Page tree
Skip to end of metadata
Go to start of metadata




  • Use case selection - 

Discussion items


use-cases kick-off with presentation (use-cases-20200401.pdf)

Vitor Jesus
  • 5 use-case scenarios presented: healthcare, information services, IoT, Smart Cities, Managed Consent
  • James Hazard: I'm thinking of an element in GA4GH consents that asks if the data user can recontact the data subject for further permission

  • James Hazard: does Notice, Notification, Consent include also a cycle of renotification and reconsent?  E.g., you permitted us to ask you for further permission.  And notices includes notices of results, or breach, etc.??
  • Xiaohu: notices have different classifications; terminology (as usual) needs to be clarified
  • James Hazard: I've been collecting data use frameworks.  Suggestions appreciated:; this is a low-tech, but high legal power initiative on clearing IP problems in covid

  • James Hazard: the lawyer comes in when something goes wrong – it needs traceability and auditability

presentation of a pharma scenarioPaul Knowles
  • Paul K - presented a Mickey Mouse Model (VJ–AdvCIS_use_case_pk.pdf), a model for a safe and secure data sharing economy.
  • Participants agreed on that this use-case is very representative and powerful and have shows keen interest in adopting it for the group.
  • Tom J: Within us healthcare federation, Kantara is proposing that the user should know that the party is a "Covered Entity", that there are a set of rules that the receiver has agreed to follow before the user is able to give consent. Exports of data beyond covered entities is a more deliberate process that the user must follow. I would hope that you insist on some multilateral federation of federations that can result in user knowledge of the continued protection of the user data. → VJ: healthcare may need to prove who they are à kind of a federation


Potential requirements identified for a receipt:

  • receipts need a strong identifier that may need to outlive the local transaction, i.e., it may need to set a context that is later invoked such as when re-consent is required or the user needs to be notified about a past consent action. in other words, it may need a consent lifecycle identifier that persists over time until revoked
  • receipts should hold information about all the context necessary to later invoke it
  • receipts may need to have the identity of the parties and that identity may need to be verified
  • receipts need to be a tool in themselves to support traceability and auditability
  • if a receipt has a notion of session/lifecycle, it may enable scheduled/batched consent where the user may not need to provide consent at the precise time but it comes from a past "batch" action (say, user agrees with a set of preferences that are reused over time)

Action items

  • No labels

1 Comment

  1. Wonderful to see all the participants on this call. Please bear this mind as I've not seen it as part of meeting minutes:

    Copied from the main meeting minutes:

    3/26 All and any ISI meetings are now required to read this statement before any business is conducted regardless if the meeting is Quorum or not.

    Thank you for joining the call today. 
    This Work Group operates under the Non-Assertion Covenant IPR option found as an appendix to IPR Policies V2.0 that Kantara operates.
    The Group Participation Agreement memorializes your acknowledgment of the terms under which you participate in this Work Group. Every person who has acknowledged the GPA is listed in the Participant Roster, as a voting or non-voting participant.
    However, there are circumstances, such as in-person workshops or calls where non-participant guests may be present who have not acknowledged the GPA for this Work Group.

    Every person on this call is strongly encouraged to acknowledge the GPA for this Work Group prior to any form of participation.
    If you have not, or do not wish to, please Note Well the following before you participate in any form.

    1) in accordance with the Kantara Initiative IPR Policies V2.0, all contributions by voice are valid contributions alongside the much more preferred written contributions and while you still retain your IP, you grant Kantara copyright equivalent to the terms of the Non-Assertion Covenant without further condition or reservation.

    2) it is your own IP and not another party's IP

    3) such contributions are not confidential or otherwise subject to the limitation in its distribution, including pricing or other competitively sensitive information.

    Again, if you are uncertain about any matters, please remain silent and do not contribute anything in writing.