wednesday, May 16June 13, 2018 10:00 Eastern Daylight Time / 15:00 BST

    ...