/
2023-04-12 Meeting notes

2023-04-12 Meeting notes

Approved

Date

Apr 12, 2023

Attendees

See the Participant roster

Voting (6 of 10 required for quorum)

Participant

Attending

Participant

Attending

1

Aronson, Marc

Yes

2

Chaudhury, Atef / Krishnaraj, Venkat

Yes

3

Davis, Peter

 

4

Dowtin, Jazzmine

 

5

D'Agostino, Salvatore

 

6

Hodges, Gail

 

7

Jones, Thomas

 

8

Thoma, Andreas

Yes

9

Wunderlich, John

Yes

10

Williams, Christopher

Yes

Non-Voting

Participant

Attending

Participant

Attending

1

Auld, Lorrayne

 

2

Balfanz, Dirk

 

3

Brudnicki, David

 

4

Dutta, Tim

 

5

Flanagan, Heather

Yes

6

Fleenor, Judith

 

7

Glasscock, Amy

 

8

Gropper, Adrian

 

9

Hughes, Andrew

 

10

Jordaan, Loffie

Yes

11

LeVasseur, Lisa

 

12

Lopez, Cristina Timon

 

13

Snell, Oliver

 

14

Stowell, Therese

 

15

Tamanini, Greg

 

16

Vachino, Maria

 

17

Whysel, Noreen

 

Goals

  • Check-in on work progress

  • Review draft outline and status of writing tasks

Discussion items (AKA Agenda)

Time

Item

Who

Notes

Time

Item

Who

Notes

5 min.

  • Start the meeting.

  • Call to order.

  • Approve minute

  • Approve agenda

@John Wunderlich 

Called to order: 13:04 ET

Quorum reached: No

Minutes to approve:

2023-04-05 Meeting notes

0 min.

Open Tasks Review

All

 

45 min.

Draft Report

@John Wunderlich

Suggestion: Add a few 3-hour sessions to provide focused times to make progress on the docs. Will aim for something next week during/around IIW. Check email for details.

Reviewing “Purpose Limitation” (Information for Verifiers) in the Draft report: Google doc

  • Changes accepted

Data minimization

  • need to minimize retention, and you need to collect only what you need. Suggest we delete the note.

Accuracy and Quality

  • if somebody presents a fake or stolen ID, then with a physical ID, it may be confiscated. Need to reconsider that as any invalidation of the credential by the Verifier is problematic (what if they get it wrong?). Should we refer to stolen or copied? Depends on the threat model.

    • consensus achieved on the text

Openness and Transparency

  • changing to just “sensitive data” (noting that Sensitive Data is a term of art in GDPR). What would qualify as “sensitive” on a driver’s license? Examples include: Organ donor, veteran status.

    • It would be helpful to define explicitly. Add to the Terminology table.

  • concern regarding the phrase “written notice”. Need to clarify the use case. We discussed on the last call the difference (and importance) between implied and explicit notice.

Information for Providers

  • Question re: Providers that may act as Verifiers

    • there is some data collection that occurs to provide a service. If there are additional functionalities on that, then the notion that it is a verifier seems to make sense. Group needs to think on this and come back to it. If the provider then adds information back to the credential (or offers a new credential with additional information as relevant to their service) they fall under the requirements of an issuer.

    • The provisioning process from the issuer provisions the mobile credential with info that the provider did not previously have (e.g., the certification of a name instead of just the name). In the provisioning process, the provider receives the credential info, which should be subject to the same protections as is the case when the holder providers that information to the verifier.

      • DMVs are sensitive to providers using credential data without explicit agreement from the holder. If the provider wants to use the info coming from the credential, it should be seen as a transaction between the holder and verifier and subject to the same protections.

      • Part of the challenge is that an organization behind a Provider may have more than one role. The provider will always be the provider. If the parent organization wants to act as a verifier, that’s separate from their responsibilities as a provider.

      • To the extent that an organization wants to act as a Provider and asks the Holder to share that information with them for additional purposes, then they are acting as a Verifier.

      • Consider adding something at the top: The trust triangle in this diagram presumes everything has been issued and is focused on the privacy protections at the point where the credential is presented by the holder to the verifier. These role scan mix and match depending on where they are in the data flows.

        • Calling that out that a single organization may take on multiple roles, but each role has specific privacy considerations that must be considered per role.

    • During the provisioning process, the providers and issuers are performing their roles as providers and issuers. There is a set of requirements around provisioning specific to providers and issuers. Example: providers are primarily facilitators during provisioning; it’s a fairly clear and simple role at this moment in the process. Worth noting that the credential doesn’t exist until it’s provisioned, so it’s a grey area for PEMC

Pick up at provisioning and Information for Providers on next meeting.

5 min.

Other Business



IIW Planning - note that IIW and the OIDF Workshop are next week. Will discuss on email if/how/when to meet during the week.

 

Adjourn



 

Next meeting

Apr 19, 2023

Action items