Date

Sep 07, 2015

Attendees

In v0.7 fields that need to be reviewed for insertion into core the specification for version 0.8:

Review Purpose Specification: field structure and extension of purpose specification attributes. Service, Purpose (from List in Appendix A). Should data retention be mandatory in MVCR?
Review consent context – Adding method of collection, location, placement, type of option, clarity of purpose, (i.e. a button on a website, a radial) – This context information is relevant to regulations in some jurisdictions that stipulate required fields, and conditions which are required for consent to be fair and reasonable.
Review mandatory link to short privacy notice – Is the consent receipt a new first layer for privacy meta-notice, the first layer in layered privacy notices? Should this be required or optional in the MVCR? What are the legal considerations?
Review consent transaction data – How does this differ from the consent payload?
Review consent payload – what is a total list of data that can, should and must be captured? [This appears to be out of scope of the MVCR and requires a use case]
Review Resource/Authorization Server (UMA)
Review Adding OAuth Scopes
Review and what is —> Audience URI
Review Resource/Authorization Server
- Discuss Scheduling items for SPEC review in CISWG call for this quarter and to start using join.me to edit the spec or address issues on the call

Schedule	Review on List	Review on Call	Issue Priority
Monday 14 Sept	Purpose Specification	Specification Abstract & Introduction	To be reviewed once issues are posted and added to GitHub in Calls
Monday 21 Sept	Consent Context	Next Section
Monday 28 Sept	Design Principles	Next Section

- ISO Comment Submission - We miss this and John indicates their will be more rounds for comment
  - ACTION Mark to pass his comments to ISO
Discussing Purpose Specification and duration should be seperate from purpose.
- there are multiple duration for data retention for different purposes
- this may be need to be another section in the receipt post MVCR that list retention period separately.. So this tabled and is out of purpose specification.
The contents of a retention period section woudl be key valued pairs - values would be assigned by regulation or policy.
- the longest period would be rolled up and this would be the retention period that is presented
Context & Collection Method Field needs definition and better label (remove context)
VRM DAY - we discussed creating a demo of our work and presenting this at IIW on Oct 26
- Action: Mark to start a scope of work for the demoAction Items