2018-08-09 Meeting notes (CR)
Date
2018-08-09
Status of Minutes
Approved
Approved at: 2019-12-12 Meeting notes (CR) DRAFT
Attendees
Voting
- Andrew Hughes
- Mark Lizar
- Oscar Santolalla
- Jim Pasquale
Non-Voting
- Sylvester
- Colin Wallis
- Sal D'Agostino
Regrets
Quorum Status
Meeting was <<>> quorate
Voting participants
Participant Roster (2016) - Quorum is 5 of 9 as of 2018-07-12
Iain Henderson, Mary Hodder, Harri Honko, Mark Lizar, Jim Pasquale, John Wunderlich, Andrew Hughes, Oscar Santolalla, Richard Gomer
Discussion Items
Time | Item | Who | Notes |
---|---|---|---|
4 mins |
|
| |
5 min |
| All | Please review these blogs offline for current status on Kantara and all the DG/WG:
There is a new wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Andrew of your implementation. Planning a Member Plenary meeting October 26-ish San Francisco (Friday after IIW)
|
40 min | Interoperable Consent Receipt demo at MyData Conference | All | 1) Dev team status Google drive folder for export/import of consent receipts
|
2) Sequence diagram and roles status
| |||
3) Storyboard status | |||
4) Stage narrative status
| |||
5) Team Issues and showstoppers discussion OpenConsent raised an issue: The result is that there is no PII. Controller name in a receipt produced spec an viewed in the viewer. From OC -viewer conformance input - The spec does not clearly differentiate between child objects (or values) and their parents. Thus the spec defines piiController as an array. What it then does is list a number of other fields WITHOUT indicating that they are a grouped object that is what is in the array. Solution piiController should not be a string, neither should service or purpose - these fields should also be reviewed to be an object .. Might also have a name field (or description field in the object that is a string.
| |||
AOB |
| ||
Next meeting | 2018-08-16 same time, same number GOAL IS TO HAVE ALL DEMO PARTICIPANTS JOIN THE CALL TO WORK OUT ANY MAJOR ISSUES |
From 2018-08-02 call:
- digi.me
- Consentua
- Still on track - deciding on timing of code change deployment on Monday - some front end work to go after that
- Ubisecure
- Still on track
- OpenConsent
- Viewer exists, able to read consent receipts, working on the UI
- Can consume api.consentreceipt.org and v1.1 CR
- Trunomi
- Still on track - JSON examples early next week
- clym
From 2018-07-26 call:
- digi.me
- n/a
- Consentua
- Developers have promised CR output Week of August 6-10 - we will be looking for the output in the shared google folder
- Ubisecure
- n/a
- OpenConsent
- Viewer has been started - looking to get receipts from others
- Target is August 15 to be able to display CRs
- Open call to suggest features for OC to include - provide them this week if possible
- Trunomi
- currently in their 2-week dev sprint - target completion week of August 6-10
- clym
- n/a
- Telus
- Resource and scheduling estimates for creating an external CR for an existing app
AOB
- Q: in the spec, Services is described as a 'business service'. But these days, companies are describing this as a 'category of business purposes'.
- A: 'Service' is the name and description of the service - an unspecified field - mainly for humans
- A: 'Purpose category' is to describe the business service purposes
- A: If there is a Service with the same Purposes and the same Data as anonther Service, then they are indistinguishable.
- Q: How are we envisioning asking the 'do you consent to this' question?
- A: The Notice part of the flows have not been worked out yet in this group, deliberately.
- Q: Have we decided on what format/location/interface will be recommended for the 'exported' CRs?
- A: Right now, it's files in the Downloads folder (or a user-selected folder) - the 'real' discussion about this will be deferred until after the demo in August.
- Q: How does COEL spec relate to the IETF secevent RFC?
- https://datatracker.ietf.org/wg/secevent/about/
- https://coelition.org/business/resources/visualising-life/
- https://ore.exeter.ac.uk/repository/handle/10871/28297
- secevent 'Event Token' jwt formats should be investigated
- mydata session - Joss
- OneTrust, Nixu, JLINC, Kantara
- Andrew asked for 20 minutes for the demo
- Joss suggests that the Kantara demo goes last then transitions to Q&A for all
- Q: Are there special provisions needed on the mydata web site to help people interact with the demo?
- Need to focus the mydata demo presentation to trigger 'delivery' and action instead of 'interest'
From 2018-07-19 call:
- digi.me
- new internal release v2.2 is available this week
- some enhancements to Consent Access functions - some export functions
- created field mapping versus specification - spreadsheet has been available for a few weeks
- has new spreadsheet with updated JSON file info - has sent to David and Andrew for pre-review
- digi.me has drafted a 'vendor extension' - proposal for new objects to be added to the spec
- digi.me is done
- Consentua
- Service is ready to go - just need to create a format for the CR spec - a configuration change, not a code change
- work planned to start next week - planning session - will have more status on Monday
- Ubisecure
- Minimal prototype - no CR in product
- They will use the CR generator to create a sample app - a bookshop
- CR will be downloadable
- OpenConsent
- underway to create a Viewer plus Viewer API
- scheduling estimates underway - target is to demo this at the interop demo
- Trunomi (via Andrew)
- currently in their 2-week dev sprint - will have code after next week
- Telus
- Resource and scheduling estimates for creating an external CR for an existing app