[WG-InfoSharing] CR - Implementors Feedback

Mark mark at smartspecies.com
Mon Nov 21 02:08:17 CST 2016


Thanks Samuli,


> On 20 Nov 2016, at 13:55, Samuli Tuoriniemi <Samuli.Tuoriniemi at oulu.fi> wrote:
> 
> Hi,
> 
> Attached fixed schema.
> List of changes:
> -Changed “address” type to “object”
> -Changed ”required” : ”jti” -> ”consentReceiptID”
> -Added: “minimum” :0 to “consentTimestamp
> -Moved “policyUrl” to correct place
> -Removed format keywords
> -Removed “retention”
> -Removed "additionalProperties": false
> 
> -Samuli
> 
> From: David Turner [mailto:david.turner at voltagegate.com <mailto:david.turner at voltagegate.com>]
> Sent: 18. marraskuuta 2016 23:15
> To: Mark
> Cc: wg-infosharing at kantarainitiative.org <mailto:wg-infosharing at kantarainitiative.org>; Joss Langford; Simon Crossley; Samuli Tuoriniemi
> Subject: Re: [WG-InfoSharing] CR - Implementors Feedback
> 
> Sigh, it must be Friday. Samuli let me know that I sent the wrong file. This is the correct one.
> 
> Sorry about that.
> 
> On Fri, Nov 18, 2016 at 12:53 PM, David Turner <david.turner at voltagegate.com <mailto:david.turner at voltagegate.com>> wrote:
> Hello all,
> 
> I have attached the schema that Samuli modified to add proper validation. (thanks Samuli). I also changed "jti" to "consentReceiptID" because "jti" is a reserved name in JWT, and I added dataRention (see below).
> 
> >>> Mark Added - "Public Key should be in Data Controller section"
> [dt] I don't agree. Each receipt will have just one key. If there are more complex scenarios requiring multiple keys from different authorities then we can deal with that in a future version, or we can assume it will be an implementation-specific detail.
> 
> >>> Mark Added "Add Data Retention Field as suggested in v.0.9.3”
> [dt] I added this to the attached schema as a "string", like purposeTermination. Mark, please provide text for the field description.
> 
> David
> 
> On Wed, Nov 16, 2016 at 4:15 PM, Mark <mark at smartspecies.com <mailto:mark at smartspecies.com>> wrote:
> Hi Everyone,
> 
> We have had a lot of last minute feedback from people leading consent receipt implementations.  As it happens, this feedback is just in time, as we have the opportunity to go through it tomorrow on the call.
> 
> So to begin with I want to thank the implementors for your feedback, as well as welcome these gentlemen to the work group.
> 
> Simon Crossley - from My Life Digital - running a team looking to launch next year
> Joss Langford - from Coel - OASIS - looking to integrate the consent receipt into the Coelition ecosystem
> Samuli Tuoriniemi -  from My Data and the University of Oulu integrating consent into My Data Operator
> I hope the three of you can make the call tomorrow to discuss the outstanding items.  (The call is at 3:30pm UK time <https://global.gotomeeting.com/join/983443893> - )
> 
> Thanks for the feedback and sharing about implementation.
> 
> Kind Regards,
> 
> Mark
> 
> For Next Meeting Nov 16
> 
> David has complied a list of the feedback; which we are close to addressing.
> 
> *From David; —>  The biggest issues are based on implementers' feedback. Here's my recommendation as the editor (as opposed to an implementer)."
> 
> v1
> Conformance is missing ; Major schema change to add validation. (Samuli can explain)
> ‘PII Principle ID” is used without reference or definition. I assume that this is the data subject (which seems like a more intuitive name). PII Principle. i.e., the individual's name is missing.
> I think you’ll need an array of strings to name multiple third parties.
> We need an array for multiple controllers in json – this is suggested in the spec but no array is available.
> Mark Added - "Public Key should be in Data Controller section"
> Mark Added "Add Data Retention Field as suggested in v.0.9.3”
> v1.x
> Need an explanation of the relationship between the elements.
> publicKey: currently string, should this be JWK object?
> collectionMethod: table says type is object, schema says type is string, I guess string is correct
> Consent type - requests for both content and JSON structure
> Purpose termination / data retention
> 
> 
> 
> 
> 
> _______________________________________________
> WG-InfoSharing mailing list
> WG-InfoSharing at kantarainitiative.org <mailto:WG-InfoSharing at kantarainitiative.org>
> http://kantarainitiative.org/mailman/listinfo/wg-infosharing <http://kantarainitiative.org/mailman/listinfo/wg-infosharing>
> 
> 
> <CR Schema v1_0_0 DRAFT3.json>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20161121/6076993e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20161121/6076993e/attachment-0001.sig>


More information about the WG-InfoSharing mailing list