UMA business-legal telecon notes 2019-06-18
https://kantarainitiative.org/confluence/display/uma/UMA+legal+subgroup+note... 2019-06-18 Attending: Eve, Lisa, Thomas Lisa has uncovered some discomfort with UCITA in communities we care about, which may give us pause about our references to it in the Business Model report as a source of uniform language. See this source <http://www.ucitaonline.com/> for some of the controversy. Section 2 of our report says "A possible challenge to implementing a user-centric access sharing protocol has been the lack of a set of uniform default contractual rules for the exchange of personal digital assets. Fortunately, UMA may leverage the Uniform Computer Information Transaction Act (“UCITA”) as one source of default contractual rules upon which the licensing of access rights to personal digital assets may be based." We haven't yet canonicalized *any* standard boilerplate, so we're probably not in any danger of "exciting those antibodies", but it's something to watch out for. Lisa notes that, from the P7012 perspective, fast progress is desired – but when the totality of options is presented, people can easily get overwhelmed. Is it practical to define a Data Subject as either a natural or a legal person, as has been suggested? Architecturally, yes, it could be. But our analysis suggests that defining it this way is unhelpful and possibly harmful, because: - UMA's primary aim is to aid "Alice" the individual (a natural person) - GDPR and many other laws/regulations/policies define data subjects as natural persons and exclude legal persons from this role - Conflating natural and legal persons is generally confusing So let's stick to *Data Subject as just a Natural Person*. We've been looking for a term for the person (Person? Natural/Legal? or only stick to Natural?) who is in a "proxy" role in our business use cases. If Proxy doesn't work, Tim was suggesting Representative or Legal Representative. Examples he has provided: "Personal Representatives, Executors, parents of minors, guardians appointed for minors, Conservators, guardians for elders, corporate proxies, etc." While Data Subject is human, the Representative could be a Natural or Legal Person. Given this, that's probably a good rationale for *not* adding the word Legal on the front of the term, since that makes it ambiguous (iow, it's a "legal representative" whether it's a legal person or a natural person). So let's call it *Representative*. The point of finding and defining this name is that it's a name for a the party when they're acting on behalf of the Data Subject, not acting in an UMA flow capacity – even though (Representative == Resource Rights Administrator) in the same way that (Service Provider == Relying Party) in federated identity. The first role is about inherent value-add and the second role is about specialty protocol dance. In the future, we might want to have a term with a definition like this, but we don't yet: *(some phrase): The Legal Person to which a Protected Resource relates.* We know there are use cases like this – "enterprise UMA" use cases. Maybe we just say "Legal Person" for now, and we talk about the Protected Resources that relate to them; those resources are not personal data of the Legal Persons (though the resources may contain the personal data of individuals). *Eve Maler*Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
I wonder if using the term "legal person" may create issues since: In jurisprudence, a *natural person* is a *person* (in *legal *meaning, i.e., one who has its own *legal personality*) that is an individual human being, as opposed to a *legal person*, which may be a private (i.e., business *entity* or non-governmental organization) or public (i.e., government) organization. I would suggest staying with "natural person" On Tue, Jun 18, 2019 at 12:45 PM Eve Maler <eve@xmlgrrl.com> wrote:
https://kantarainitiative.org/confluence/display/uma/UMA+legal+subgroup+note... 2019-06-18
Attending: Eve, Lisa, Thomas
Lisa has uncovered some discomfort with UCITA in communities we care about, which may give us pause about our references to it in the Business Model report as a source of uniform language. See this source <http://www.ucitaonline.com/> for some of the controversy. Section 2 of our report says "A possible challenge to implementing a user-centric access sharing protocol has been the lack of a set of uniform default contractual rules for the exchange of personal digital assets. Fortunately, UMA may leverage the Uniform Computer Information Transaction Act (“UCITA”) as one source of default contractual rules upon which the licensing of access rights to personal digital assets may be based." We haven't yet canonicalized *any* standard boilerplate, so we're probably not in any danger of "exciting those antibodies", but it's something to watch out for. Lisa notes that, from the P7012 perspective, fast progress is desired – but when the totality of options is presented, people can easily get overwhelmed.
Is it practical to define a Data Subject as either a natural or a legal person, as has been suggested? Architecturally, yes, it could be. But our analysis suggests that defining it this way is unhelpful and possibly harmful, because:
- UMA's primary aim is to aid "Alice" the individual (a natural person) - GDPR and many other laws/regulations/policies define data subjects as natural persons and exclude legal persons from this role - Conflating natural and legal persons is generally confusing
So let's stick to *Data Subject as just a Natural Person*.
