John asked whether a 'single author' vs 'many authors' approach is preferred - 'single author' seems more likely
The idea is 5-ish pages for main body of the report, plus detailed material in annexes / user stories
The guidance is for data custodians about the things they should be doing in order for people to trust them to do the right things
Can be informed by NIST Privacy Engineering and various GDPR-related materials
John Wunderlich to Add the section headings into the Content pages in the wiki
Use Word documents or markdown files and post them into the wiki
Note that this Implementors Report is intended to be deliverable of the WG - it defines the framework within which the detailed Recommendation documents will fit
Each of the Implementor's Guidance sub-clauses should have around 3 requirements to start
then additional Recommendation documents will contain additional detailed requirements
Note: Biometric pre-check use case is getting attention - we need to find a better name that avoids the brand name "Pre-check" to avoid confusion
Note: the use case is so that the person knows (in advance) what credentials they will need in order to get through the check point successfully. This is where the person shares their biometric data and additional attribute data (and is verified) before they show up at the check point.
This use case covers the 'automated boarding gate which uses biometric matching to authenticate the passenger at boarding time'
Note: there might be national security or legislation that overrides general personal information protections - we must focus on the everyday policy decisions, not the high security decisions
The purpose of the credential usage is the critical factor - clearly defined and well explained purpose text enables the rest of the requirements
Discussion about timing of requirements and the supporting assessment criteria
Because this is needed now - the WG should consider how the assessment criterial can be developed in parallel