2018-12-20 Meeting notes (CR)

Date

2018-12-20

Status of Minutes

Approved

Approved at: 2019-12-12 Meeting notes (CR) DRAFT

Attendees

Voting


Non-Voting

  • Robert Mitwicki
  • David Turner
  • Jan Lindquist
  • Colin Wallis

Regrets


Quorum Status


Meeting was <<<>>> quorate


Voting participants


Participant Roster (2016) - Quorum is 6 of 11 as of 2018-11-19

Iain Henderson, Mary Hodder, Harri Honko, Mark Lizar, Jim Pasquale (C), John Wunderlich (VC), Andrew Hughes (VC), Oscar Santolalla, Richard Gomer, Paul Knowles, Samantha Zirkin

Discussion Items

Time

Item

Who

Notes

4 mins
  • Roll call
  • Agenda bashing
  • Discuss approach to specification updates



5 min
  • Organization updates
All

Please review these blogs offline for current status on Kantara and all the DG/WG:

There is a wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Andrew of your implementation.

  • TIIME, Vienna, February
  • EIC, Munich, May
  • Identiverse, Washington, June
10 minProduct roadmap for the demoAll
  • Target is EIC May 2019
  • Decisions needed:
  • The specific set of user stories we want to showcase
30 minSpecification update approachAll
  • Discovery approach leading to backlog leading to prioritization?
  • How do we decide what changes we must do in this round versus deferrable changes?
  • Support for implementation functions
    • x
  • Structural changes for ease of receipt processing
    • Note that because the v.next receipt specification is net new - so 'breaking changes' probably means that v.next is not backwards-compatible with v1.1
    • x
  • Direct support for interoperable exchange of receipt data
    • Data integrity features, etc
    • Note: this category shares many topics and issues with the Schemas/Overlays work
    • x
  • Recommendations and guidance for specific fields/values
    • x
  • Document family structure for extensions
    • x

See a flowchart version of this here:

https://share.mindmanager.com/#publish/b-DWOcuKGnVY1PXBKXTpL0-DQOeqmZMGfGUAPiC5


AOB

Paul - next SSI task is to build a 'consent schema' - 20 attributes so far - will circulate for review

  • Issues about Purpose for data processing are not included at this time - the schema is more about the mechanical aspects of description of the data e.g. aspects of revocation

Mark - liaison work

  • Lots of progress at W3C on vocabulary - GDPR-specific profile/extensions
  • EU government group working on Taxonomy for people and businesses
  • NIST "xpress rules", Healthcare IT, FHIR
  • Should establish a bi-monthly or quarterly liaison information sharing call in 2019



Next meeting

*** Next call 2019-01-10 10:30 am Eastern Standard Time / 15:30 GMT

NO CALLS December 27 or January 3




From earlier calls:

  • Andrew has set up a github repo for next-version specification backlog items, including use cases: 
    https://github.com/KantaraInitiative/consent-receipt-v-next
  • Some possible items for next versions:
    • Structural changes to the spec including a hierarchy of objects that should improve high transaction volume
    • Integration/association of the new Blinding Identity Taxonomy into the CR Spec family (to inform implementers of potential data categories of interest)
    • Recommendations for Customer Journey / UX / UI features
    • Library of industry-specific or case-specific Purpose categories and example Purpose statements
    • Expansion of Consent Types to allow for more than just Explicit Consent situations
    • (idea) Optional receipt metadata to assist privacy dashboards in organizing and processing 'bring forward' items (e.g. "remind me to check this share in 3 months")
    • digi.me product and management have identified six areas for development
      • consent over period of time (rather than instantaneous consent)
      • termination/modification of consent from either side
      • high transaction volume & low per-instance cost
      • how the 'receipt' fits into accounting systems infrastructures
      • receipt as the basis for legal matters and actions
      • UX/UI concerns
    • for Clinical Trials uses, data holder is required to keep data for 10 years - need to consider longevity of the receipts to go alongside data holdings