/
2018-12-20 Meeting notes (CR)

2018-12-20 Meeting notes (CR)

Dec 12, 2019

Date

2018-12-20

Status of Minutes

Approved

Approved at: 2019-12-12 Meeting notes (CR) DRAFT

Attendees

Voting

 

Non-Voting

  • Robert Mitwicki

  • David Turner

  • Jan Lindquist

  • Colin Wallis

Regrets

 

Quorum Status


Meeting was <<<>>> quorate

 

Voting participants

 

Participant Roster (2016) - Quorum is 6 of 11 as of 2018-11-19

Iain Henderson, Mary Hodder, Harri Honko, Mark Lizar, Jim Pasquale (C), John Wunderlich (VC), Andrew Hughes (VC), Oscar Santolalla, Richard Gomer, Paul Knowles, Samantha Zirkin

Discussion Items

Time

Item

Who

Notes

Time

Item

Who

Notes

4 mins

  • Roll call

  • Agenda bashing

@Former user (Deleted)

  • Discuss approach to specification updates

 

 

5 min

  • Organization updates

All

Please review these blogs offline for current status on Kantara and all the DG/WG:

There is a wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Andrew of your implementation.

  • TIIME, Vienna, February

  • EIC, Munich, May

  • Identiverse, Washington, June

10 min

Product roadmap for the demo

All

  • Target is EIC May 2019

  • Decisions needed:

  • The specific set of user stories we want to showcase

30 min

Specification update approach

All

  • Discovery approach leading to backlog leading to prioritization?

  • How do we decide what changes we must do in this round versus deferrable changes?

  • Support for implementation functions

    • x

  • Structural changes for ease of receipt processing

    • Note that because the v.next receipt specification is net new - so 'breaking changes' probably means that v.next is not backwards-compatible with v1.1

    • x

  • Direct support for interoperable exchange of receipt data

    • Data integrity features, etc

    • Note: this category shares many topics and issues with the Schemas/Overlays work

    • x

  • Recommendations and guidance for specific fields/values

    • x

  • Document family structure for extensions

    • x

See a flowchart version of this here:

https://share.mindmanager.com/#publish/b-DWOcuKGnVY1PXBKXTpL0-DQOeqmZMGfGUAPiC5

 

AOB

 

Paul - next SSI task is to build a 'consent schema' - 20 attributes so far - will circulate for review

  • Issues about Purpose for data processing are not included at this time - the schema is more about the mechanical aspects of description of the data e.g. aspects of revocation

Mark - liaison work

  • Lots of progress at W3C on vocabulary - GDPR-specific profile/extensions

  • EU government group working on Taxonomy for people and businesses

  • NIST "xpress rules", Healthcare IT, FHIR

  • Should establish a bi-monthly or quarterly liaison information sharing call in 2019

 

 

Next meeting

 

*** Next call 2019-01-10 10:30 am Eastern Standard Time / 15:30 GMT

NO CALLS December 27 or January 3

 

 

 

From earlier calls:

  • Andrew has set up a github repo for next-version specification backlog items, including use cases: 
    https://github.com/KantaraInitiative/consent-receipt-v-next

  • Some possible items for next versions:

    • Structural changes to the spec including a hierarchy of objects that should improve high transaction volume

    • Integration/association of the new Blinding Identity Taxonomy into the CR Spec family (to inform implementers of potential data categories of interest)

    • Recommendations for Customer Journey / UX / UI features

    • Library of industry-specific or case-specific Purpose categories and example Purpose statements

    • Expansion of Consent Types to allow for more than just Explicit Consent situations

    • (idea) Optional receipt metadata to assist privacy dashboards in organizing and processing 'bring forward' items (e.g. "remind me to check this share in 3 months")

    • digi.me product and management have identified six areas for development

      • consent over period of time (rather than instantaneous consent)

      • termination/modification of consent from either side

      • high transaction volume & low per-instance cost

      • how the 'receipt' fits into accounting systems infrastructures

      • receipt as the basis for legal matters and actions

      • UX/UI concerns

    • for Clinical Trials uses, data holder is required to keep data for 10 years - need to consider longevity of the receipts to go alongside data holdings