[WG-ANCR] Re: Next Steps - Notice and Consent Receipt v2,

0€ *†H†÷
 €0€

10  `†H
e
0€ *†H†÷

 €$€‚
Content-Type: multipart/alternative; boundary="----=_NextPart_000_001F_01DB0049.494AE7E0" This is a multipart message in MIME format. ------=_NextPart_000_001F_01DB0049.494AE7E0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit ‚Yes, I can start a draft agenda and include this. From: Mark Lizar <mark@transparencylab.ca> Sent: Friday, September 6, 2024 10:23 AM To: Salvatore D'Agostino <sal@idmachines.com> Cc: wg-ancr@kantarainitiative.org Subject: Re: [WG-ANCR] Next Steps - Notice and Consent Receipt v2, Hi Sal, (ANCR WG) Thanks for tea’ing this up. The challenges to completing work, which we have discussed at length through submissions of proposals for funding, are addressed if we collaborate with DGSI, move the CR V2 work there, and then update the TP-Scheme. 27560, which is now chaired by Jan and Harsh, has a new number 27569, to add the other legal justifications to the 27560 standard. The aim is to submit a comment from ANCR, to ISO as well as via the Canadian SC27 Mirror Committee, that KI ANCR WG, is collaborating with DGSI, to submit a draft update to 27560, for 27569. Perhaps we can add something towards, addressing roles, distinguishing permission from consent, not identifying the individual be default, but making this the choice of the PII principal, with personal data control. Specified specifically to Conv 108+ - (which is mirrored by GDPR) to address Article - 13-17, 31 and 88. The so that the spec can be used by other standards to demonstrate compliance with these Articles. I am talking with Jan and Harsh about this, this week, and intend to virtualy attend the meeting for this at the end of the month. Ideally, we can approve a) the contribution and collaboration with DGSI , b) the ANCR comment submitted to Canadian Mirror Committee, and subsequently ISO for the next meeting, (aka by the end of the next week. Can you add these to the agenda? I will aim to get drafts over to the work group, asap. Best, Mark On 6 Sep 2024, at 09:31, Salvatore D'Agostino <sal@idmachines.com <mailto:sal@idmachines.com> > wrote: Dear Mark, The opportunity with DGSI, the upcoming ISO meeting, and the need to complete the publications on our roadmap, requires us to focus on these projects/publications to take advantage of this. The direction below does not change the work or the direction of what we have underway. In all cases we need to finalize the scope and get out the TPI/TPS, and CRv2. I suggest that we use the majority of the meeting to assess where we are at, and what we commit to accomplishing. Sincerely, Sal From: Mark Lizar <mark@transparencylab.ca <mailto:mark@transparencylab.ca> > Sent: Thursday, September 5, 2024 11:45 PM To: wg-ancr@kantarainitiative.org <mailto:wg-ancr@kantarainitiative.org> Subject: [WG-ANCR] Re: Next Steps - Notice and Consent Receipt v2, Dear WG, There has been some good forward movement on resolving long outstanding issues in advancing the work from the ANCR WG. Below I explain why I would like to propose that we take our v2 notice and consent receipt work to Data Governance Standards Institute (DGSI), a Canadian national standards body, as soon as possible. For those of you who don’t know, there are some known challenges to progress the notice and consent receipt work. In summary: * Originally called the MVCR [Minimum Viable Consent Receipt], it was taken too soon to ISO and named 27560 Consent record information structure, without the CISWG’s knowledge * At ISO, it was politicised and diluted by numerous national inputs until it was unable to address the core issues of notice and consent * Consent requires open and standard transparency; its strength, integrity and viability depend on it. This is why the MVCR is a notice receipt, that anyone can use to consent with, Consent is essentially based on a notice record information structure, which is what ISO/IEC 29184 is focused on, as well as some very specific laws,. able to be used autonomously to demonstrate consent * It was specified to the ISO/IEC 29100 security and privacy framework which was open, but its l‚atest update is not * It was specified for ISO/IEC 291284 Online Privacy notice and consent standard, (see Appendix D 29184). This standard is not open (exclusive), so not operational as a international transparency and identity governance standard * Finally, 27560 the consent record information structure makes a fundamental error by confusing consent (managed by humans) with permission (managed by services) * Whats more, continuing this work via Kantara has a dis-advantage, As Kantara is not a national standard body, making a Special Interest Group, for Authc with members from national stakeholder a non viable path. For these reasons and more, the ANCR WG has always been viewed as a place to incubate standards for industry and regulatory use. This is why we have worked on a companion TP-Scheme that uses this specification to demonstrate conformance and compliance. The idea being that we, the ANCR WG, work on the scheme, and support its use and extension for a Kantara programme, or one that Kantara collaborates with. The ANCR WG demo, in collaboration with a specification at DGS is what is ultimately being proposed here as the immediate path forward DGSI are now recognised, accredited to make national and international standards, and have a direct route to ISO/IEC. Even more importantly, DGSI have an arrangement with ISO because their standards are open, the standards put forward to ISO will also be