General update (5 min)

@Ain Aaviksoo

• News from Technical Committe meeting

Ain has presented to the TC that we can contribute on a voluntary basis, but we need more clarity about the future of the BB and Govstack.

Ramkumar shares that some structures will accommodate to smaller team sizes. Ramkumar reflected on the general situation with lots of global conversations coming together shouldn’t stall development of the BB.

Kanban board + Action points from last week

• Consent BB Spec 2.0 scoping
  https://govstack-global.atlassian.net/jira/software/c/projects/CON/boards/61?quickFilter=109

Ain proposes that we keep the current structure of the Kanban board. There are certain items marked as “in progress” and the group agrees that they are all in progress.

Update from iGrant

Sandbox integration WP3 is ongoing, and the Sandbox integration is ready. Only the documentation is needed.

Test compliance is being worked on now, too.

WPs and Deliverables

UI/UX and specification

@Lal Chandran

• The UX/UI in Consent BB spec as a “strong guideline”

• Consent BB feedback to the GovStack UX/UI guidelines
  4.3.6 Asking users for consent | GovStack Specification

Lal: We should define key UI components and make comments to this proposal.

We need the UI/UX guidelines to be factually correct and introducing consent at the right level. Readers (application designers, architects etc) will understand the Consent BB often with this entrypoint.

We can supply sequence diagrams of API calls to support UI/UX diagrams. Govstack’s value will be quite obvious if the user can move easily from UI/UX wireframes to API implementation.

Requirements for DDX has included UI. It seems unclear if UI/UX is part of the Consent BB.

A “Data Agreement” is very specific about what the UI should do, as well as the Privacy Dashboard.

Noting a clear consensus in the meeting around having a Privacy Dashboard

Spec 2.0

@Ain Aaviksoo

• Current specification’s consent definition to introduce Data Agreement
  CON-191: Update Chapter 2 - Description of the specification v2In Review (in Review)

Ain motivated the changes and we agreed to continue discussing the text in writing.

Offline consent

in preparation for next meeting

Notes from previous meeting:

• on-demand consent is perhaps less of a “practical” need for Government use-cases, since government usecases often have a legal basis (legitimate interest/obligation etc)

• Ain notes that it’s the role of the application (not the Consent BB) to produce “on-demand” consent, so the Consent BB supports this scenario, however it does not directly facilitate it.

• We can think of our specification text with the reader in mind. In this case, we can support readers looking to “plug in” the Consent BB in a data transaction in order to guide their understanding towards best-practice consent design and app architecture.

To summarize this, we believe that it’s possible to include “on-demand” consent by describing how an application can use the Consent BB for this scenario. This can be a section in the specification. [immediately after the meeting, this has been captured as a candidate for the FAQ section]

We’ll continue this discussion in the next meeting to cover other aspects of offline consent that are relevant to our immediate roadmap.

Note from original meeting: We had to postpone this. Note that we’re trying to figure out a terminology here. “On-demand” consent was used to emphasize the risks of this kind of thinking, but “offline consent” will help us capture the broader nature. Everyone is encouraged to think about terminology

Consent delegation

skipped

• https://govstack-global.atlassian.net/browse/CON-52

• Where is the relationship between individuals stored?

  • The application is aware of it?

  • Another BB is aware of it?

  • Auditing should be able to verify it

Review necessary Gherkin scenarios to implement

@Benjamin Balder Bach Skipped

CON-15: Create test configuration for Consent Configuration APIsIn Progress