We've been looking for a term for the person (Person? Natural/Legal? or only stick to Natural?) who is in a "proxy" role in our business use cases. If Proxy doesn't work, Tim was suggesting Representative or Legal Representative. Examples he has provided: "Personal Representatives, Executors, parents of minors, guardians appointed for minors, Conservators, guardians for elders, corporate proxies, etc." While Data Subject is human, the Representative could be a Natural or Legal Person. Given this, that's probably a good rationale for *not* adding the word Legal on the front of the term, since that makes it ambiguous (iow, it's a "legal representative" whether it's a legal person or a natural person). So let's call it *Representative*.
The point of finding and defining this name is that it's a name for a the party when they're acting on behalf of the Data Subject, not acting in an UMA flow capacity – even though (Representative == Resource Rights Administrator) in the same way that (Service Provider == Relying Party) in federated identity. The first role is about inherent value-add and the second role is about specialty protocol dance.
In the future, we might want to have a term with a definition like this, but we don't yet:
*(some phrase): The Legal Person to which a Protected Resource relates.*
We know there are use cases like this – "enterprise UMA" use cases. Maybe we just say "Legal Person" for now, and we talk about the Protected Resources that relate to them; those resources are not personal data of the Legal Persons (though the resources may contain the personal data of individuals).
*Eve Maler*Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
-- Rich Furr 704-560-3801 Skype: rich.furr2
I agree. Natural Person is the warm blooded Human Entity. And form a legal perspective "Representative" would be an "Agent" as defined within the Law of Agenc <https://en.wikipedia.org/wiki/Law_of_agency>y which are well accepted terms. "called the *agent*, that is authorized to act on behalf of another (called the principal <https://en.wikipedia.org/wiki/Principal_(commercial_law)>) to create legal relations with a third party" -- -jim Jim Willeke On Tue, Jun 18, 2019 at 5:29 PM Rich Furr <kmrfsmb@gmail.com> wrote:
I wonder if using the term "legal person" may create issues since: In jurisprudence, a *natural person* is a *person* (in *legal *meaning, i.e., one who has its own *legal personality*) that is an individual human being, as opposed to a *legal person*, which may be a private (i.e., business *entity* or non-governmental organization) or public (i.e., government) organization.
I would suggest staying with "natural person"
On Tue, Jun 18, 2019 at 12:45 PM Eve Maler <eve@xmlgrrl.com> wrote:
https://kantarainitiative.org/confluence/display/uma/UMA+legal+subgroup+note... 2019-06-18
Attending: Eve, Lisa, Thomas
Lisa has uncovered some discomfort with UCITA in communities we care about, which may give us pause about our references to it in the Business Model report as a source of uniform language. See this source <http://www.ucitaonline.com/> for some of the controversy. Section 2 of our report says "A possible challenge to implementing a user-centric access sharing protocol has been the lack of a set of uniform default contractual rules for the exchange of personal digital assets. Fortunately, UMA may leverage the Uniform Computer Information Transaction Act (“UCITA”) as one source of default contractual rules upon which the licensing of access rights to personal digital assets may be based." We haven't yet canonicalized *any* standard boilerplate, so we're probably not in any danger of "exciting those antibodies", but it's something to watch out for. Lisa notes that, from the P7012 perspective, fast progress is desired – but when the totality of options is presented, people can easily get overwhelmed.
Is it practical to define a Data Subject as either a natural or a legal person, as has been suggested? Architecturally, yes, it could be. But our analysis suggests that defining it this way is unhelpful and possibly harmful, because:
- UMA's primary aim is to aid "Alice" the individual (a natural person) - GDPR and many other laws/regulations/policies define data subjects as natural persons and exclude legal persons from this role - Conflating natural and legal persons is generally confusing
So let's stick to *Data Subject as just a Natural Person*.
We've been looking for a term for the person (Person? Natural/Legal? or only stick to Natural?) who is in a "proxy" role in our business use cases. If Proxy doesn't work, Tim was suggesting Representative or Legal Representative. Examples he has provided: "Personal Representatives, Executors, parents of minors, guardians appointed for minors, Conservators, guardians for elders, corporate proxies, etc." While Data Subject is human, the Representative could be a Natural or Legal Person. Given this, that's probably a good rationale for *not* adding the word Legal on the front of the term, since that makes it ambiguous (iow, it's a "legal representative" whether it's a legal person or a natural person). So let's call it *Representative*.
The point of finding and defining this name is that it's a name for a the party when they're acting on behalf of the Data Subject, not acting in an UMA flow capacity – even though (Representative == Resource Rights Administrator) in the same way that (Service Provider == Relying Party) in federated identity. The first role is about inherent value-add and the second role is about specialty protocol dance.
In the future, we might want to have a term with a definition like this, but we don't yet:
*(some phrase): The Legal Person to which a Protected Resource relates.*
We know there are use cases like this – "enterprise UMA" use cases. Maybe we just say "Legal Person" for now, and we talk about the Protected Resources that relate to them; those resources are not personal data of the Legal Persons (though the resources may contain the personal data of individuals).
