Time | Item | Who |
---|---|---|
5 min | Introductions | New group members |
2 min | Welcome & antitrust policy notice | TBC |
Review of group's Google Doc and next steps | Everyone | |
3 min | Wrap up | Chair |
10:03:13 From Robin Renwick (IE) to Everyone : hello. I am here officially in an observer capacity as IP issues are not yet signed. Thank you. 10:03:27 From Trev Harmon to Everyone : Hi Robin. Happy to have you join us. 10:09:02 From Drummond Reed to Everyone : Ann, great to have you join us 10:12:19 From Drummond Reed to Everyone : +1 to those suggestions 10:14:52 From Jim StClair to Everyone : I can assist with security strandards 10:28:44 From Drummond Reed to Everyone : Yes, the Credential Formats, Signatures, and Exchange Protocols Drafting Group will be specifying the on-the-wire security. The rest of it will be wallet hosting (as Tony is saying) and key management. 10:29:05 From Drummond Reed to Everyone : That is where the list of data security standards at the start of the call come in. 10:31:08 From Drummond Reed to Everyone : This is where we can in fact specify the purpose and use limitations. 10:36:05 From Jim StClair to Everyone : I know Jan is on here, so let me add that ISO 29100 can be considered for Privacy as part of the framework 10:36:57 From Drummond Reed to Everyone : I really like the idea of this very specific purpose and usage limitation 10:39:17 From Jim StClair to Everyone : Retain data as permitted by consent 10:40:37 From Robin Renwick (IE) to Everyone : +1 to the ‘classification of personal data’ conversation! - it’s the basis of the legal basis, and the legal implications. 10:41:29 From Drummond Reed to Everyone : There is definitely personal data transmitted as part of a verifiable credential proof transmitted to the verifier. However we are saying the only data retention allowed is what is necessary for legal compliance. 10:44:56 From Jim StClair to Everyone : This also means “forcing” agreement of minimal data sets and abstraction of data from rules determinations 10:46:10 From Drummond Reed to Everyone : Yes, Jim, we could also do that. It feels like we need to specify the purpose and data retention limitations. 10:48:22 From Drummond Reed to Everyone : This is a key reason we want to require zero-knowledge proof (ZKP)-based credentials. 10:48:57 From Jim StClair to Everyone : +1 to both 10:50:05 From Jim StClair to Everyone : It’s personal data elements without compromising PII/PHI 10:50:55 From Tony Rose to Everyone : Bbs+++ 😎 10:53:07 From Drummond Reed to Everyone : +1 to this being part of Privacy and Data Protection 10:53:36 From Robin Renwick (IE) to Everyone : https://ec.europa.eu/info/live-work-travel-eu/coronavirus-response/safe-covid-19-vaccines-europeans/covid-19-digital-green-certificates_en#documents 10:55:13 From Drummond Reed to Everyone : +1! 10:55:22 From Jim StClair to Everyone : https://www.cigionline.org/articles/whats-really-stake-vaccine-passports 10:56:51 From Drummond Reed to Everyone : This is hugely important policy decision about purpose limitation and data retention limitation. It could be one of the hallmarks of what distinguishes a Good Health Pass! |
Action Items