2015-06-30 Meeting Notes

Date

June 30th, 2015

Attendees

Goals

Kantara IPR Feedback, Review and Agreement
Principles Discussion

Discussion Items

Time	Item	Who	Notes
1 min	Kantara IPR	Sal	Kantara IPR http://kantarainitiative.org/confluence/download/attachments/2293776/Kantara+Initiative+IPR+Policies+_V1.1_.pdf?version=1
4 mins	Roll Call	Sal	Roll, new intros, announcements
4 mins	Minutes/Notes Update	Sal	https://kantarainitiative.org/confluence/display/irm/Meeting+Notes?src=conte%0xtnavchildmode
5 mins	Virtual Plenary	Sal	Proposal: Virtual Plenary Events
35 mins	Principles	All	Return to Revocable...; Also covered Transferable;
3 mins	Other Admin	All	Other Administrative, Action Item Review (not covered above)
1 mins	AoB	All	AoB TBD...

Action Items

High-level Topics Covered

Role call
IRP Update
Virtual Plenary Events
Principles Discussion
- Revocable
- Transferable

Detailed Meeting Notes

Returning to revocable, sorry about not editing mutable comments out…

How do we relate the work in the different groups as a roadmap for use cases.

Really important to see what is going on in other groups.

Reviewed work to date,

How do you get notified, how does someone as for revoke, who can revoke,

Specific use case in health care, doctor and patient both have health care records, there are two relationships, one is to have patient centric records, doctor signs in and uses the shared/owned patient record, and then for forensic reasons doctors and patients have records, but this is likely “write only”, it is restricted,

Resource owner and contract, still have some confusion about where this takes us. It becomes hard to follow. A lot of words have been used in the identity space over a long time and we need to make sure that we don’t repeat that issue here. Different relationships to the same information.

Back to mutable, if something immutable, it cannot be revoked,

If something is revoked, it might be re-instated, so do we need to consider, suspended.

Be clear about what we mean because the term is not always very well understood,

If certain principles are in play then it might preclude others as in the case of mutable and revocable.

Can we be clear about the gap we are trying to fill, how do we cross the gap between where relationships are clear and where they are not (me and my health record vs. me and the IoT). In 25 words or less. Relationships with institutions that are clear vs. relationships with data brokers.

OK with this for now.

Moved on to Transferable

May be related to sub-attributes, so it has to be considered in context, so what about permission, is control also transferred. So in the case of temporary how complete is your ability to modify.

So maybe its only about temporary because if something is transferred you have created a new relationship,

Do we actually have a relationship lifecycle?

Redefine relationships

Could be referred to as delegation, it’s an all or nothing thing, delegation with constraint, (UMA..?)

Kim, transferrable, temporary or permanent that constraints can be applied.

Temporary transference or else? Delegated scope from a transfer (with return).

Doesn’t delete point, new actor, <- that’s a history.. vs. lifecycle and same dichotomy with other principles

Adrian points that you might have a relationship block chain.

Notion of prior, car fax

Design principles of transferable allows for one party to “hand its entire connection or some of its permissions to a relationship to another actor” forever or less time,

Negative case <- Ian

Temperature and Location, when the actor can’t but the cloud or portal solution and moves over to operational considerations. Can’t not do…

Put principles through, everyone with their own expertise and overlap with other Kantara WG – DG activity. Share the work.

LC resources for admin.