2015-06-30 Meeting Notes
Date
June 30th, 2015
Attendees
Goals
- Kantara IPR Feedback, Review and Agreement
- Principles Discussion
Discussion Items
Time | Item | Who | Notes |
---|---|---|---|
1 min | Kantara IPR | Sal | |
4 mins | Roll Call | Sal |
|
4 mins | Minutes/Notes Update | Sal | |
5 mins | Virtual Plenary | Sal | |
35 mins | Principles | All |
|
3 mins | Other Admin | All |
|
1 mins | AoB | All |
|
Action Items
High-level Topics Covered
- Role call
- IRP Update
- Virtual Plenary Events
- Principles Discussion
- Revocable
- Transferable
Detailed Meeting Notes
Returning to revocable, sorry about not editing mutable comments out…
How do we relate the work in the different groups as a roadmap for use cases.
Really important to see what is going on in other groups.
Reviewed work to date,
How do you get notified, how does someone as for revoke, who can revoke,
Specific use case in health care, doctor and patient both have health care records, there are two relationships, one is to have patient centric records, doctor signs in and uses the shared/owned patient record, and then for forensic reasons doctors and patients have records, but this is likely “write only”, it is restricted,
Resource owner and contract, still have some confusion about where this takes us. It becomes hard to follow. A lot of words have been used in the identity space over a long time and we need to make sure that we don’t repeat that issue here. Different relationships to the same information.
Back to mutable, if something immutable, it cannot be revoked,
If something is revoked, it might be re-instated, so do we need to consider, suspended.
Be clear about what we mean because the term is not always very well understood,
If certain principles are in play then it might preclude others as in the case of mutable and revocable.
Can we be clear about the gap we are trying to fill, how do we cross the gap between where relationships are clear and where they are not (me and my health record vs. me and the IoT). In 25 words or less. Relationships with institutions that are clear vs. relationships with data brokers.
OK with this for now.
Moved on to Transferable
May be related to sub-attributes, so it has to be considered in context, so what about permission, is control also transferred. So in the case of temporary how complete is your ability to modify.
So maybe its only about temporary because if something is transferred you have created a new relationship,
Do we actually have a relationship lifecycle?
Redefine relationships
Could be referred to as delegation, it’s an all or nothing thing, delegation with constraint, (UMA..?)
Kim, transferrable, temporary or permanent that constraints can be applied.
Temporary transference or else? Delegated scope from a transfer (with return).
Doesn’t delete point, new actor, <- that’s a history.. vs. lifecycle and same dichotomy with other principles
Adrian points that you might have a relationship block chain.
Notion of prior, car fax
Design principles of transferable allows for one party to “hand its entire connection or some of its permissions to a relationship to another actor” forever or less time,
Negative case <- Ian
Temperature and Location, when the actor can’t but the cloud or portal solution and moves over to operational considerations. Can’t not do…
Put principles through, everyone with their own expertise and overlap with other Kantara WG – DG activity. Share the work.
LC resources for admin.