free and open to access. This provides us with a clear path for our v2 Notice and Consent specification to ISO, with national regulatory input, at no cost. To this end, the next plenary for ISO is coming up at the end of this month and comment is needed next week (w/c 9 September). I suggest we put forward to the 27560 that we have a proposed v2 to be developed in collaboration with DGSI, and that we have a TPS at Kantara, to assess validity of consent, Suggesting We move the TP-Scheme forward in this context - and from this context work on the AuthC SiG. Please comment and respond before next weeks meeting (Wed 12th of September) - Mark _______________________________________________ A Community Group mailing list of <http://kantarainitiative.org/> KantaraInitiative.org Wg-ancr mailing list -- <mailto:wg-ancr@kantarainitiative.org> wg-ancr@kantarainitiative.org To unsubscribe send an email to <mailto:staff@kantarainitiative.org> staff@kantarainitiative.org List archives -- <https://mailman.kantarainitiative.org/hyperkitty/list/wg-ancr@kantarainitiative.org/> https://mailman.kantarainitiative.org/hyperkitty/list/wg-ancr@kantarainitiat... ______ Group wiki -- <https://kantara.atlassian.net/wiki/spaces/Wg-ancr> https://kantara.atlassian.net/wiki/spaces/Wg-ancr ------=_NextPart_000_001F_01DB0049.494AE7E0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable ‚<html xmlns:v=3D"urn:schemas-microsoft-com:vml" = xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" = xmlns=3D"http://www.w3.org/TR/REC-html40"><head><meta = http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8"><meta = name=3DGenerator content=3D"Microsoft Word 15 (filtered = medium)"><style><!-- /* Font Definitions */ @font-face {font-family:Helvetica; panose-1:2 11 6 4 2 2 2 2 2 4;} @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:"Yu Gothic"; panose-1:2 11 4 0 0 0 0 0 0 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Aptos;} @font-face {font-family:"\@Yu Gothic"; panose-1:2 11 4 0 0 0 0 0 0 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; font-size:12.0pt; font-family:"Aptos",sans-serif;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} span.apple-converted-space {mso-style-name:apple-converted-space;} span.EmailStyle21 {mso-style-type:personal-reply; font-family:"Aptos",sans-serif; color:windowtext;} .MsoChpDefault {mso-style-type:export-only; font-size:10.0pt; mso-ligatures:none;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.WordSection1 {page:WordSection1;} /* List Definitions */ @list l0 {mso-list-id:608463848; mso-list-template-ids:-932029938;} @list l0:level1 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:.5in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l0:level2 {mso-level-number-format:bullet; mso-level-text:o; mso-level-tab-stop:1.0in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:"Courier New"; mso-bidi-font-family:"Times New Roman";} @list l0:level3 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:1.5in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l0:level4 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:2.0in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l0:level5 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:2.5in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l0:level6 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:3.0in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l0:level7 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:3.5in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l0:level8 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:4.0in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l0:level9 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:4.5in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l1 {mso-list-id:1159730770; mso-list-template-ids:349612658;} @list l1:level1 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:.5in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l1:level2 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:1.0in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l1:level3 {mso-level-‚number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:1.5in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l1:level4 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:2.0in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l1:level5 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:2.5in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l1:level6 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:3.0in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l1:level7 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:3.5in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l1:level8 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:4.0in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l1:level9 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:4.5in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l2 {mso-list-id:1483963873; mso-list-template-ids:-583513582;} @list l2:level1 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:.5in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l2:level2 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:1.0in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l2:level3 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:1.5in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l2:level4 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:2.0in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l2:level5 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:2.5in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l2:level6 