Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

Date

2019-04-1118

Status of Minutes

DRAFTApproved

Approved at: <<Insert link to minutes showing approval>> 2019-12-12 Meeting notes (CR) DRAFT

Attendees

Voting

  • Jim Pasquale
  • Andrew Hughes
  • Lisa LeVasseurPaul Knowles
  • Iain Henderson
  • Mark Lizar
  • Lisa LaVasseur
  • Oscar Santolalla
  • Richard Gomer
  • John Wunderlich
  • Mary Hodder

Non-Voting

  •  Chris Olsen
  • Jan  Jan Lindquist
  • Colin Wallis
  • Pierre Roberge
  • Sneha Ved
  • Tom Jones

Regrets


Quorum Status


Meeting was <<<not>>> quorate


Voting participants


Participant Roster (2016) - Quorum is 6 of 10 as of 2019-03-20

Iain Henderson, Mary Hodder, Mark Lizar, Jim Pasquale (C), John Wunderlich (VC), Andrew Hughes (VC), Oscar Santolalla, Richard Gomer, Paul Knowles, Lisa LeVasseur

Discussion Items

Time

Item

Who

Notes

4 mins
  • Roll call
  • Agenda bashing
  • Deferred: Status: Wiki refresh work
  • Deferred: Status: Distribution-version of slide deck describing the work here (consent receipt today → personal data processing receipt tomorrow - or whatever we decide)
  • Updates from ISO SC 27/ WG 5 meetings in Tel Aviv
    • Consent receipt annex to 29184
    • New 6 month Study Period on consent record and receipt
  • Spec v2 timeline
  • Demo status updateDemo status update
  • Spec v2
  • DIACC Notice and Consent Overview comments
  • Mark: letter to the EC re patent on opt-in
  • AOB


5 min
  • Organization updates
All

Please review these blogs offline for current status on Kantara and all the DG/WG:

There is a wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Jim, or John, or Andrew of your implementation.

HIGHLIGHTS FROM DIRECTORS CORNER MARCH 2019:

  • Kantara's Trust Framework Operations and Assurance program continues to strengthen with major players signalling their intention to seek 3rd party assessment and approval of their solutions to Kantara's 'NIST 800-63-3 Class of Approval'. To that end it was great to see the Board approve Swedish company Seadot as an accredited assessor. 
  • The last week of the month featured the KNOW Identity conference in Las Vegas, with many Kantarians in attendance, at the podium presenting, on the stage on panels, as well as receiving awards. It was a great event with Kantara helping out or liaison partners ID Pro on the educational session 'Privacy essentials for ID Professionals' and members featuring other members or Kantara reps on their panels.   
  • the UMA working group was presenting to the OAuth working group at the IETF 104 meeting in Prague to support its contribution of the UMA 2.0 specifications for formal standardization
  • the ID Proofing and Verification Discussion Group is assembling a strong set of use cases into a report to ISO SC27 Working Group 5 later in March in time for the Study Period's findings in Tel Aviv in April
  • 15 minUpdates from ISO SC 27 meetingsAndrew
    • A synopsis of the consent receipt concept has been added to the draft 29184 Online Notice and Consent standard
    • This is a major success - ISO standards are one of the pillars supporting international trade - they remove 'technical barriers to trade' via WTO conventions
    • The discussion piqued the interest of the ISO WG around the concept of 'consent record and receipt'
    • A new Study Period has started to investigate whether a new standard project should be started to create a Consent Record and Receipt standard (we say 'yes!')
    • Colin and Andrew are the rapporteurs (coordinators) of the study period
      • will collect requirements, environmental scan, draft some text
      • the hope is that at the end of the study period we will be able to propose the start of a new project, possibly starting with draft text
    • IEEE 7012 - 'terms agreements' are likely to mandate that these agreements are documented and available to both parties
    • Cross-membership between Kantara WGs and other consent, privacy and information sharing project in other organizations should be used to keep loose coordination and information flows
    10
    • USENIX SOUPS '19 and PEPR '19 symposia August 11-13 Santa Clara, CA
    • MyData, Helsinki, September


    15 minv2 specification timelineAndrew
    • There is an opportunity here - if we can get v2 of the specification to a stable (but not necessarily final) state by late-July then we could potentially contribute it into the ISO Study Period to inform the 1st working draft of the standard (presuming that ISO approves starting the project)
    • We need a Product Manager/Owner dedicated to driving the next version of the receipt specification - if we don't make the timelines then the opportunity will probably be lost.
    5 15 minDemo status updateallSlow
    • Oscar has proposed that Ubisecure create a primitive Privacy Control Panel app that accepts inbound receipts over an OAuth-controlled API.
    • digi.me is nearing completion of mods to their 'consent access dashboard' to make it look/behave like a Privacy Control Panel
    • We need to add a couple fileds to the spec (just for the demo) that allow the user to 'call back' to the receipt-issuer to invoke a user-mediated function like 'forget me'. These need to be fields that are URLs somewhere in the receipt-issuing party's namespace - the idea is that the user views a receipt and can click on the field/URL for the action they want to invoke. It's a way to fake an action button that does what we believe might happen in real implementations.
    • Status updates from participants:
      • Andrew to connect Richard and Oscar to get working on the API
      • digi.me still making progress


    15 minDIACC Notice and Consent docall

    ** Need a person to be responsible for this activity **

    • Deadline is May 3 for comments

    https://diacc.ca/2019/04/03/notice-consent-overview-conformance-discussion-drafts/

    deferProduct roadmap for the demoAll
    • Target is EIC May 2019

    Here's the project page for the "Demo v2"

    2019-04-11 call notes:


    Comments (2019-04-04)

    • (jim) digi.me green light
    • (sneha) green light

    2019-03-28 call notes:

    • Ubisecure
      • Oscar sent an email to the list about how to pass the v1.1 receipts to the dashboard/receiver service
      • Simple flows - a mechanism - for the end-user
      • This would allow direct receipt transfers instead of 'faking it' via the Downloads folder

    ======

    Go to the demo v2 page for the breakdown of roles and functions for 2019-02-21 call


    deferSpecification update approach

    See a flowchart version of this here:

    https://share.mindmanager.com/#publish/b-DWOcuKGnVY1PXBKXTpL0-DQOeqmZMGfGUAPiC5


    2019-03-14 notes:

    • Mark:
      • sent the GDPR extension to the W3C "Data Privacy Vocabulary Community Group" for comment
      • building a proposal to split the notice from the 'consent' in the structure
        • (note that this is similar to the digi.me proposal)
    • Andrew urges all participants to post issues into the github repo for proposed spec changes - so that we can discuss and prioritize them for action
    5 minAOB

    Next meeting

    *** Next call 2019-04-18 25 10:30 am Eastern DAYLIGHT Time

    https://global.gotomeeting.com/join/323930725



    ...