/
2018-06-28 Meeting notes (CR)

2018-06-28 Meeting notes (CR)

Dec 12, 2019

Date

2018-06-21

Status of Minutes

Approved

Approved at: 2019-12-12 Meeting notes (CR) DRAFT

Attendees

Voting

Non-Voting

  • Sylvester Mbagwu

  • Sal D'Agostino

Regrets

  • Richard Gomer

  • Kartik Venkatesh

Quorum Status


Meeting was <<<>>> quorate

 

Voting participants

 

Participant Roster (2016) - Quorum is 5 of 8 as of 2018-02-22

Iain Henderson, Mary Hodder, Harri Honko, Mark Lizar, Jim Pasquale, John Wunderlich, Andrew Hughes, Oscar Santolalla

Discussion Items

Time

Item

Who

Notes

4 mins

  • Roll call

  • Agenda bashing

@Former user (Deleted)

 

5 min

  • Organization updates

All

Please review these blogs offline for current status on Kantara and all the DG/WG:

There is a new wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Andrew of your implementation.

Planning a Member Plenary meeting October 26-ish San Francisco (Friday after IIW)

  • Are there specific cross-group items you'd like to propose to work on?

40 min

Interoperable Consent Receipt demo at MyData Conference

Andrew

  • Discussed Kartik's v1 of the sequence diagram

  • Park: the discussion about 'viewer/reader/dashboard' and the differences in functionality that those terms encompass

  • Has anyone played with the 'sand' demo app? URLs to follow by email

  • First part of the demo:

    • Data Subject interacts with Organization A and as a result, a consent receipt is created and shown to the Data Subject. The consent receipt is stored in a place that is known to the Data Subject.

  • Second part of the demo:

    • Data Subject starts their preferred app which they normally use to view and manage their consent receipts and sees a list of consent receipts that are in the place referenced from the first part of the demo. Data Subject clicks the new consent receipt and the contents are displayed.

  • ACTION: Mark/Sylvester to write functional descriptions of the 'viewer/reader/dashboard' concepts

 

AOB

 

 

 

Next meeting

 

2018-07-05 same time, same number

 

From 2018-06-28 call:

  • John walked through the draft scenario

  • Mircea: why would the receiving org need to generate a new CR?

    • A: Depends on the interpretation of Article 20 implementation

  • Jim: digi.me's consent feature requires that the data processor notifies the user on downstream sharing

  • Karik: Trunomi allows counterparties to be defined and data sharing rules defined up front. PSD2 scenarios - has 2 consents that are tracked - 3rd party doing payments on behalf and the financial institution

  • ACH: Would it make sense to just do the simplest thing: one data controller mints a CR and a different org displays it.

  • Richard: important to do display and that the back end system is following the CR instructions

  • Jim: digi.me has started work to 'export' a CR artifact. The user might be notified of sharing event.

  • John: starting to think that we should disconnect the demo scenario from any specific regulatory requirement - this should stay a technical demo

  • Robert: agrees - show what you received is what was sent - and show multiple receipts that display in the same way

  • ACH: related that people in unconference sessions are capable of imagining potential uses of CRs - we need to show the simplest functions

  • Kartik: conceptually makes sense - questions on the details about how multiple platforms will play

  • Mircea - need to decide on which systems take on what roles in the demo - which ones create CR, which ones consume & display

  • Richard: in principle it is OK - what does it actually look like to a User - the UX and concept of a CR moving from one place to another - there is no metaphor for this yet

  • Oscar: does not have viewer yet - so this would help to have some else's viewer to use

  • Mark: is the CR moved directly by the back end or are the actions done by the User.

  • ACH: has lined up a mobile operator as a issuer of CRs - but they have no viewer - they need the user to use someone else's viewer

  • ACH: need to do a storyboard

  • Robert: the metaphor should probably be the same as physical receipt management - one place to view them

  • ACTION: Richard to sketch a story board for this

  • ACTION: Kartik to ask questions around how consent management platforms - send to email - includes sequence diagram

  • Mircea - is each consent receipt unique? and should it stay at the originator org? then the only thing transfered would be the CR id?

  • ACTION: Jim - to list some of the high level activities that digi.me is undertaking

  • Mark: OpenConsent is planning to have a Viewer by August

  • Possible distinction: A Viewer - look at CRs one at a time. Dashboard - look at multiple CRs and act on them.

From 2018-06-14 call:

  • Jim: any project wanting to participate in the MyData consent receipt interop demo - we need you do do a mapping against the CR fields - there is a spreadsheet!

  • Need to ensure that the Use Case spotlights the user-centric approach. A motivator to show vendor-vendor interop is to demonstrate industry resilience.

  • Since the CR will contain personal data (and probably sensitive data) we must avoid giving the impression that we are unware of risks and anti-patterns.

  • There are 10 weeks remaining until presentation day!

  • Next week's call:

    • Confirm the high-level scenario for the demo

      • Should this be limited to exchange of CRs? or showing data transfer that involves CRs

    • Discuss and finalize a sequence/interaction diagram

      • Confirm the CR-related roles required for the demo (Display-ers/dashboards, the Person, CR Issuers)

    • Richard Gomer is committed to the project (per Chris ) - will have input into the UX issues

      • The Consentua WebSDK demonstrator has embodied some of these concepts

    • Pre-work assignments (due for distribution to the WG by Tuesday):

      • John - will develop a draft sequence diagram