Skip to end of metadata
Go to start of metadata

APPROVED

Date

Attendees

See the Participant roster

Voting

ParticipantAttending
Brudnicki, David
Davis, PeterRegrets
Hodges, GailY
Hughes, AndrewY
Jones, ThomasY
Williams, ChristopherY
Wunderlich, JohnY


Non-Voting

ParticipantAttending
Aronson, MarcY
Gropper, Adrian
Jordaan, LoffieY
LeVasseur, Lisa
Whysel, Noreen

Goals

  • Check-in on work progress
  • Review elections for next week

Discussion items

TimeItemWhoNotes

Call to Order

If quorum:

  • Meeting is quorate
  • Moved approval of 2021-11-10 and 2021-11-17
    • No objections
10 minutesActions or issues from prior meetings
  • See tasks on Meeting Page
  • John - added Front Matter to drop box
  • Andrew - started a Terms and definitions page
  • All to suggest additional sources of terms and definitions to look at
40 minutesReport content discussion & reviewAll
  • reviewed the terms and definitions pages
  • reviewed the front matter draft in Dropbox
  • reviewed the PEMC templates
  • Next step: brainstorm/come up with a TOC for the Implementer's Guidance document
    • Audience: Architects/designers, developers, organization policy setters, standards organizations
  • Scope of this WG concerns:
    • 18013-5 is transactional and implied consent - it is insufficient and that's why this WG exists
    • This provides no assurances to the individual that the entities/actors operating or providing the systems and the operating organizations should or can be trusted to provide privacy protective/respecting services.
    • The individual should be able to reasonably assume (especially if the organization is certified as conforming to the specifications) that the organizations are 'doing what they should be doing'.
    • Specify a set of principles for mobile credentials and associated data
    • Define expectations on the organizations and suppliers regarding their mobile credential-related products, mobile credential-related services and use of those products and services
  • Need to be cautious to avoid trying to cover all of data protection and information management
    • Organizations are expected to operate their own privacy program - this WG will give them material to address mobile credentials - this WG will not define their privacy program generally
  • Should document the foundation principles up front and put them in the Implementer's guidance so that readers of any of the documents starts from the same understanding
  • QQ: Is credentials/presentation aggregation in scope?
5 minutesNext meetingGail can talk about OIDF eKYC-IDA work and GAIN initiative

Adjourn

Moved: Loffie

Seconded: Gail

Meeting Adjourned.

Next meeting

 

Action items

  • Andrew Hughes to add ISO 29100 terms and ISO 27000 terms ISO 24760
  • John Wunderlich to update the user story template to match Tom's contribution
  •