2022-01-12 Meeting notes

APPROVED

Date

12 Jan 2022

Attendees

Voting (4 of 7 required for quorum)

#	Participant	Attending
1	Davis, Peter	Y
2	Hodges, Gail	Y
3	Hughes, Andrew	Y
4	Jones, Thomas	Y
5	Thoma, Andreas	Y
6	Williams, Christopher	Y
7	Wunderlich, John	Y

Non-Voting

#	Participant	Attending
1	Aronson, Marc	Y
2	Brudnicki, David
3	Dutta, Tim
4	Fleenor, Judith
5	Gropper, Adrian
6	Jordaan, Loffie	Y
7	LeVasseur, Lisa
8	Snell, Oliver
9	Stowell, Therese
10	Tamanini, Greg
11	Whysel, Noreen

Other attendees

Goals

Check-in on work progress
Review draft outline and assign writing tasks

Discussion items

Time	Item	Who	Notes
	Call to Order If quorum: Approve agenda Approve minutes	John Wunderlich	Meeting called to order at 13:03 Eastern The meeting has got quorum Approved agenda - approved Approved minutes from 2022-01-05 Meeting notes - approved
10 min.	Actions or issues from prior meetings	John Wunderlich	See tasks on Meeting Page Reviewed completed tasks
40 min.	Report content discussion & review	All	discussion about the use cases scope of the use cases - focus on the interactions of the Primary Actor in their journey to fulfil the business requirement Peter: the actual business requirement (of the venue) for Communicate a Credential Presentation is actually "Obtain proof of age to fulfill regulatory obligations" Tom: There are actually a set of Purposes that are the focal point for the Business Requirement Andrew: we should look at each actor in the role of Primary Actor - because each Actor could have different desired actions - that might not appear if looking at steps from certain other actors' point of view Christopher: Holders will never read these specifications - only developers/providers/organization - because they must implement something PEMC shall use this convention: Use Cases describe the steps taken by Actors. Actors can only be Humans. e.g. the Reader software designer must fulfil requirements of their Primary Actor - the operator of the Reader software. The operator of Reader software has business (and technical) requirements that are determined by that operator's Stakeholders e.g. regulatory, statutory, business customs, usability obligations and stakeholders (reminder: an Actor is a special type of Stakeholder that interacts with the System). Note: the stakeholder interests and operator's requirements must be run through the "privacy enhancing" lens - and maybe this influences the privacy defaults Christopher: there is no guidance within 18013-5 to Reader developers about what to do if the Presentation does not return a specific piece of information e.g. date of birth AND Age_over_nn. There are 18013-5 requirements for what the Holder's application must do. ie the Holder's application behaves in Privacy Enhancing ways - but nothing for Reader developers on how to develop Reader software in a Privacy Enhancing way. Same concerns apply to the developer of Issuer software - guidance about how to build the system in a Privacy Enhancing way. Tom: note that concrete use cases are more like the 'harmonization of the rules' material from Tom John: task assignments for the initial drafts for Abstract Use cases Loffie to create an initial draft for Issuance Gail: PEMC needs to ensure alignment with AAMVA implementation guidance & Future Identity Council guidance Christopher: raises concerns about scope of user stories - ensure that PEMC remains focused on digital/mobile credentials - stay away from the other topics that are not related Try to include 'open issues' section in user stories
5 min.	Adjourn		Meeting Adjourned at 14:00 Eastern

Next meeting

19 Jan 2022

Action items

Loffie Jordaan (Unlicensed) to create an initial draft for the Issuance use case
Gail Hodges to present to the PEMC meeting overview and some specifics from the FIC guidance material
Loffie Jordaan (Unlicensed) to present to the PEMC meeting overview of the AAMVA implementation guidance material