2022-02-09 Meeting notes

APPROVED


Date

Attendees

See the Participant roster

Voting (4 of 7 required for quorum)

#ParticipantAttending
1Davis, PeterN
2Hodges, GailY
3Hughes, AndrewY
4Jones, ThomasY
5Thoma, AndreasY
6Williams, ChristopherY
7Wunderlich, JohnY

Non-Voting

#ParticipantAttending
1Aronson, Marc
2Brudnicki, David
3Dutta, Tim
4Fleenor, Judith
5Gropper, Adrian
6Jordaan, Loffie
7LeVasseur, Lisa
8Snell, Oliver
9Stowell, Therese
10Tamanini, Greg
11Whysel, Noreen

Other attendees

Goals

  • Check-in on work progress
  • Create work packages
  • Use cases discussion
  • Review draft outline and assign writing tasks
  • Discuss meaning of "privacy-enhancing"

Discussion items

TimeItemWhoNotes

Call to Order

If quorum:

  • Approve agenda
  • Approve minutes
  • Quorum Achieved
  • Meeting called to order 13:05 ET
10 min.Actions or issues from prior meetings


no action

40 min.Report content discussion & reviewAll

Work packages

  • Create candidate/straw-person text for "information/expectations for verifiers"; "information/expectations for issuers"; "information/expectations for providers" sections (guidance to audiences about what to expect from the Requirements documents - what the requirements are intended to achieve)
    • "Persons" will also have expectations of verifier/issuer/provider behaviour - that will be reflected in the Requirements 
    • Describe what "privacy-enhancing" means from the point of view of each of the 3 target audiences
    • The material provided by Loffie is probably a good starting point for Issuers
    • e.g. Alice (holder) would like to know that Bob (verifier) will respect her privacy during and after the personal data interaction. 
  • Discussion - which entity should be displaying the trust mark? The software provider? The Venue? The Certifier? all are possible and would have different meanings to the Person
  • A single interaction can involve more than one "Relying Party" that potentially receives data

Privacy-enhancing:

  • Sense of comfort that the credential holder has that their privacy is respected throughout the credential ecosystem
  • Should include the sense of "better than status quo"

The Presentation document:

  • Must be careful to avoid overburdening the Person with too many approvals or overloads

Potential work items:

  • RP registration topic
  • Creating "bundles" of data (purposes) for different use cases
  • Creating legal liability for RPs that they will honour their promises on how they will handle data according to the principles, some of which may exceed obligations for regulatory compliance, especially for unregulated use cases
5 min.Adjourn
14h ET

Next meeting

 


Action items