Meeting 2020-05-20 AdvCIS

Date

2020-05-06

IPR

Thank you for joining the call today. 

This Work Group operates under the Non-Assertion Covenant IPR option found as an appendix to IPR Policies V2.0 that Kantara operates.The Group Participation Agreement memorializes your acknowledgment of the terms under which you participate in this Work Group. Every person who has acknowledged the GPA is listed in the Participant Roster, as a voting or non-voting participant.However, there are circumstances, such as in-person workshops or calls where non-participant guests may be present who have not acknowledged the GPA for this Work Group.

Every person on this call is strongly encouraged to acknowledge the GPA for this Work Group prior to any form of participation.
If you have not, or do not wish to, please Note Well the following before you participate in any form.

  1. In accordance with the Kantara Initiative IPR Policies V2.0, all contributions by voice are valid contributions alongside the much more preferred written contributions and while you still retain your IP, you grant Kantara copyright equivalent to the terms of the Non-Assertion Covenant without further condition or reservation.
  2. It is your own IP and not another party's IP
  3. Such contributions are not confidential or otherwise subject to the limitation in its distribution, including pricing or other competitively sensitive information.

Again, if you are uncertain about any matters, please remain silent and do not contribute anything in writing.

Attendees

Topics (revisit)

  • New Items to discuss? 
    • Blinding ID work update
      • Blinding Identity 
        • Identity
        • identifier
  • Specification Fields (maybe on Github - if we have access) 
    • quasi identifiers 
    • attributes 
    • data types 
    • Blinding Identity 
      • Identity
      • identifier
    • Notice Schema: (outline for ease of work) 
      • Purpose Category
        • Purpose of Use
          • Personal Data Categories 
            • Data Types ( conformance at industry code of conduct - specified in by ecosystem - e.g. pharma - medical research ) Also covered in IRM - Identity Relationship Management
              • Identifiers
                • Blinding Identity - General Masking Overlay - 
              • attributes 
                • Event of the interaction. 
      • Refer to COEL - Data Types 
      • DUO -Data Types -  https://github.com/EBISPOT/DUO
  • Notification Types - ISO 29184 provide a number of inputs for the work here.

Converstation on GDPR consent - cut off, discussing how human consent types map to different legal justifications, and how the GDPR defines general consent as a state of consent which is notified legally and defined by law, Debate - between Mark and Harsh - about the laws themselves providing the auhtoritative (legal) standard or Notice Infrastructure  for General Consent State as defined in GDPR, in which the legal justifications  operate, including contract an consent.  - interesting debate to close call - Former user (Deleted) Mark Lizar (Unlicensed) can research and report at a following meting - Or maybe discuss on Sunday on PrivMas Eve?  


Decisions

  • Discussion of Attribute terminology - and its scope of applicability to this specification - and that this is not directly in scope,  e.g. Blinding Identity, but that Blinding identity attributes be defined and references in a security consideration in this specification for attrbutes/datatypes -
    • and,  this spec should accommodate and interoperate with the scopes of attribute based governance and contract agreement frameworks for interoperability - and discoverability 
  • 29184 (the sister spec to the CR V1.1) Inputs accepted for drafting of the notice components of the Notice &. Consent (if required) Specification. 
    • For the Notice Lifecylcle framework Component of the Notice & Consent (if required) specification. 

Action items

  • interesting debate notes above  - Former user (Deleted) Mark Lizar (Unlicensed) can research and report at a following meting - Or maybe discuss on Sunday on PrivMas Eve?  
  • Summer Project -  DUO _ To DPV
    • Mark Lizar (Unlicensed) and Former user (Deleted)
      • Anadi has been tasked with mapping Unified to  DUO
      • This is also a part of the summer project
      • Discussed breaking some  DUO  labels down for DPV as a starting point - 
      • DUO is centralised federated data access framework with data access administered by federated identity Silo 
        • in contrast DPV is a personal data control vocabulary framework  - for which the labels can then be apart of decentralised data access framework . 
      • (great to see this project naturally progressing)