ANCR WG 20210317

Date and Time

• Wednesday 10:30 EST

  • Screenshare and dial-in: 

  • United States: +1 (224) 501-3316, Access Code: 485-071-053 (confirm or change)

  • See ANCR calendar for additional details: https://kantara.atlassian.net/wiki/display/WA/Calendar

Agenda

• Roll

• IPR

• Minutes  Approval 

• Agenda Approval

• Intros

• Agenda Items Discussion

  • Actions pending

  • Actions new

• Updates from the consent community

• AOB

Roll call

@vitor jesus (Unlicensed)

@Mark Lizar (Unlicensed)

@Salvatore D'Agostino (Unlicensed)

Jan

Quorum reached 4 of 6.

Non-voting

@PeterD (Deactivated)

Participant Roster

IRP Policy Announcement

Approve minutes

• ANCR WG 20210303 

Vitor moved, no objection.

Intros

None

Community Input

None

Actions

1. Review of receipt fields. Everyone should review spreadsheet which is in the files folder 

   1. https://kantara.atlassian.net/wiki/display/WA/File+lists

   2. Editable spreadsheet for review: https://docs.google.com/spreadsheets/d/1rxF6yym3CGUgtt-AWbrShpazULkSGj9TH1hPxzaF9h8/edit?usp=sharing 

2. Narrative

   1. Mark's Update

      1. Contribution from last week sets baseline.

   2. Blog Post

      1. Initial brief post up

3. Delta 1.1. (Discussion on the Call) and work on the above field spreadsheet, as per below) 

   1. List of fields last week, are a very mature contribution

      1. GDPR Extension

         1. Published Notice Paper (Mark and Harsh)

      2. ISO related contributions

         1. Update with Data Privacy Vocabulary

      3. Pursuit of Legal 

   2. Combine this with 1.1.

   3. Any other contributions.

      1. Child as data subject bias because of requirements and high risk.

         1. Data subject is not capable of an assessment or authorization of data release,

         2. Example of delegation with the Principal (inactive -incapable)

         3. How to record vs. how to collect/enact (implicit consent by delegation).

      2. FHIR ontology into DPV, examples of delegate roles

      3. Delegation of Notice and Consent for Identity service vs. by the identity services

      4. Transborder flow specific fields (extended discussion)

         1. What an individual needs to do to cross any jurisdiction

         2. Not just nation state boundary

         3. Jusrisdictional relationships and nesting.

         4. Two fields for now as optional

         5. Example of expiration of privacy shield

      5. Drives simplified user experience and leaves behind an aritifact useful to both subject and controller.

      6. Privacy Nutrition at Apple vs. simply Nutrition Label → historically static, next gen is active ← back to the WG future...

      7. Attached to substrate of federation protocol

         1. DID is subject of relying party

         2. W3C uri schemes

         3. Side effect of UMA AS. (assumes presence of user in the flow, can perhaps address that in user not present use cases)

         4. Protocol binding as pointer, binds privacy controller to others

         5. Purpose driven, adds scope to receipt in binding, consent binding to authorization token.

            1. Resource

            2. Scope

            3. Audit

               1. Code of conduct

               2. Technical implementation

                  1. protocol

                  2. privacy considerations

                  3. security considerations

   4. Discussion of Consent ID

4. Open issues

5. Admin Workflow and Resources

6. Formalize work plan

   1. Expand group participation, open to all

   2. Presentations from abcd to 

7. ISO input

   1. Not discussed

8. Use Cases

   1. Airside (Peter)

   2. Immunity Passports

   3. PaECG

Small, bite size chunks of delta, start with structure of core receipt.

Header is the notice component w/controller identity

Legal justifiction then further field descrptions

Consent notice receipt is the base max schema, which sets consideration for 1.2

.....then extensible: receipt type, interest notice, contract notice....

(draft)

End of March informal freeze specification and fields, also determine areas for later work, not included in current specification publication.

Early-Mid April (draft for ISO consideration during next comment period)

End of April draft for circulation 

End of May consolidate comments

End of June publication

Need to coordinate (and determine) ISO 27560 comments and drafts schedule with that of the workgroup.

Determine any resources we need to support the workgroup and specification publication.

Discussion of election process, desire to have WG leadership roles apart from Chair, Vice-Chair, Secretary, Editor. Open to adding these as the opportunity arises.