Responding to Mark and Lisa,

 

Lisa, Thanks for the pointer I will take a deeper look, I did not have the chance to do a deep dive in this area.

Mark, It is great to hear that this is of interest to you too. Let’s see how the discussion shapes up around this.

 

We had discussions around the use-cases you mentioned, but cannot seem to find the pointers to them.

 

--Cigdem

 

 

From: "Mark @ OC" <mark@openconsent.com>
Date: Wednesday, 8 May 2019 at 16:01
To: Cigdem Sengul <Cigdem.Sengul@nominet.uk>
Cc: Andrew Hughes <andrewhughes3000@gmail.com>, Tim Reiniger <tsreiniger@gmail.com>, "wg-uma@kantarainitiative.org WG" <wg-uma@kantarainitiative.org>
Subject: Re: [WG-UMA] Business model telecon notes for 2019-05-07

 

HI Cigdem, 

 

This has been a topic of interest for some time now.   Eve/Tim, if I recall,  have you both done a lot of work in terms of consent directives? (I have been out of the loop for awhile) 

 

Would anyone happen to have a pointer to the use cases for digital death scenario's or for when a person becomes an adult and wants to take over their own consent ?  (Personally, Its a great idea to update a profile with consent scopes and to link this to resource) 

 

Perhaps we can discuss via EIC ? 

 

Mark 

 



On 8 May 2019, at 13:47, Cigdem Sengul <Cigdem.Sengul@nominet.uk> wrote:

 

Thank you, 

This is very useful information. 

 

I brought up consent receipt in the call because I am wondering whether it is possible to enhance offer-negotiate-accept terms-record flow for consent receipts.

 

Namely, I’ve been thinking about whether consent receipt can act as a seed for creating a user policy and/or machine readable license which may be used to authorise future interactions of the user with the same service (which may be used by UMA AS).

 

Thanks,

--Cigdme 

 

 

 

 

From: WG-UMA <wg-uma-bounces@kantarainitiative.org> on behalf of Andrew Hughes <andrewhughes3000@gmail.com>
Date: Tuesday, 7 May 2019 at 18:45
To: Tim Reiniger <tsreiniger@gmail.com>
Cc: "wg-uma@kantarainitiative.org WG" <wg-uma@kantarainitiative.org>
Subject: Re: [WG-UMA] Business model telecon notes for 2019-05-07

 

The conceptual model that we have introduced in the Consent & Information Sharing WG is a simplistic version of concepts of contract/agreement law.

 

a) A 'vendor' makes a 'service' available

b) A 'person' discovers the 'service' and wishes to try it

c) The 'vendor' offers terms which describes the exchange of 'valuable consideration' i.e. services for money; product for goodwill; whatever for whatever...

d) The 'person' reviews and accepts or rejects the terms

e) Both parties have a 'meeting of the minds' and form an intent to make an agreement, then enter into that agreement 

f) Record keeping happens

g) The 'valuable consideration' is exchanged

h) The agreement ends at some future time for one of many possible reasons (completion of service or time are very common)

 

Clearly the exact sequence is case-specific. Also, there are many variations around offer-negotiate-accept terms - for user-centric and VRM-type flows, the first offer might be from the person rather than from the vendor. And so on.

The Personal Data Receipt (a.k.a. "Consent Receipt") arises at f). 'Vendors' keep records of agreements and interactions for operational and potentially regulatory reasons. Individuals are never offered a 'receipt' unless the interaction is a sales transaction (and even then, not always). The Personal Data Receipt is intended to be the person-side record that, once enough are accumulated in the person's vault/wallet, can be analyzed in the same way that Quicken or Mint analyses and manages financial statements and receipts.

 

An imperfect flow diagram of the above is here: 

with more text here:

 

On first glance, the "machine readable licence" shows up in c), d) and f). The specific form of the license is secondary to my mind - as long as it identifies the parties, describes the terms, describes the restrictions, and is tamper-evident - there are a few other properties...

 

So the 'consent receipt' is definitely not the same thing as the 'machine readable license' - but they probably occupy the same place in the 'agreement flow concept'.

 

CIS WG is creating v2 of the receipt spec - and it will be a generalized data receipt. It should be possible to create some kind of profile of the eventual v2 that accommodates the UMA license use case (or not - we can discuss)

 

andrew.

Andrew Hughes CISM CISSP 
In Turn Information Management Consulting

o  +1 650.209.7542
m +1 250.888.9474
1249 Palmer Road, Victoria, BC V8P 2H8
AndrewHughes3000@gmail.com 
https://www.linkedin.com/in/andrew-hughes-682058a
Digital Identity | International Standards | Information Security 

 

 

On Tue, May 7, 2019 at 10:22 AM Tim Reiniger <tsreiniger@gmail.com> wrote:

Looks like we need to solidify/formalize the “machine readable license” concept. Perhaps the easiest approach is to treat it as one type/application of a “smart contract” unless anyone has an objection.

 

Tim

Sent from my iPhone


On May 7, 2019, at 11:03 AM, Eve Maler <eve@xmlgrrl.com> wrote:

They can be found here: 

 

 

Eve Maler
Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl

 

_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
https://kantarainitiative.org/mailman/listinfo/wg-uma

_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
https://kantarainitiative.org/mailman/listinfo/wg-uma

_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
https://kantarainitiative.org/mailman/listinfo/wg-uma