2019-04-11 Meeting notes (CR)

Date

2019-04-11

Status of Minutes

Approved

Approved at: 2019-12-12 Meeting notes (CR) DRAFT

Attendees

Voting

  • Jim Pasquale
  • Andrew Hughes
  • Lisa LeVasseur
  • Mark Lizar
  • Oscar Santolalla
  • Richard Gomer
  • John Wunderlich

Non-Voting

  •  Chris Olsen
  • Jan Lindquist
  • Colin Wallis
  • Pierre Roberge
  • Sneha Ved
  • Tom Jones

Regrets


Quorum Status


Meeting was <<<not>>> quorate


Voting participants


Participant Roster (2016) - Quorum is 6 of 10 as of 2019-03-20

Iain Henderson, Mary Hodder, Mark Lizar, Jim Pasquale (C), John Wunderlich (VC), Andrew Hughes (VC), Oscar Santolalla, Richard Gomer, Paul Knowles, Lisa LeVasseur

Discussion Items

Time

Item

Who

Notes

4 mins
  • Roll call
  • Agenda bashing
  • Deferred: Status: Wiki refresh work
  • Deferred: Status: Distribution-version of slide deck describing the work here (consent receipt today → personal data processing receipt tomorrow - or whatever we decide)
  • Updates from ISO SC 27/ WG 5 meetings in Tel Aviv
    • Consent receipt annex to 29184
    • New 6 month Study Period on consent record and receipt
  • Spec v2 timeline
  • Demo status update
  • DIACC Notice and Consent Overview comments
  • AOB


5 min
  • Organization updates
All

Please review these blogs offline for current status on Kantara and all the DG/WG:

There is a wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Jim, or John, or Andrew of your implementation.

HIGHLIGHTS FROM DIRECTORS CORNER MARCH 2019:

  • Kantara's Trust Framework Operations and Assurance program continues to strengthen with major players signalling their intention to seek 3rd party assessment and approval of their solutions to Kantara's 'NIST 800-63-3 Class of Approval'. To that end it was great to see the Board approve Swedish company Seadot as an accredited assessor. 
  • The last week of the month featured the KNOW Identity conference in Las Vegas, with many Kantarians in attendance, at the podium presenting, on the stage on panels, as well as receiving awards. It was a great event with Kantara helping out or liaison partners ID Pro on the educational session 'Privacy essentials for ID Professionals' and members featuring other members or Kantara reps on their panels.   
  • the UMA working group was presenting to the OAuth working group at the IETF 104 meeting in Prague to support its contribution of the UMA 2.0 specifications for formal standardization
  • the ID Proofing and Verification Discussion Group is assembling a strong set of use cases into a report to ISO SC27 Working Group 5 later in March in time for the Study Period's findings in Tel Aviv in April

15 minUpdates from ISO SC 27 meetingsAndrew
  • A synopsis of the consent receipt concept has been added to the draft 29184 Online Notice and Consent standard
  • This is a major success - ISO standards are one of the pillars supporting international trade - they remove 'technical barriers to trade' via WTO conventions
  • The discussion piqued the interest of the ISO WG around the concept of 'consent record and receipt'
  • A new Study Period has started to investigate whether a new standard project should be started to create a Consent Record and Receipt standard (we say 'yes!')
  • Colin and Andrew are the rapporteurs (coordinators) of the study period
    • will collect requirements, environmental scan, draft some text
    • the hope is that at the end of the study period we will be able to propose the start of a new project, possibly starting with draft text
  • IEEE 7012 - 'terms agreements' are likely to mandate that these agreements are documented and available to both parties
  • Cross-membership between Kantara WGs and other consent, privacy and information sharing project in other organizations should be used to keep loose coordination and information flows
10 minv2 specification timelineAndrew
  • There is an opportunity here - if we can get v2 of the specification to a stable (but not necessarily final) state by late-July then we could potentially contribute it into the ISO Study Period to inform the 1st working draft of the standard (presuming that ISO approves starting the project)
  • We need a Product Manager/Owner dedicated to driving the next version of the receipt specification - if we don't make the timelines then the opportunity will probably be lost.
5 minDemo status updateallSlow progress
15 minDIACC Notice and Consent docall

** Need a person to be responsible for this activity **

  • Deadline is May 3 for comments
deferProduct roadmap for the demoAll
  • Target is EIC May 2019

Here's the project page for the "Demo v2"

2019-04-11 call notes:


Comments (2019-04-04)

  • (jim) digi.me green light
  • (sneha) green light

2019-03-28 call notes:

  • Ubisecure
    • Oscar sent an email to the list about how to pass the v1.1 receipts to the dashboard/receiver service
    • Simple flows - a mechanism - for the end-user
    • This would allow direct receipt transfers instead of 'faking it' via the Downloads folder

======

Go to the demo v2 page for the breakdown of roles and functions for 2019-02-21 call


deferSpecification update approach

See a flowchart version of this here:

https://share.mindmanager.com/#publish/b-DWOcuKGnVY1PXBKXTpL0-DQOeqmZMGfGUAPiC5


2019-03-14 notes:

  • Mark:
    • sent the GDPR extension to the W3C "Data Privacy Vocabulary Community Group" for comment
    • building a proposal to split the notice from the 'consent' in the structure
      • (note that this is similar to the digi.me proposal)
  • Andrew urges all participants to post issues into the github repo for proposed spec changes - so that we can discuss and prioritize them for action
5 minAOB
  • H2020 TRUESSEC.eu project (draft document is from June 2018)

Next meeting

*** Next call 2019-04-18 10:30 am Eastern DAYLIGHT Time

https://global.gotomeeting.com/join/323930725