Versions Compared

Old Version 19

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version Current

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

3 Use Case types for CRv1.7

(for the Covid Use case example)

  1. Notice and a Notification to the person
    1. title; Short Description (how does it work with existing policy) 
      1. link to use case 
    2. Use Case Flows
      1. Generic - with existing - 
  2. Person using notice to control data recieving a notification to manage consent state  
    1. title; Short Description  (when in consent - how to maintain, revoke renew, ) 
    2. Use Case Flows - link to use case
  3. Person creating sending a Notification to create a consent state - and control the use of data (consent directive)
    1. title: Short Description  : how to use with law (not controller policy) 
      1. person medical data on virus + phone data research into global Covid -Research -
        1. NIST + UMA/HEART
    2. Use Case flows - link to use case 

Context of this use case work

The aim is to get inputs and comments to the specification from key stakeholders for the specification, which are represented in the workgroup.  The approach, is to use a specific example of use for the work product, so that we can all extrapolate to our specific stakeholder use cases.  If we choose to continue, after this is drafted, the use case inputs can be worked on in a future work project once this project is finished in July. 

...

This work is unique in Kantara, as its a spec for non-identity technology, which can be used to provide notice and consent scopes too identity protocols. 

Draft - Instructions for Use Case Work and flow for spec dev: 

  • Describe first use case 
    • capture participants use cases the are relative and list below
    • detail the first use case
  • Release first section of spec 
  • Describe use case 2 
    • capture use case inputs 
    • detail use case 
  • Release the control vacabulary part of the spec 
    • take comments on this from the group 
  • Describe Use Case 3
    • capture use case inputs
    • detail use case
  • Review Comments
  •  Appendix
    • apply appendix to use cases
  • Call for Comments 
  • Finish Draft

Use Case Inputs 

  • List use cases/descriptions - 
  • Use Case Requirements 
  • Use Case Flows
    • Provide use case flows for Frameworks 
    • Provide use case flow for
  • Frameworks for use cases
    • DIACC
      • PCTF - Notice & Consent Framework 
    • NIST -
      • Security and Privacy Controls for Information Systems and Organizations 800-53v5
    • EU framework for GDPR
      • Hypothetical - MyData Operator framework via aNew Gov