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:3.0in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l2:level7 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:3.5in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l2:level8 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:4.0in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l2:level9 {mso-level-number-format:bullet; mso-level-text:=EF=82=B7; mso-level-tab-stop:4.5in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} ol {margin-bottom:0in;} ul {margin-bottom:0in;} --></style><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--></head><body lang=3DEN-US link=3Dblue = vlink=3Dpurple style=3D'word-wrap:break-word'><div = class=3DWordSection1><p class=3DMsoNormal><span = style=3D'font-size:11.0pt'>Yes, I can start a draft agenda and include = this.<o:p></o:p></span></p><p class=3DMsoNormal><span = style=3D'font-size:11.0pt'‚><o:p> </o:p></span></p><div><div = style=3D'border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in = 0in 0in'><p class=3DMsoNormal><b><span = style=3D'font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span><= /b><span style=3D'font-size:11.0pt;font-family:"Calibri",sans-serif'> = Mark Lizar <mark@transparencylab.ca> <br><b>Sent:</b> Friday, = September 6, 2024 10:23 AM<br><b>To:</b> Salvatore D'Agostino = <sal@idmachines.com><br><b>Cc:</b> = wg-ancr@kantarainitiative.org<br><b>Subject:</b> Re: [WG-ANCR] Next = Steps - Notice and Consent Receipt = v2,<o:p></o:p></span></p></div></div><p = class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal>Hi Sal, = (ANCR WG)  <o:p></o:p></p><div><p = class=3DMsoNormal><o:p> </o:p></p></div><div><p = class=3DMsoNormal>Thanks for tea=E2=80=99ing this up.  The = challenges to completing work, which we have discussed at length through = submissions of proposals for funding, are addressed if we collaborate = with DGSI, move the CR V2 work there, and then update the = TP-Scheme. <o:p></o:p></p></div><div><p = class=3DMsoNormal><o:p> </o:p></p></div><div><p = class=3DMsoNormal> 27560, which is now chaired by Jan and Harsh, = has a new number 27569, to add the other legal justifications to the = 27560 standard.   The aim is to submit a comment from ANCR, to ISO = as well as via the Canadian SC27 Mirror Committee, that KI ANCR WG, is = collaborating with DGSI, to submit a draft update to 27560, for = 27569. <o:p></o:p></p></div><div><p = class=3DMsoNormal><o:p> </o:p></p></div><div><p = class=3DMsoNormal>Perhaps we can add something towards, addressing = roles, distinguishing permission from consent, not identifying the = individual be default, but making this the choice of the PII principal, = with  personal data control.  Specified specifically to Conv = 108+ - (which is mirrored by GDPR) to address Article - 13-17, 31 and = 88.  <o:p></o:p></p></div><div><p = class=3DMsoNormal><o:p> </o:p></p></div><div><p = class=3DMsoNormal>The so that the spec can be used by other standards to = demonstrate compliance with these Articles.  I am talking with Jan = and Harsh about this, this week, and intend to virtualy attend the = meeting for this at the end of the = month. <o:p></o:p></p></div><div><p = class=3DMsoNormal><o:p> </o:p></p></div><div><p = class=3DMsoNormal>Ideally, we can = approve <o:p></o:p></p></div><div><p class=3DMsoNormal>a) the = contribution and collaboration with DGSI = , <o:p></o:p></p></div><div><p class=3DMsoNormal>b) the ANCR = comment submitted to Canadian Mirror Committee, and subsequently ISO for = the next meeting, (aka by the end of the next = week. <o:p></o:p></p></div><div><p = class=3DMsoNormal><o:p> </o:p></p></div><div><p = class=3DMsoNormal>Can you add these to the agenda?   I will aim to = get drafts over to the work group, = asap. <o:p></o:p></p></div><div><p = class=3DMsoNormal><o:p> </o:p></p></div><div><p = class=3DMsoNormal>Best, <o:p></o:p></p></div><div><p = class=3DMsoNormal><o:p> </o:p></p></div><div><p = class=3DMsoNormal>Mark <o:p></o:p></p></div><div><p = class=3DMsoNormal> <o:p></o:p></p></div><div><div><p = class=3DMsoNormal><br><br><o:p></o:p></p><blockquote = style=3D'margin-top:5.0pt;margin-bottom:5.0pt'><div><p = class=3DMsoNormal>On 6 Sep 2024, at 09:31, Salvatore D'Agostino <<a = href=3D"mailto:sal@idmachines.com">sal@idmachines.com</a>> = wrote:<o:p></o:p></p></div><p = class=3DMsoNormal><o:p> </o:p></p><div><div><p = class=3DMsoNormal><span style=3D'font-size:11.0pt'>Dear = Mark,</span><o:p></o:p></p></div><div><p class=3DMsoNormal><span = style=3D'font-size:11.0pt'> </span><o:p></o:p></p></div><div><p = class=3DMsoNormal><span style=3D'font-size:11.0pt'>The opportunity with = DGSI, the upcoming ISO meeting, and the need to complete the = publications on our roadmap, requires us to focus on th‚ese = projects/publications to take advantage of = this.</span><o:p></o:p></p></div><div><p class=3DMsoNormal><span = style=3D'font-size:11.0pt'> </span><o:p></o:p></p></div><div><p = class=3DMsoNormal><span style=3D'font-size:11.0pt'>The direction below = does not change the work or the direction of what we have underway. In = all cases we need to finalize the scope and get out the TPI/TPS, and = CRv2.</span><o:p></o:p></p></div><div><p class=3DMsoNormal><span = style=3D'font-size:11.0pt'> </span><o:p></o:p></p></div><div><p = class=3DMsoNormal><span style=3D'font-size:11.0pt'>I suggest that we use = the majority of the meeting to assess where we are at, and what we = commit to accomplishing.