Meeting Minutes

(all in one file)

===13 Jan2022===

• attendants: vitor jesus (Unlicensed)  , Salvatore D'Agostino (Unlicensed) , Former user (Deleted) , Črt Ahlin, jim pasquale

• continue the overview of 1st draft receipts field (link TBA)
• reviewed and scoped with group comments CRWeb receipt format  (13jan22 version - crweb-receipt-format-20220113.xlsx)
• vitor jesus (Unlicensed) to create a template JSON of the current iteration of the receipt spec

===06Jan2022===

• to clarify: no meetings on the 23rd and 30th
• attendants: vitor jesus (Unlicensed) , Jan Lindquist (Unlicensed) , Salvatore D'Agostino (Unlicensed), Former user (Deleted) , jim pasquale
• Regrets Former user (Deleted), @crt.ahlin@datafund.io, tadej.fius@datafund.io
• overview of 1st draft receipts field (link TBA)
• reviewed and scoped with group comments CRWeb receipt format  (crweb-receipt-format-20220112.xlsx)

===23 & 30Dec2021===

No meetings over the Christmas New Year Holiday

===16dec2021===

• attendants: vitor jesus (Unlicensed) , Jan Lindquist (Unlicensed) , Salvatore D'Agostino (Unlicensed), Former user (Deleted) , jim pasquale 
• clarifications about roadmap and scope
• admin and housekeeping
• Jan's presentation to DIF: https://youtu.be/Mq4oXEaOTwg
• next week:
  • clarify the status of the group
  • create a working document with fields for the CRWeb Receipts

===9dec2021===

Review CR 1.1

https://github.com/KantaraInitiative/consent-receipt-v-next/issues/13

Consent lifecycle What and How (open item to be fleshed out)

ISO 27560

Datafund work (Jan L.)

https://github.com/decentralised-dataexchange/automated-data-agreements/blob/main/interface-specs/data-agreement-schema/v1/data-agreement-schema.json

https://w3c-ccg.github.io/ld-proofs/

Data Agreement demos from NGI ESSIF-LAB sub-grantees iGrant.io, Gattaca, and the Human Colossus Foundation. These three demos implementations demonstrate how a consent notice (or "data agreement" as it was called in the ESSIF-LAB context) gets signed as a shared record between issuers/verifiers (data controllers) and holders (data subjects). The data agreement sets a clear purpose of usage, what personal data is collected, how long data can be retained, and on what lawful basis it can be processed; both parties keep a record, allowing precise GDPR enforcement and transparency on all sides.  The data agreement was originally based on the Kantara Initiative's Consent Notice, which is now being standardized as a new ISO standard 27560. All DIF members are welcome to the demo to better understand what data agreements are and how it has been implemented using VC technology by the NGI essif-lab participants.  The meeting will be recorded and archived as a meeting of the Claims & Credentials WG.

https://us02web.zoom.us/j/87498640502?pwd=WTN0SVJHSzZtdVFYd3JYT3JadjB1UT09

Friday, 10 December - 4:00 - 4:50pm CET

Tadej Fius speaking of schemas
something like https://docs.microsoft.com/et-ee/uwp/schemas/mobilebroadbandschema/carriercontrolsignatureschema/element-signature

Črt: link to the sample

https://github.com/datafund/dr-editor-sample/tree/master/example_files

Črt: note that there are 3 parts in the https://github.com/datafund/dr-editor-sample/blob/master/example_files/CR_project_config_demo_w_formdata_larger_w_timestamp.json: - schema (from Kantara, basically) - uiSchema: (what is shown on screen, also with Enum options for some fields) - formData: the actual data

further notes:

• attendees - VJ, JL, CA, JP, RG, TF
• consent lifecycle - consensual that it is of interest
  • ISO 27560 - WD4 has the seed of a notion of lifecycle
  • Datafund has work done - https://github.datafund.io/ (Consent receipt suite)
    
    • sampel receipt here: https://github.com/datafund/dr-generator
  • R Gomer - there is also work done - https://github.com/KantaraInitiative/consent-receipt-v-next/issues/13
  • J Lindqist - demo project ADA (NGI eSSIF Labs)- https://github.com/decentralised-dataexchange/automated-data-agreements/blob/main/interface-specs/data-agreement-schema/v1/data-agreement-schema.json
    • potential support from ADA
• CRWeb should support DiDs/VCs (as in ADA), even if not required
  • the technical impact of this is that the receipt should be extensible

Actions:

Consent lifecycle What and How (open item to be fleshed out)

===2dec2021===

• attendees - VJ, TF, SA, CA
• discussion around security and authenticity in receipts
  
  • doc: CRWeb-ToC-20211202.pdf

===25nov2021===

• CRWeb’s specification and companion docs – CRWeb-ToC-20211125.pdf shows an outline
• CRWeb will also deliver a proof-of-concept to demonstrate the concepts. A kick-off proposal for the architecture is in the attachment as well
  • Browser add-on listens to events
  • HTML contains metadata (e.g., Controller info) in JSON-LD
  • JSON-LD contains the name of the html artifact associated with the receipt event
• A discussion on the protocol itself, considering authenticity and accountability: how to authoritatively architect the transactions?
  • Andrew to circulate a doc with ideas
  • VJ’s paper on that: “Web of receipts”:  https://ieeexplore.ieee.org/document/8974193
  • Next week we’ll take some time to advance this particular aspect
• Event id, with provable order, will need nonces, timestamps, UUIDs, versioning, etc.
  • This will further support the notion of a Consent Lifecycle
• Decentralised approaches of high interest to the group – they should be seamlessly supported as a use-case (including to facilitate auditability)
• Receipts should be aligned with what is expected from ISO 27560 (and ideally feed into it)
• VJ to send an early schema of a receipt to get started. CR1.1+datafund extension should be a starting point.

Actions

• VJ to kick-off the schema
• AH to share doc on 5 (?) ways to keep accountable (?) data controllers
• TF to send schema used by DF