2018-06-21 Meeting notes (CR)

4 mins

• Roll call

• Agenda bashing

@Former user (Deleted)

5 min

• Organization updates

All

Please review these blogs offline for current status on Kantara and all the DG/WG:

• Director's Corner: 2018: May

• Working + Discussion Group Activity

There is a new wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Andrew of your implementation.

Planning a Member Plenary meeting October 26-ish San Francisco (Friday after IIW)

• Are there specific cross-group items you'd like to propose to work on?

40 min

Interoperable Consent Receipt demo at MyData Conference

Andrew

• John walked through the draft scenario

• Mircea: why would the receiving org need to generate a new CR?

  • A: Depends on the interpretation of Article 20 implementation

• Jim: digi.me's consent feature requires that the data processor notifies the user on downstream sharing

• Karik: Trunomi allows counterparties to be defined and data sharing rules defined up front. PSD2 scenarios - has 2 consents that are tracked - 3rd party doing payments on behalf and the financial institution

• ACH: Would it make sense to just do the simplest thing: one data controller mints a CR and a different org displays it.

• Richard: important to do display and that the back end system is following the CR instructions

• Jim: digi.me has started work to 'export' a CR artifact. The user might be notified of sharing event.

• John: starting to think that we should disconnect the demo scenario from any specific regulatory requirement - this should stay a technical demo

• Robert: agrees - show what you received is what was sent - and show multiple receipts that display in the same way

• ACH: related that people in unconference sessions are capable of imagining potential uses of CRs - we need to show the simplest functions

• Kartik: conceptually makes sense - questions on the details about how multiple platforms will play

• Mircea - need to decide on which systems take on what roles in the demo - which ones create CR, which ones consume & display

• Richard: in principle it is OK - what does it actually look like to a User - the UX and concept of a CR moving from one place to another - there is no metaphor for this yet

• Oscar: does not have viewer yet - so this would help to have some else's viewer to use

• Mark: is the CR moved directly by the back end or are the actions done by the User.

• ACH: has lined up a mobile operator as a issuer of CRs - but they have no viewer - they need the user to use someone else's viewer

• ACH: need to do a storyboard

• Robert: the metaphor should probably be the same as physical receipt management - one place to view them

• ACTION: Richard to sketch a story board for this

• ACTION: Kartik to ask questions around how consent management platforms - send to email - includes sequence diagram

• Mircea - is each consent receipt unique? and should it stay at the originator org? then the only thing transfered would be the CR id?

• ACTION: Jim - to list some of the high level activities that digi.me is undertaking

• Mark: OpenConsent is planning to have a Viewer by August

• Possible distinction: A Viewer - look at CRs one at a time. Dashboard - look at multiple CRs and act on them.

AOB

Next meeting

2018-06-28 same time, same number