/
2023-03-24 - Weekly Update

2023-03-24 - Weekly Update

Owned by Benjamin Balder Bach
Last updated: Jun 29, 2023 by PSRAMKUMAR
4 min read

Mar 24, 2023

About this document: Agenda and notes are kept in the same document, a separate copy of the document is maintained for each meeting. Please add agenda points before the meeting. Action items created in previous meeting and all other unresolved action items are kept in the document. Please tick off any completed items.

Meeting link: https://meet.google.com/rsf-cqaq-eyq at 08:30 UTC / 09:30 CET / 14:00 IST

Attendees

  • @Ain Aaviksoo (Deactivated) (meeting facilitator; meeting note keeper as Benjamin was in the train today)

  • @Philippe Page

  • @Benjamin Balder Bach (weekly note keeper and time keeper)

  • @sasi

Meeting Note

Agenda

Presenter

Discussion

Agenda

Presenter

Discussion

Action points from last week

@Ain Aaviksoo (Deactivated)

Discussed and resolved

Updates from TC meeting (fixed)

@Ain Aaviksoo (Deactivated)

CON-75: Update Consent Specification for Version 1.0 releaseDone to be finished with CON-76: Remove Section 4 - Key Digital FunctionalitiesDone under review

@PSRAMKUMAR to review the GitBook PR GitBook Ain created

House-keeping

@Ain Aaviksoo (Deactivated) and @Benjamin Balder Bach

Action items and postponed agenda items cleaned up

Non-functional security requirements for ID and consent?
(for next meeting)

postponed for next meeting

Should we add inputs to general Non-functional security requirements regarding consent? Training requirements for staff?

Gherkin scenario writing discussion

Everyone

Specific questions discussed from Ain’s work on Gherkin Scenario drafting document

 

Additional roadmap item discussion: Configuration for callers of APIs: RBAC for agreements?

@Ain Aaviksoo (Deactivated) added as comment @Benjamin Balder Bach has an idea for a follow-up
postponed for next meeting

@Ain Aaviksoo (Deactivated) will add to CON-1: Consent Specifications v2.0In Progress

House-keeping our action items etc

 

Completed

Social Cash Transfer

 

Add to CON-1: Consent Specifications v2.0In Progress ticket with the links to relevant discussion by other groups @Ain Aaviksoo (Deactivated)

Question from Sasi: is there any way to that multiple parties can interact with each other based on a broader agreement rather than a one to one agreement?

postponed for next meeting

Note keepers notes: We’ll probably have to take this one up at a later meeting because we didn’t get to an action item on this one.

to write the outcome of discussions with @Philippe Page 2w ago @Ain Aaviksoo (Deactivated)

Payment Use-Case

@Ain Aaviksoo (Deactivated)
postponed for next meeting

What are consent-related aspects of the Payment UC?

Add to Spec 2.0 as a ticket @Ain Aaviksoo (Deactivated)

Scope and service registry?

@sasi @Ain Aaviksoo (Deactivated)
postponed for next meeting

What are our next actions on registering required scopes for BB services?

This agenda point seems (today) a bit vague, so that the decision is we will close it for the time being until called again with a specific request for action.

For future reference some keywords discussed:

What is the scope of data from other building blocks even before we can create a consent?

Whether an individual can record a consent?

“Consent management” definition

@Ain Aaviksoo (Deactivated)

We renamed “Consent Management BB” to “Consent BB”. Is there a useful definition of “consent management” that we can apply?

Decision: close the agenda point as “resolved”

New issues

@sasi

  • What do we expect other BBs that call Consent-BB to store?

  • When do we like to use Consent-BB and when do we not expect this? (This should also be know to the auditor.)

Discussion: How shall we address such matters, which do not fit into specification format?

@sasi will articulate in Consent BB FAQ these questions to be addressed
(the group can then address them and decide where and how their later proper “place” will be)

New issue

@Benjamin Balder Bach

We need perhaps more general “BB prerequisites for integrating with Consent BB or something” (in addition to tech spec)

@Benjamin Balder Bach will start revisiting, what’s been written in Consent BB FAQ already in Confluence;
If needed, create another page “to help understand the use of Consent-BB Tech Spec”

Audit use cases test spec and potential update

@Philippe Page

Accepted to start working as suggested by Philippe

CON-89: Document Consent BB use for different Audit ScenariosIn Progress

Toi be agreed over the next week Descriptions within Jira to keep the scope manageable

@Philippe Page will finish the initial descriptions and commit himself to the ones he feels appropriate

CON-93: Document what are audit trackerAccepted

CON-90: Document Consent BB use for Third Party external auditAccepted

CON-91: Document Consent BB use for Individual (e.g. consentee) auditProposed

CON-92: Document Consent BB for a ControllerProposed

If any task is missing - anyone is free to add one

Security, Privacy aspects - we need someone to contribute for us (especially if this is not only done by an human) @Ain Aaviksoo (Deactivated) to see if we can find “central” resources to contribute here

Need to think how far a volunteer work can carry us with this “mission-critical” service

Spec 2.0

Everyone

Create Jira tickets for the suggested new points under CON-1: Consent Specifications v2.0In Progress @Ain Aaviksoo (Deactivated)

New Action Items

Action Items from previous meetings

Presentation of API endpoints, mocks and tests for technical committee meeting Thursday @Ain Aaviksoo (Deactivated) (blocked / reminder)
Compliance concept - @Ain Aaviksoo (Deactivated) (blocked / reminder)
We need a meeting around verifying or gathering input from the Working group on the sequence diagram in https://govstack-global.atlassian.net/wiki/spaces/GH/pages/149946386 @Ain Aaviksoo (Deactivated) will call for this.
@Ain Aaviksoo (Deactivated) schedule to review Social Cash Transfer Use Case.
@Benjamin Balder Bach look at previous notes to embed OpenAPI in GitBook and send a note to Ramkumar
@Ain Aaviksoo (Deactivated) add and maintain definitions for subjects of Gherkin scenarios
Get GitBook invite for @Philippe Page
@Philippe Page sign up to GitBook via GitHub or tell @Ain Aaviksoo (Deactivated) what your existing signup email is.
@Benjamin Balder Bach create a variety of simple Gherkin scenarios for registering an individual so it’s clear that the Consent BB doesn’t care about the type of ID and how it stores external references.
@Philippe Page Create a Jira issue discussing to create a confluence page that has new scenarios which can illustrate why a modular system like GovStack benefits from using Consent IDs that aren’t directly mapped to functional IDs. Ultimately to mature into specification, maybe Gherkin scenarios.
@Ain Aaviksoo (Deactivated) consider if the decision to have “external ID” and “external ID type” referencing Individuals is relevant for the Key Desicion Log (if it’s not already there)
@Benjamin Balder Bach Next steps on: Audit filters w/ temporal logic, Audit data, New fields that we need to store: Application IDs, Traceable IDs + modify “forgettable” in the sense that consent record may be deleted once a specific service has been delivered and the consent is no longer eligible.

Decision

  1. We agree with Steve about the 2 visual diagrams in “7 Data Structure”, we will keep the drawings and avoid any auto-generated models for now.

Related content