</span><o:p></o:p></p></div><div><p = class=3DMsoNormal><span = style=3D'font-size:11.0pt'> </span><o:p></o:p></p></div><div><p = class=3DMsoNormal><span = style=3D'font-size:11.0pt'>Sincerely,</span><o:p></o:p></p></div><div><p = class=3DMsoNormal><span = style=3D'font-size:11.0pt'>Sal</span><o:p></o:p></p></div><div><p = class=3DMsoNormal><span = style=3D'font-size:11.0pt'> </span><o:p></o:p></p></div><div><p = class=3DMsoNormal><span = style=3D'font-size:11.0pt'> </span><o:p></o:p></p></div><div><div = style=3D'border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in = 0in 0in;border-color:currentcolor currentcolor;border-image: = none'><div><p class=3DMsoNormal><b><span = style=3D'font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span><= /b><span class=3Dapple-converted-space><span = style=3D'font-size:11.0pt;font-family:"Calibri",sans-serif'> </span>= </span><span = style=3D'font-size:11.0pt;font-family:"Calibri",sans-serif'>Mark Lizar = <<a = href=3D"mailto:mark@transparencylab.ca">mark@transparencylab.ca</a>><b= r><b>Sent:</b><span class=3Dapple-converted-space> </span>Thursday, = September 5, 2024 11:45 PM<br><b>To:</b><span = class=3Dapple-converted-space> </span><a = href=3D"mailto:wg-ancr@kantarainitiative.org">wg-ancr@kantarainitiative.o= rg</a><br><b>Subject:</b><span = class=3Dapple-converted-space> </span>[WG-ANCR] Re: Next Steps - = Notice and Consent Receipt = v2,</span><o:p></o:p></p></div></div></div><div><p = class=3DMsoNormal> <o:p></o:p></p></div><div><div><p = class=3DMsoNormal><span = style=3D'font-size:10.5pt;font-family:"Arial",sans-serif;color:black;back= ground:white'>Dear = WG, </span><o:p></o:p></p></div></div><div><div><p = class=3DMsoNormal><span = style=3D'font-size:10.5pt;font-family:"Arial",sans-serif;color:black;back= ground:white'><br><br><br></span><o:p></o:p></p></div></div><div><div = style=3D'margin-bottom:8.0pt'><p = style=3D'margin-bottom:8.0pt;background:white'><span = style=3D'font-size:10.5pt;font-family:"Arial",sans-serif;color:black'>The= re has been some good forward movement on resolving long outstanding = issues in advancing the work from the ANCR WG. Below I explain why I = would like to propose that we take our v2 notice and consent receipt = work to Data Governance Standards Institute (DGSI), a Canadian national = standards body, as soon as possible. </span><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif'><o:p></o:p><= /span></p><p style=3D'margin-bottom:8.0pt;background:white'><span = style=3D'font-size:10.5pt;font-family:"Arial",sans-serif;color:black'>For= those of you who don=E2=80=99t know, there are some known challenges to = progress the notice and consent receipt work. In = summary: </span><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif'><o:p></o:p><= /span></p><ul style=3D'margin-top:0in' type=3Ddisc><li class=3DMsoNormal = style=3D'mso-list:l2 level1 lfo1;background:white'><span = style=3D'font-size:10.5pt;font-family:"Arial",sans-serif;color:black'>Ori= ginally called the MVCR [Minimum Viable Consent Receipt], it was taken = too soon to ISO and named 27560 Consent record information structure, = without the CISWG=E2=80=99s knowledge </span><o:p></o:p></li><li = class‚=3DMsoNormal style=3D'mso-list:l2 level1 = lfo1;background:white'><span = style=3D'font-size:10.5pt;font-family:"Arial",sans-serif;color:black'>At = ISO, it was politicised and diluted by numerous national inputs until it = was unable to address the core issues of notice and = consent </span><o:p></o:p></li><li class=3DMsoNormal = style=3D'mso-list:l2 level1 lfo1;background:white'><span = style=3D'font-size:10.5pt;font-family:"Arial",sans-serif;color:black'>Con= sent requires open and standard transparency; its strength, integrity = and viability depend on it. This is why the MVCR is a notice receipt, = that anyone can use to consent with, Consent is essentially based on a = notice record information structure, which is what ISO/IEC 29184 is = focused on, as well as some very specific laws,.  able to be used = autonomously to demonstrate consent </span><o:p></o:p></li></ul><ul = style=3D'margin-top:0in' type=3Ddisc><ul style=3D'margin-top:0in' = type=3Dcircle><li class=3DMsoNormal style=3D'mso-list:l0 level2 = lfo2;background:white'><span = style=3D'font-size:10.5pt;font-family:"Arial",sans-serif;color:black'>It = was specified to the ISO/IEC 29100 security and privacy framework which = was open, but its latest update is not </span><o:p></o:p></li><li = class=3DMsoNormal style=3D'mso-list:l0 level2 = lfo2;background:white'><span = style=3D'font-size:10.5pt;font-family:"Arial",sans-serif;color:black'>It = was specified for ISO/IEC 291284 Online Privacy notice and consent = standard, (see Appendix D 29184). This standard is not open (exclusive), = so not operational as a international transparency and identity = governance standard </span><o:p></o:p></li></ul></ul><ul = style=3D'margin-top:0in' type=3Ddisc><li class=3DMsoNormal = style=3D'mso-list:l1 level1 lfo3;background:white'><span = style=3D'font-size:10.5pt;font-family:"Arial",sans-serif;color:black'>Fin= ally, 27560 the consent record information structure makes a fundamental = error by confusing consent (managed by humans) with permission (managed = by services) </span><o:p></o:p></li><li class=3DMsoNormal = style=3D'mso-list:l1 level1 lfo3;background:white'><span = style=3D'font-size:10.5pt;font-family:"Arial",sans-serif;color:black'>Wha= ts more, continuing this work via Kantara has a dis-advantage, As = Kantara is not a national standard body, making a Special Interest = Group, for Authc with members from national stakeholder a non viable = path.   </span><o:p></o:p></li></ul><p = style=3D'margin-bottom:8.0pt;background:white'><span = style=3D'font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>&= nbsp;</span><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif'><o:p></o:p><= /span></p><p style=3D'margin-bottom:8.0pt;background:white'><span = style=3D'font-size:10.5pt;font-family:"Arial",sans-serif;color:black'>For= these reasons and more,  the ANCR WG has always been viewed = as a place to incubate standards for industry and regulatory use. This = is why we have worked on a companion TP-Scheme that uses this = specification to demonstrate conformance and compliance. The idea being = that we, the ANCR WG, work on the scheme, and support its use and = extension for a Kantara programme, or one that Kantara collaborates = with. </span><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif'><o:p></o:p><= /span></p><p style=3D'margin-bottom:8.0pt;background:white'><span = style=3D'font-size:10.5pt;font-family:"Arial",sans-serif;color:black'>The= ANCR WG demo, in collaboration with a specification at  DGS = is what is ultimately being proposed here as the immediate path = forward </span><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif'><o:p></o:p><= /span></p><p style=3D'margin-bottom:8.0pt;background:white'><span = style=3D'font-size:10.5pt;font-family:"Arial",sans-serif;color:black'>DGS= I are now recognised, accredited to make national and international = standards, and have a‚ direct route to ISO/IEC. Even more importantly, = DGSI have an arrangement with ISO because their standards are open, the = standards put forward to ISO will also be free and open to access. =  This provides us with a clear path for our v2 Notice and Consent = specification to ISO, with national regulatory input, at no = cost. </span><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif'><o:p></o:p><= /span></p><p style=3D'margin-bottom:8.0pt;background:white'><span = style=3D'font-size:10.5pt;font-family:"Arial",sans-serif;color:black'>To = this end, the next plenary for ISO is coming up at the end of this month = and comment is needed next week (w/c 9 September).</span><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif'><o:p></o:p><= /span></p><p style=3D'margin-bottom:8.0pt;background:white'><span = style=3D'font-size:10.5pt;font-family:"Arial",sans-serif;color:black'>I = suggest we put forward to the 27560 that we have a proposed v2 to be = developed in collaboration with   DGSI, and that we have a TPS at = Kantara,  to assess validity of consent,   </span><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif'><o:p></o:p><= /span></p><p style=3D'margin-bottom:8.0pt;background:white'><span = style=3D'font-size:10.5pt;font-family:"Arial",sans-serif;color:black'>Sug= gesting We move the TP-Scheme forward in this context - and from this = context work on the AuthC SiG. </span><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif'><o:p></o:p><= /span></p><p style=3D'margin-bottom:8.0pt;background:white'><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black'>= Please comment and respond before next weeks meeting (Wed 12th of = September) </span><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif'><o:p></o:p><= /span></p><p style=3D'margin-bottom:8.0pt;background:white'><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black'>=  </span><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif'><o:p></o:p><= /span></p><p style=3D'margin-bottom:8.0pt;background:white'><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black'>= - Mark </span><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif'><o:p></o:p><= /span></p><div><p = class=3DMsoNormal> <o:p></o:p></p></div></div></div><div><div><p = class=3DMsoNormal> <o:p></o:p></p></div></div><p = class=3DMsoNormal><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif'>____________= ___________________________________<br>A Community Group mailing list = of<span class=3Dapple-converted-space> </span></span><a = href=3D"http://kantarainitiative.org/"><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif'>KantaraIniti= ative.org</span></a><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif'><br>Wg-ancr = mailing list --<span = class=3Dapple-converted-space> </span></span><a = href=3D"mailto:wg-ancr@kantarainitiative.org"><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif'>wg-ancr@kant= arainitiative.org</span></a><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif'><br>To = unsubscribe send an email to<span = class=3Dapple-converted-space> </span></span><a = href=3D"mailto:staff@kantarainitiative.org"><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif'>staff@kantar= ainitiative.org</span></a><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif'><br>List = archives --  </span><a = href=3D"https://mailman.kantarainitiative.org/hyperkitty/list/wg-ancr@kan= tarainitiative.org/"><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif'>https://mail= man.kantarainitiative.org/hyperkitty/list/wg-ancr@kantarainitiative.org/<= /span></a><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif'><br>______<b= r>Group wiki --<span = class=3Dapple-conve‚
ˆrted-space> </span></span><a = href=3D"https://kantara.atlassian.net/wiki/spaces/Wg-ancr"><span = style=3D'font-size:9.0pt;font-family:"Helvetica",sans-serif'>https://kant= ara.atlassian.net/wiki/spaces/Wg-ancr</span></a><o:p></o:p></p></div></bl= ockquote></div><p = class=3DMsoNormal><o:p> </o:p></p></div></div></body></html> ------=_NextPart_000_001F_01DB0049.494AE7E0--  ‚ü0‚`0‚H 

