General update (5 min)

@Ain Aaviksoo

Note: meeting cut short to 30 minutes

Kanban board + Action points from last week

Update from iGrant

New members for working group

@Benjamin Balder Bach

Coordination with Community Growth Team has yielded the following process:

• Community Growth Team creates an invitation for a WG

• WG sends Community Growth Team any feedback

• WG sends Community Growth Team a shortlist of people (name, email/linkedIn) they'd like to have invited directly + any annotations for a personal invite

• Community Growth Team sends the invites

So we can come up with a short-list for the Consent BB WG and then a GovStack community growth member can reach out officially.

Discussion: We need clearly defined future goals for the WG before inviting new members. Ain will lift this for the TC

Discussion on Identity Management situation, some recent criticism, and the general GovStack approach (15 min)

Lal mentioned that DDX Solution User-Managed Access - the research is documented.

Ain would like to have a clear discussion about about the large-scale intiatives around Identity Management and how it influences consent and how we integrate with them.

Lal mentions that the approach of this analysis was systematic and is worth publishing as a finding.

Phillippe mentioned that we/GovStack should take advantage

Offline consent

in preparation for next meeting

Notes from previous meeting:

• on-demand consent is perhaps less of a “practical” need for Government use-cases, since government usecases often have a legal basis (legitimate interest/obligation etc)

• Ain notes that it’s the role of the application (not the Consent BB) to produce “on-demand” consent, so the Consent BB supports this scenario, however it does not directly facilitate it.

• We can think of our specification text with the reader in mind. In this case, we can support readers looking to “plug in” the Consent BB in a data transaction in order to guide their understanding towards best-practice consent design and app architecture.

To summarize this, we believe that it’s possible to include “on-demand” consent by describing how an application can use the Consent BB for this scenario. This can be a section in the specification. [immediately after the meeting, this has been captured as a candidate for the FAQ section]

We’ll continue this discussion in the next meeting to cover other aspects of offline consent that are relevant to our immediate roadmap.

Note from original meeting: We had to postpone this. Note that we’re trying to figure out a terminology here. “On-demand” consent was used to emphasize the risks of this kind of thinking, but “offline consent” will help us capture the broader nature. Everyone is encouraged to think about terminology

Consent delegation

skipped

• CON-52: Consent delegationIn Progress

• Where is the relationship between individuals stored?

  • The application is aware of it?

  • Another BB is aware of it?

  • Auditing should be able to verify it

Review necessary Gherkin scenarios to implement

@Benjamin Balder Bach Skipped

CON-15: Create test configuration for Consent Configuration APIsIn Progress