Versions Compared

Old Version 3

changes.mady.by.user Salvatore D'Agostino

Saved on

compared with

New Version Current

changes.mady.by.user vitor jesus

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

  • Roll
  • IPR
  • Minutes  Approval 
  • Agenda Approval
  • Intros
  • Agenda Items Discussion
    • Actions pending
    • Actions new
  • Updates from the consent community
  • AOB


Roll call

Quorum  or Nonquorum: yes


Voting

Mark

Jan

Vitor

Sal@jan Lindquist

vitor jesus (Unlicensed)

Mark Lizar (Unlicensed)

Salvatore D'Agostino (Unlicensed)


Non-voting

yy--

Participant Roster



IRP Policy Announcement

Approve Minutes 

ANCR WG 20210317

Moved, outcome 

Intros

Community Input

Actions

  1. Review of receipt fields. Everyone should review spreadsheet which is in the files folder 
    1. https://kantarainitiative.org/confluence/display/WA/File+lists
    2. Editable spreadsheet for review: https://docs.google.com/spreadsheets/d/1rxF6yym3CGUgtt-AWbrShpazULkSGj9TH1hPxzaF9h8/edit?usp=sharing 
  2. Narrative
    1. Mark's Update
      1. Contribution from last week sets baseline.
    2. Blog Post
      1. Initial brief post up
  3. Delta 1.1. (Discussion on the Call) and work on the above field spreadsheet, as per below) 
    1. List of fields last week, are a very mature contribution
      1. GDPR Extension
        1. Published Notice Paper (Mark and Harsh)
      2. ISO related contributions
        1. Update with Data Privacy Vocabulary
      3. Pursuit of Legal 
    2. Combine this with 1.1.
    3. Any other contributions.
      1. Child as data subject bias because of requirements and high risk.
        1. Data subject is not capable of an assessment or authorization of data release,
        2. Example of delegation with the Principal (inactive -incapable)
        3. How to record vs. how to collect/enact (implicit consent by delegation).
      2. FHIR ontology into DPV, examples of delegate roles
      3. Delegation of Notice and Consent for Identity service vs. by the identity services
      4. Transborder flow specific fields (extended discussion)
        1. What an individual needs to do to cross any jurisdiction
        2. Not just nation state boundary
        3. Jusrisdictional relationships and nesting.
        4. Two fields for now as optional
        5. Example of expiration of privacy shield
      5. Drives simplified user experience and leaves behind an aritifact useful to both subject and controller.
      6. Privacy Nutrition at Apple vs. simply Nutrition Label → historically static, next gen is active ← back to the WG future...
      7. Attached to substrate of federation protocol
        1. DID is subject of relying party
        2. W3C uri schemes
        3. Side effect of UMA AS. (assumes presence of user in the flow, can perhaps address that in user not present use cases)
        4. Protocol binding as pointer, binds privacy controller to others
        5. Purpose driven, adds scope to receipt in binding, consent binding to authorization token.
          1. Resource
          2. Scope
          3. Audit
            1. Code of conduct
            2. Technical implementation
              1. protocol
              2. privacy considerations
              3. security considerations
    4. Discussion of Consent ID
  4. Open issues
  5. Admin Workflow and Resources
  6. Formalize work plan
    1. Expand group participation, open to all
    2. Presentations from abcd to  wxyz
  7. ISO input
    1. ....
  8. Use Cases
    1. Airside (Peter)
    2. Immunity Passports
    3. PaECG

Small, bite size chunks of delta, start with structure of core receipt.

Header is the notice component w/controller identity

Legal justifiction then further field descrptions

Consent notice receipt is the base max schema, which sets consideration for 1.2

.....then extensible: receipt type, interest notice, contract notice....

(draft)

End of March informal freeze specification and fields, also determine areas for later work, not included in current specification publication.

Early-Mid April (draft for ISO consideration during next comment period)

End of April draft for circulation 

End of May consolidate comments

End of June publication

Need to coordinate (and determine) ISO 27560 comments and drafts schedule with that of the workgroup.

...


Minutes

  • work in ToIP - usecases and implications on the definition of consent and usefulness of receipts
  • opportunity to contribute to IETF GNAP - consent management with receipts when delegating
  • rather academic discussion about what "delegation" and "trusted party" means


Actions

  • review receipt fields uploaded and test them against
    • transborder requirements
    • delegation
    • does it support outsourced receipts ("store")
    • is legally covering GDPR and other potential laws/acts/regulations
    • can we compare receipts for active state