2022-01-05 Meeting notes

APPROVED

Date

05 Jan 2022

Attendees

Voting (4 of 7 required for quorum)

#	Participant	Attending
1	Davis, Peter	x
2	Hodges, Gail	x
3	Hughes, Andrew	x
4	Jones, Thomas	x
5	Thoma, Andreas	x
6	Williams, Christopher	x
7	Wunderlich, John	x

Non-Voting

#	Participant	Attending
1	Aronson, Marc	x
2	Brudnicki, David
3	Dutta, Tim
4	Fleenor, Judith
5	Gropper, Adrian
6	Jordaan, Loffie	x
7	LeVasseur, Lisa
8	Snell, Oliver
9	Stowell, Therese
10	Tamanini, Greg
11	Whysel, Noreen

Other attendees

Goals

Check-in on work progress
Identity work needed to complete Implementers Draft for March delivery

Discussion items

Time	Item	Who	Notes
	Call to Order If quorum: Approve agenda Approve minutes	John Wunderlich	Meeting called to order at: 13:02 Meeting has quorum Approved agenda Approved 2021-12-15 Meeting notes
10 min.	Actions or issues from prior meetings	John Wunderlich	See tasks on Meeting Page Reviewed completed tasks
40 min.	Report content discussion & review	All	Reviewed DraftImplementorsReportOutline.pdf John asked whether a 'single author' vs 'many authors' approach is preferred - 'single author' seems more likely The idea is 5-ish pages for main body of the report, plus detailed material in annexes / user stories The guidance is for data custodians about the things they should be doing in order for people to trust them to do the right things Can be informed by NIST Privacy Engineering and various GDPR-related materials John Wunderlich to Add the section headings into the Content pages in the wiki Use Word documents or markdown files and post them into the wiki Note that this Implementors Report is intended to be deliverable of the WG - it defines the framework within which the detailed Recommendation documents will fit Each of the Implementor's Guidance sub-clauses should have around 3 requirements to start then additional Recommendation documents will contain additional detailed requirements Note: Biometric pre-check use case is getting attention - we need to find a better name that avoids the brand name "Pre-check" to avoid confusion Note: the use case is so that the person knows (in advance) what credentials they will need in order to get through the check point successfully. This is where the person shares their biometric data and additional attribute data (and is verified) before they show up at the check point. This use case covers the 'automated boarding gate which uses biometric matching to authenticate the passenger at boarding time' Note: there might be national security or legislation that overrides general personal information protections - we must focus on the everyday policy decisions, not the high security decisions The purpose of the credential usage is the critical factor - clearly defined and well explained purpose text enables the rest of the requirements Discussion about timing of requirements and the supporting assessment criteria Because this is needed now - the WG should consider how the assessment criterial can be developed in parallel
5 min.	Adjourn		Meeting Adjourned at 14:00

Next meeting

12 Jan 2022

Action items

John Wunderlich to Add the section headings from the mind map into the Content pages in the wiki - due January 12 2022
All to start listing requirements from their perspective