B€
E#ÈDµ0  *†H†÷

0J10 UUS10U  IdenTrust1'0%UIdenTrust Commercial Root CA 10 140116181223Z 340116181223Z0J10 UUS10U  IdenTrust1'0%UIdenTrust Commercial Root CA 10‚"0  *†H†÷


‚0‚ ‚
§PÞ?™=Ô3FñoQa‚²©Og‰]„ÙSÝ(Ù×ðÿ®•Cr™ùµ]|ŠÁBá1Ptс |͛!«C⬭^†nó ŠZ2œ¢ë”ùè\ ìÿ˜Ò¯q³ŽSŸN‡ï’ŒœìO20ˆK^WÄSÂö—Ùb+¿$bßÞ)KIx<“`ˆ"ü™Ú6È¢Ô,Tg5ns¿Xð€Ýå°¢&zÊà6¥õý·ï®?@õmZýÎ4Ê$Üt#]3]Ä
%ö0Ý]ŸàÕGœŽë¡»II؟[óŠä$äbOOÁ¯‹tšÑrˆjz
IÌŽFyƱژYúu!…eݐVÎû«¥`ÄùR°‹œ‡ù+# #v;÷3áÉóiùK¢àNŒ~“9„÷Dp~þZ屬ÑÌò5åIIÊVÉ=û}‹;ÁÂMÉO7é¡jßb.Ë5Qy,È%8ôúK§‰\œÒã 9†Jt|ÕY‡Â?N\Rô=÷R‚ñ꣬ýI4(óAˆ:îèÞÿ™_ºËèò¹P`À1Ósåí3tŸ ÄglðzU€FN–§ô>áöØ á3d+c×2^ŸùÀ{xo—Œ“šùœxz€‡×rtœUtx±ºánpºO ºhÃ{ÿ1ðs==”*±A þMˆeky3Ž×

£B0@0U

ÿ
0U

ÿ0

ÿ0UíDÀÓð‹î€{ŸBç&TȎ6v0  *†H†÷

‚
®2öŠK|Dva'(Í^Tï%Œãù)×®há”Xï..~SRŒ¶\ꈺ™‹P”ׂ€ßa “­ æÎÁò7”x°_œ³¢sž“8͍>°žûÀϱòì--Ì쪚³ª`‚-;Ä=WŠ–œužÓ0Í`ƒÓŽTñMfÀ]t@£î…~ÂwœèÁ§]R•íÉÝ%žmú©í£:4ÐY{ÚíPó5¿íëM1Ç`ôÚñ‡œâHâÆÅ7ûúuYf1G)Úvš邮Q÷ˆ#ši•b<åU€6×Tÿñ¹]ÎÔ#oØE„J[eï‰ݧ Ë¥%Ž ù
ð¢ÒôÈtŽ¡*HŽeÛÄâ%}럇[ TQ“JSì]Ê3íbýEÇ/[ÜX €9æú×þŠí=”JBtÔÃwYs͏FŸU8ïúè‘2ê—X"Þ8ÃÌŒmÉ3:j i? ÈêrŒc†#œm<–ž•àILª¢¹*œ6xíÃèFâ&YDuÙu‰QÍ„a`Ë]ù—"MŽ˜æãö[»®ÍÊJk^óQát+é~'§Ù™INø¥€Û%cbŠÉ3gk<ƒÆ­ÞšÍŽð7qŸò«üAõÁ‹ì7] åN€ïú±\8¥JáÜ8-<Ü«ÕJœîÑplÌîôWøº„n‡0‚œ0‚„ 
@
žáê<zÌ>BO„˜0  *†H†÷

