[WG-InfoSharing] Fwd: CR - Implementors Feedback

Mark mark at smartspecies.com
Mon Nov 21 03:00:22 CST 2016


FYI

Fwd from Joss - seems he is not permission for the WG mailing list yet.


> Begin forwarded message:
> 
> From: Joss Langford <joss at coelition.org>
> Subject: RE: [WG-InfoSharing] CR - Implementors Feedback
> Date: 21 November 2016 at 08:35:14 GMT
> To: Samuli Tuoriniemi <Samuli.Tuoriniemi at oulu.fi>, David Turner <david.turner at voltagegate.com>, Mark <mark at smartspecies.com>
> Cc: "wg-infosharing at kantarainitiative.org" <wg-infosharing at kantarainitiative.org>, Simon Crossley <scrossley at mylifedigital.co.uk>
> 
> Samuli <>
> 
> This is very helpful stake in the ground. Thank you.
> 
> ·         I notice that that publicKey is outside the dataController object. I think the specification needs to set who/what this is a public key for. If it is for the agreement, it is the right place, but who controls it? If it is for the data controller then it needs to be inside that object.
> ·         You have specified the data controller address as an object – which I think it right. How do we specify the fields in that object, both technically within the schema and the standard?
> ·         I see you have included ‘oneOf' – is this in the latest spec? I don’t understand its purpose if it is.
> 
> Best regards
> Joss
> 
> 
> 
> This message is private and confidential. If you have received this message in error, please notify us and remove it from your system.
> Coelition is a non-for-profit company limited by guarantee registered in England & Wales (8402657) 48 Chancery Lane, London WC2A 1JF
> 
> From: Samuli Tuoriniemi [mailto:Samuli.Tuoriniemi at oulu.fi]
> Sent: 20 November 2016 13:56
> To: David Turner <david.turner at voltagegate.com>; Mark <mark at smartspecies.com>
> Cc: wg-infosharing at kantarainitiative.org; Joss Langford <joss at coelition.org>; Simon Crossley <scrossley at mylifedigital.co.uk>
> Subject: RE: [WG-InfoSharing] CR - Implementors Feedback
> 
> Hi,
> 
> Attached fixed schema.
> List of changes:
> -Changed “address” type to “object”
> -Changed ”required” : ”jti” -> ”consentReceiptID”
> -Added: “minimum” :0 to “consentTimestamp
> -Moved “policyUrl” to correct place
> -Removed format keywords
> -Removed “retention”
> -Removed "additionalProperties": false
> 
> -Samuli
> 
> From: David Turner [mailto:david.turner at voltagegate.com <mailto:david.turner at voltagegate.com>]
> Sent: 18. marraskuuta 2016 23:15
> To: Mark
> Cc: wg-infosharing at kantarainitiative.org <mailto:wg-infosharing at kantarainitiative.org>; Joss Langford; Simon Crossley; Samuli Tuoriniemi
> Subject: Re: [WG-InfoSharing] CR - Implementors Feedback
> 
> Sigh, it must be Friday. Samuli let me know that I sent the wrong file. This is the correct one.
> 
> Sorry about that.
> 
> On Fri, Nov 18, 2016 at 12:53 PM, David Turner <david.turner at voltagegate.com <mailto:david.turner at voltagegate.com>> wrote:
> Hello all,
> 
> I have attached the schema that Samuli modified to add proper validation. (thanks Samuli). I also changed "jti" to "consentReceiptID" because "jti" is a reserved name in JWT, and I added dataRention (see below).
> 
> >>> Mark Added - "Public Key should be in Data Controller section"
> [dt] I don't agree. Each receipt will have just one key. If there are more complex scenarios requiring multiple keys from different authorities then we can deal with that in a future version, or we can assume it will be an implementation-specific detail.
> 
> >>> Mark Added "Add Data Retention Field as suggested in v.0.9.3”
> [dt] I added this to the attached schema as a "string", like purposeTermination. Mark, please provide text for the field description.
> 
> David
> 
> On Wed, Nov 16, 2016 at 4:15 PM, Mark <mark at smartspecies.com <mailto:mark at smartspecies.com>> wrote:
> Hi Everyone,
> 
> We have had a lot of last minute feedback from people leading consent receipt implementations.  As it happens, this feedback is just in time, as we have the opportunity to go through it tomorrow on the call.
> 
> So to begin with I want to thank the implementors for your feedback, as well as welcome these gentlemen to the work group.
> 
> Simon Crossley - from My Life Digital - running a team looking to launch next year
> Joss Langford - from Coel - OASIS - looking to integrate the consent receipt into the Coelition ecosystem
> Samuli Tuoriniemi -  from My Data and the University of Oulu integrating consent into My Data Operator
> I hope the three of you can make the call tomorrow to discuss the outstanding items.  (The call is at 3:30pm UK time <https://global.gotomeeting.com/join/983443893> - )
> 
> Thanks for the feedback and sharing about implementation.
> 
> Kind Regards,
> 
> Mark
> 
> For Next Meeting Nov 16
> 
> David has complied a list of the feedback; which we are close to addressing.
> 
> *From David; —>  The biggest issues are based on implementers' feedback. Here's my recommendation as the editor (as opposed to an implementer)."
> 
> v1
> Conformance is missing ; Major schema change to add validation. (Samuli can explain)
> ‘PII Principle ID” is used without reference or definition. I assume that this is the data subject (which seems like a more intuitive name). PII Principle. i.e., the individual's name is missing.
> I think you’ll need an array of strings to name multiple third parties.
> We need an array for multiple controllers in json – this is suggested in the spec but no array is available.
> Mark Added - "Public Key should be in Data Controller section"
> Mark Added "Add Data Retention Field as suggested in v.0.9.3”
> v1.x
> Need an explanation of the relationship between the elements.
> publicKey: currently string, should this be JWK object?
> collectionMethod: table says type is object, schema says type is string, I guess string is correct
> Consent type - requests for both content and JSON structure
> Purpose termination / data retention
> 
> 
> 
> 
> 
> _______________________________________________
> WG-InfoSharing mailing list
> WG-InfoSharing at kantarainitiative.org <mailto:WG-InfoSharing at kantarainitiative.org>
> http://kantarainitiative.org/mailman/listinfo/wg-infosharing <http://kantarainitiative.org/mailman/listinfo/wg-infosharing>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20161121/628681a8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20161121/628681a8/attachment-0001.sig>


More information about the WG-InfoSharing mailing list