2022-01-05 Meeting notes


APPROVED

Date

Attendees

See the Participant roster

Voting (4 of 7 required for quorum)

#ParticipantAttending
1Davis, Peterx
2Hodges, Gailx
3Hughes, Andrewx
4Jones, Thomasx
5Thoma, Andreasx
6Williams, Christopherx
7Wunderlich, Johnx

Non-Voting

#ParticipantAttending
1Aronson, Marcx
2Brudnicki, David
3Dutta, Tim
4Fleenor, Judith
5Gropper, Adrian
6Jordaan, Loffiex
7LeVasseur, Lisa
8Snell, Oliver
9Stowell, Therese
10Tamanini, Greg
11Whysel, Noreen

Other attendees

Goals

  • Check-in on work progress
  • Identity work needed to complete Implementers Draft for March delivery

Discussion items

TimeItemWhoNotes

Call to Order

If quorum:

  • Approve agenda
  • Approve minutes
10 min.Actions or issues from prior meetings

See tasks on Meeting Page

Reviewed completed tasks

40 min.Report content discussion & reviewAll
  • Reviewed DraftImplementorsReportOutline.pdf
  • John asked whether a 'single author' vs 'many authors' approach is preferred - 'single author' seems more likely
  • The idea is 5-ish pages for main body of the report, plus detailed material in annexes / user stories
  • The guidance is for data custodians about the things they should be doing in order for people to trust them to do the right things
    • Can be informed by NIST Privacy Engineering and various GDPR-related materials
  • John Wunderlich to Add the section headings into the Content pages in the wiki 
  • Use Word documents or markdown files and post them into the wiki
  • Note that this Implementors Report is intended to be deliverable of the WG - it defines the framework within which the detailed Recommendation documents will fit
  • Each of the Implementor's Guidance sub-clauses should have around 3 requirements to start
    • then additional Recommendation documents will contain additional detailed requirements
  • Note: Biometric pre-check use case is getting attention - we need to find a better name that avoids the brand name "Pre-check" to avoid confusion
    • Note: the use case is so that the person knows (in advance) what credentials they will need in order to get through the check point successfully. This is where the person shares their biometric data and additional attribute data (and is verified) before they show up at the check point.
    • This use case covers the 'automated boarding gate which uses biometric matching to authenticate the passenger at boarding time'
    • Note: there might be national security or legislation that overrides general personal information protections - we must focus on the everyday policy decisions, not the high security decisions
  • The purpose of the credential usage is the critical factor - clearly defined and well explained purpose text enables the rest of the requirements
  • Discussion about timing of requirements and the supporting assessment criteria
    • Because this is needed now - the WG should consider how the assessment criterial can be developed in parallel


5 min.Adjourn

Meeting Adjourned at 14:00

Next meeting

 


Action items

  • John Wunderlich to Add the section headings from the mind map into the Content pages in the wiki - due January 12 2022
  • All to start listing requirements from their perspective