Skip to end of metadata
Go to start of metadata

Date

2019-04-25

Status of Minutes

DRAFT

Approved at: <<Insert link to minutes showing approval>>

Attendees

Voting

  • Andrew Hughes
  • Lisa LaVasseur
  • Jim Pasquale
  • John Wunderlich
  • Mary Hodder

Non-Voting

  • Pierre Roberge
  • Colin Wallis
  • Chris Olsen
  • Tom Jones

Regrets

  • Oscar Santolalla


Quorum Status


Meeting was <<<not>>> quorate


Voting participants


Participant Roster (2016) - Quorum is 6 of 10 as of 2019-03-20

Iain Henderson, Mary Hodder, Mark Lizar, Jim Pasquale (C), John Wunderlich (VC), Andrew Hughes (VC), Oscar Santolalla, Richard Gomer, Paul Knowles, Lisa LeVasseur

Discussion Items

Time

Item

Who

Notes

4 mins
  • Roll call
  • Agenda bashing
  • Status: Wiki refresh work
  • Status: Distribution-version of slide deck describing the work here (consent receipt today → personal data processing receipt tomorrow - or whatever we decide)
  • Demo status update
  • Spec v2
  • DIACC Notice and Consent Overview comments
  • AOB


5 min
  • Organization updates
All

Please review these blogs offline for current status on Kantara and all the DG/WG:

There is a wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Jim, or John, or Andrew of your implementation.

  • IIW, Mountain View, California, April-May
  • EIC, Munich, May - member discount code available - PLEASE REGISTER FOR THE MEMBER PLENARY MEETING Monday May 13th 2019: https://kantarainitiative.org/register-for-kantara-european-plenary/
  • Identiverse, Washington, June
  • USENIX SOUPS '19 and PEPR '19 symposia August 11-13 Santa Clara, CA
  • MyData, Helsinki, September
  • Discussion on what Privacy Engineering is (it's specific direction on how to implement rather than policy statements)

15 minv2 specification timelineAndrew
  • There is an opportunity here - if we can get v2 of the specification to a stable (but not necessarily final) state by late-July then we could potentially contribute it into the ISO Study Period to inform the 1st working draft of the standard (presuming that ISO approves starting the project)
  • We need a Product Manager/Owner dedicated to driving the next version of the receipt specification - if we don't make the timelines then the opportunity will probably be lost.
15 minDemo status updateall
  • Oscar has proposed that Ubisecure create a primitive Privacy Control Panel app that accepts inbound receipts over an OAuth-controlled API.
  • digi.me is nearing completion of mods to their 'consent access dashboard' to make it look/behave like a Privacy Control Panel
  • We need to add a couple fileds to the spec (just for the demo) that allow the user to 'call back' to the receipt-issuer to invoke a user-mediated function like 'forget me'. These need to be fields that are URLs somewhere in the receipt-issuing party's namespace - the idea is that the user views a receipt and can click on the field/URL for the action they want to invoke. It's a way to fake an action button that does what we believe might happen in real implementations.
  • Status updates from participants:
    • Andrew to connect Richard and Oscar to get working on the API
    • digi.me still making progress


15 minDIACC Notice and Consent docall

John W. is responsible for gathering and submitting comments from the WG. (2019-04-25)

  • Deadline is May 3 for comments

https://diacc.ca/2019/04/03/notice-consent-overview-conformance-discussion-drafts/

deferProduct roadmap for the demoAll
  • Target is EIC May 2019

Here's the project page for the "Demo v2"

2019-04-11 call notes:


Comments (2019-04-04)

  • (jim) digi.me green light
  • (sneha) green light

2019-03-28 call notes:

  • Ubisecure
    • Oscar sent an email to the list about how to pass the v1.1 receipts to the dashboard/receiver service
    • Simple flows - a mechanism - for the end-user
    • This would allow direct receipt transfers instead of 'faking it' via the Downloads folder

======

Go to the demo v2 page for the breakdown of roles and functions for 2019-02-21 call


deferSpecification update approach

See a flowchart version of this here:

https://share.mindmanager.com/#publish/b-DWOcuKGnVY1PXBKXTpL0-DQOeqmZMGfGUAPiC5


2019-03-14 notes:

  • Mark:
    • sent the GDPR extension to the W3C "Data Privacy Vocabulary Community Group" for comment
    • building a proposal to split the notice from the 'consent' in the structure
      • (note that this is similar to the digi.me proposal)
  • Andrew urges all participants to post issues into the github repo for proposed spec changes - so that we can discuss and prioritize them for action
5 minAOB
  • CIS WG marketing collateral - need it for EIC - Jim to resume progress
  • WG had a long discussion about what the receipt represents and roadmap and how they might be valued by the individual

Next meeting

*** Next call 2019-05-09 10:30 am Eastern DAYLIGHT Time

https://global.gotomeeting.com/join/323930725









2 Comments

  1. Andrew Hughes is there a link to the Digi.me proposal ? 

    • (note that this is similar to the digi.me proposal)
    1. Jim

      Mark,

      Here is what digi.me is doing no longer proposing, 

      With a digi.me library created with a consent receipt already matching whichever one is decided on to be used as the demo.

      There will be a website available able to browse for a json file that is on the device and pushed that into the digi.me library.

      You’ll be able to open digi.me and navigate to the consent receipt and pretend it’s been imported and mapped. The real json will be in the library too and viewable as json.

      The video on how to export a digi.me CC (consent certificate) is also available as a separately included demo.


      Mark, Please note much of the demo could be run from an out of band test network, however, the engineering group is testing so much lately they/we are concerned some other internal testing might bring down the test network as the demos are being shown. 


      /jim