0:10 UUS10U  IdenTrust10UTrustID CA A140 240425192606Z 260426192506Z0M1!0 *†H†÷

sal@idmachines.com1(0&UA01410C0000018F16B8E1DC00130CBB0‚
"0  *†H†÷


‚
0‚
‚

žêPV”_›FŒÞÇYÞ»1w@ ÿÈÈr/n䜻uo‹BŠZ@^üȌ €»‡wýVá!Ž˜ó‡}gk°

:¥4:ütÅe"°³Xɺ&XºðpÓ²œ”>º’˜EÍ?z ¬bœ^5á¯ôRiÓïVOgLaèÕ².úrÑF~ÃöÕ?ô5,Ë
™Åú2¯áâœú"Eƕš­•Ž›5õ4Åk~C†…ŽP*Òf‡nTnhğÈ*£}ÞIŒºÝ€VÛÄ—TÞĊEh\8º‡º ù]BÊÑÈQ…i1¢/vNþŠÆk'’5²;6ÿËènë®0 |=

£‚
‰0‚
…0U

ÿ00U

ÿ 0„+


x0v00+
0
†$http://commercial.ocsp.identrust.com0B+
0†6http://validation.identrust.com/certs/trustidcaa14.p7c0U#0€ÂÔD™ qÏHVŸŽh8\§·÷EŒ0#U 00 g

0 `†H
†ù/
0EU>0<0: 8 6†4http://validation.identrust.com/crl/trustidcaa14.crl0U0sal@idmachines.com0U6(Óqï/ØD@Ø;lmXæSE~0U%0 +
0  *†H†÷

‚
°`ó0Äùê2`'3™–V-ŠÔý.ÛvéñNF‰$~L/2†A2õþ€èCŠ(á£Ãüûdï\×;!)GùÓ¬NÍÏÐÖ®ê˜òrš¥%]TaË#ÑQ÷²ŸÖ/ªÆÛä$]IÙNØCÓ*Yœµ°ôHàî+Ȋ壪aóò‘œyJl[RU‰†*wœZº•é%¹v9N6–¬N}íàœ³so4=µ#Ü)„}MÅQWãQüÊoHÖþÿ©€ðMoÊÌ^ªê,®‹j³± Li;I)¡Øâ&È:÷—€ôÿՋ”ç<fëñA±°ßÙm°x~š-Çu<ΐ˜ýŒ>>U±5íkªmÀÇÏë€|Ô`îME“‡aˆ³ž©)&€sGriûi=њïfhµîuø$Ѐqà 6ÅÆ<™A<šÄލArƒ7À¢dŒÀ£0ŠbZ’Í»ÄÏž.î£ú§™Bì)

! Ûª¬Éã#jÕäb‰ß“úätâV\—1”èÑÄNŽ ÓÝÝ ^ÐGŠÜ]šb¹ÜÞFûn­}Ácô2’ŽÅ]OÝ 1ö)ÉË .†"La\‘W!!ì˜Rjž­[Ø@ðҐ{ìKÆ+ÜZ3ٙ%¯Áf{ž"ÀƒË7WF¯€\¬1vyӮĉ0‚ô0‚Ü 
@
‰ÿÒiÚwÂéÕM’M0  *†H†÷

0J10 UUS10U  IdenTrust1'0%UIdenTrust Commercial Root CA 10 230816192846Z 330812192845Z0:10 UUS10U  IdenTrust10UTrustID CA A140‚"0  *†H†÷


