[WG-InfoSharing] CR - Implementors Feedback

David Turner david.turner at voltagegate.com
Fri Nov 18 14:53:44 CST 2016

Hello all,

I have attached the schema that Samuli modified to add proper validation.
(thanks Samuli). I also changed "jti" to "consentReceiptID" because "jti"
is a reserved name in JWT, and I added dataRention (see below).

>>> Mark Added - "Public Key should be in Data Controller section"
[dt] I don't agree. Each receipt will have just one key. If there are more
complex scenarios requiring multiple keys from different authorities then
we can deal with that in a future version, or we can assume it will be an
implementation-specific detail.

>>> Mark Added "Add Data Retention Field as suggested in v.0.9.3”
[dt] I added this to the attached schema as a "string", like
purposeTermination. Mark, please provide text for the field description.


On Wed, Nov 16, 2016 at 4:15 PM, Mark <mark at smartspecies.com> wrote:

> Hi Everyone,
> We have had a lot of last minute feedback from people leading consent
> receipt implementations.  As it happens, this feedback is just in time, as
> we have the opportunity to go through it tomorrow on the call.
> So to begin with I want to thank the implementors for your feedback, as
> well as welcome these gentlemen to the work group.
>    - Simon Crossley - from My Life Digital - running a team looking to
>    launch next year
>    - Joss Langford - from Coel - OASIS - looking to integrate the consent
>    receipt into the Coelition ecosystem
>    - Samuli Tuoriniemi -  from My Data and the University of Oulu
>    integrating consent into My Data Operator
> I hope the three of you can make the call tomorrow to discuss the
> outstanding items.  (The call is at 3:30pm UK time
> <https://global.gotomeeting.com/join/983443893> - )
> Thanks for the feedback and sharing about implementation.
> Kind Regards,
> Mark
> *For Next Meeting Nov 16*
> David has complied a list of the feedback; which we are close to
> addressing.
> *From David; —>  The biggest issues *are *based on implementers'
> feedback. Here's my recommendation as the editor (as opposed to an
> implementer)."
> v1
>    - Conformance is missing ; Major schema change to add validation.
>    (Samuli can explain)
>    - ‘PII Principle ID” is used without reference or definition. I assume
>    that this is the data subject (which seems like a more intuitive name). PII
>    Principle. i.e., the individual's name is missing.
>    - I think you’ll need an array of strings to name multiple third
>    parties.
>    - We need an array for multiple controllers in json – this is
>    suggested in the spec but no array is available.
>    - Mark Added - "Public Key should be in Data Controller section"
>    - Mark Added "Add Data Retention Field as suggested in v.0.9.3”
> v1.x
>    - Need an explanation of the relationship between the elements.
>    - publicKey: currently string, should this be JWK object?
>    - collectionMethod: table says type is object, schema
>    says type is string, I guess string is correct
>    - Consent type - requests for both content and JSON structure
>    - Purpose termination / data retention
> _______________________________________________
> WG-InfoSharing mailing list
> WG-InfoSharing at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-infosharing
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20161118/23eb2a76/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CR Schema v1_0_0 DRAFT 2.json
Type: application/json
Size: 2531 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20161118/23eb2a76/attachment.json>

More information about the WG-InfoSharing mailing list