‚0‚ ‚
è©õŒ±éäÙËíX€ËF`e‰ð—¬ûÃA`kX»0DžÙ9b€ÜrÁ…›ñRñÕ׫²3È÷‹6u/!²Öa§? Œ§8lxn×î™%ûf¬<€²Ñ»X$=-
Ÿ‰à§Æ„Í£Eðiù’ëžÅFÖ{ePH»òÒßqEK tG˜€%œ£¹yP2`A6ìL[Nä\͘ҧ»Ó À[:‘«CQR ã™L|7ž0ídj¢Et«¹}Ì •u÷@ž òxb× Æ°K=°1dªØØWÐ.ïvkª r Xý(bšFr|qG ԉñ³ÿ£|\3òÚtÈ:ÒXTߌô…Bp`¡Â`”•@±[xoÄR^.W°ŠöŠ@Á„ƒÃéž7¯Ì;Œ=Us¯Ø$YÂîníºË*tÅùÛò\† oþåê'Y‘. xp,¬\¿åù!³I.EÛË7ߒÔh—Ž[ˆP:4£ÿ]|×2`vZXtZ+cÒŒ~ÚÖP!!4Ó3“aózG]w—Ëí=.DÜ"X¯jë]êq?偧â!»‚aææVBJFQCj)(ñ"• êÀÈ"
ˆ©&?žR§gßûƒ‹--Ùùt=€µK7w‘¬eÀ#×k%ã3Ö)ŠÁåwsšxh:ÂÝ 8Ÿmí&Û5®€i"\OŽEÝ

£‚
ä0‚
à0U

ÿ0

ÿ
0U

ÿ
†0‰+


}0{00+
0
†$http://commercial.ocsp.identrust.com0G+
0†;http://validation.identrust.com/roots/commercialrootca1.p7c0U#0€íDÀÓð‹î€{ŸBç&TȎ6v0_U X0V0TU 0L0J+

>https://secure.identrust.com/certificates/policy/ts/index.html0JUC0A0? = ;†9http://validation.identrust.com/crl/commercialrootca1.crl0UÂÔD™ qÏHVŸŽh8\§·÷EŒ0AU%:08+
+
 +

‚7  +

‚7 +

‚7 0  *†H†÷

‚
•ò][i]ãR®hÝE#+ 9’q’7%‰,˜Lyaž`VRÐے|ìAs«ÊœkYPÄ܏dw S_ǔS¡Šá°ˆèö(1Ü@ žæŒ&tš-B9̧å˜Ú“Tt³Ý¿xQ¿0_¬óã°lÏ>Çc@±]NDì[£]ùb9"
f›“kj¬ØçÀɬ“Å»µû]5O®šªJ}ø@/S䗁":MÄ ››¥ÜI
p’Î-'- W™Ì»/MNΟaŒ@,µˆtí ¿ۙøÎxÒ]ªK'EhŽ2»‡ëô¬EØÍìÁjìñƒ“K³Ô g£JGÌüž«b]aÕ6„췁»m>Ë¡Ér"HA)ãÔ®r"D‰Šë$™\4Áì­wš"0ØëQœ%Dœ‘Їg†ë˜‹ZÏ]\ח¹IŽ¶l#@0â èÜ’;š£_àº,•÷íèjA=UéO‰Æ0üôȐÖAg!Y6 ô*s!YT™–ÉŒ¿é©J^íxàÝN}ý+Š°L%Rm
ü?â›™“/[ìs$ßÃÿeZ((ôjˆœ›dÓ±x*EB;2‹SšDåêìÄXyÈ͈Ï3ké/ÒysáÎZªf²žÍ~º£±}EÐ*)K]b8NU¢f1‚<0‚8

0N0:10 UUS10U  IdenTrust10UTrustID CA A14@
žáê<zÌ>BO„˜0  `†H
e
 ‚
¿0 *†H†÷
1 *†H†÷

0 *†H†÷
1 240906144109Z0/ *†H†÷
1" žÕ“Å1ȉ•¿*!°Å>Yƒ»ÀºœA D*¥zÎ0] +

‚71P0N0:10 UUS10U  IdenTrust10UTrustID CA A14@
žáê<zÌ>BO„˜0_*†H†÷
1P N0:10 UUS10U  IdenTrust10UTrustID CA A14@
žáê<zÌ>BO„˜0“ *†H†÷
1…0‚0 `†H
e
*0 `†H
e
0 *†H†÷ 0 `†H
e
0*†H†÷ €0 *†H†÷ 
@0 `†H
e
0 `†H
e0 `†H
e0+0  *†H†÷


‚
$¿ËÔÕ~NžQý1œœë!ÞKTe,®'ûZa\ˆc#»}‘hA}ˆkÊÞ͉ŒQÓo¡Ÿº€±
™Aoÿ-ö"`ÄÇóN ÷”²eúnBÁDê Ô;2é@t?"ï¿ßSþ¯ÞN–ŸdóI±[+lñH8D±ç¥ÊÓÕYPe!lŒ‘ÜB»Í ùk4šÖÔe;\çaÖ«)W`Û%Nç /àôÊA|*`Ê!uT!tGiŒ&0ÒT¹Ã\“›JŒ#ÖÈÍS~åîzCÿ L"k¯˱­„_¢ò˜à¬è¥1Û9Ìþne[Ö€è(ì[ÀÎá