*Eve Maler*Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
-- Rich Furr 704-560-3801 Skype: rich.furr2 _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
Just one more thought. I have worked fairly extensively with and still have connections with quite a few folks in the EU who work ID management both with the Commission and ETSI. The EU/ETSI accept legal persons as valid subscribers. See the following from ETSI EN 319 411-1, Electronic Signatures and Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates; Part 1: General requirements: 5.4.2 Subscriber and subject In the framework of the present policies, the subject can be: • a natural person; • a natural person identified in association with a legal person; • a legal person (that can be an Organization or a unit or a department identified in association with an Organization); or • a device or system operated by or on behalf of a natural or legal person. Granted this spec deals with PKI certificates Also EU REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC uses the term legal person as noted above. In fact "COMMISSION IMPLEMENTING REGULATION (EU) 2015/1502 of 8 September 2015 on setting out minimum technical specifications and procedures for assurance levels for electronic identification means pursuant to Article 8(3) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market" specifically provides for identity proofing of both natural AND legal persons. Granted these are EU provisions, but, they definitely determine that legal and natural persons are different and, I believe, fully conform with the noted meanings used in jurisprudence. Rich On Wed, Jun 19, 2019 at 5:32 AM Jim Willeke <jim@willeke.com> wrote:
I agree. Natural Person is the warm blooded Human Entity. And form a legal perspective "Representative" would be an "Agent" as defined within the Law of Agenc <https://en.wikipedia.org/wiki/Law_of_agency>y which are well accepted terms. "called the *agent*, that is authorized to act on behalf of another (called the principal <https://en.wikipedia.org/wiki/Principal_(commercial_law)>) to create legal relations with a third party"
-- -jim Jim Willeke
On Tue, Jun 18, 2019 at 5:29 PM Rich Furr <kmrfsmb@gmail.com> wrote:
I wonder if using the term "legal person" may create issues since: In jurisprudence, a *natural person* is a *person* (in *legal *meaning, i.e., one who has its own *legal personality*) that is an individual human being, as opposed to a *legal person*, which may be a private (i.e., business *entity* or non-governmental organization) or public (i.e., government) organization.
I would suggest staying with "natural person"
On Tue, Jun 18, 2019 at 12:45 PM Eve Maler <eve@xmlgrrl.com> wrote:
https://kantarainitiative.org/confluence/display/uma/UMA+legal+subgroup+note... 2019-06-18
Attending: Eve, Lisa, Thomas
Lisa has uncovered some discomfort with UCITA in communities we care about, which may give us pause about our references to it in the Business Model report as a source of uniform language. See this source <http://www.ucitaonline.com/> for some of the controversy. Section 2 of our report says "A possible challenge to implementing a user-centric access sharing protocol has been the lack of a set of uniform default contractual rules for the exchange of personal digital assets. Fortunately, UMA may leverage the Uniform Computer Information Transaction Act (“UCITA”) as one source of default contractual rules upon which the licensing of access rights to personal digital assets may be based." We haven't yet canonicalized *any* standard boilerplate, so we're probably not in any danger of "exciting those antibodies", but it's something to watch out for. Lisa notes that, from the P7012 perspective, fast progress is desired – but when the totality of options is presented, people can easily get overwhelmed.
Is it practical to define a Data Subject as either a natural or a legal person, as has been suggested? Architecturally, yes, it could be. But our analysis suggests that defining it this way is unhelpful and possibly harmful, because:
- UMA's primary aim is to aid "Alice" the individual (a natural person) - GDPR and many other laws/regulations/policies define data subjects as natural persons and exclude legal persons from this role - Conflating natural and legal persons is generally confusing
So let's stick to *Data Subject as just a Natural Person*.
We've been looking for a term for the person (Person? Natural/Legal? or only stick to Natural?) who is in a "proxy" role in our business use cases. If Proxy doesn't work, Tim was suggesting Representative or Legal Representative. Examples he has provided: "Personal Representatives, Executors, parents of minors, guardians appointed for minors, Conservators, guardians for elders, corporate proxies, etc." While Data Subject is human, the Representative could be a Natural or Legal Person. Given this, that's probably a good rationale for *not* adding the word Legal on the front of the term, since that makes it ambiguous (iow, it's a "legal representative" whether it's a legal person or a natural person). So let's call it *Representative*.
The point of finding and defining this name is that it's a name for a the party when they're acting on behalf of the Data Subject, not acting in an UMA flow capacity – even though (Representative == Resource Rights Administrator) in the same way that (Service Provider == Relying Party) in federated identity. The first role is about inherent value-add and the second role is about specialty protocol dance.
In the future, we might want to have a term with a definition like this, but we don't yet:
*(some phrase): The Legal Person to which a Protected Resource relates.*
We know there are use cases like this – "enterprise UMA" use cases. Maybe we just say "Legal Person" for now, and we talk about the Protected Resources that relate to them; those resources are not personal data of the Legal Persons (though the resources may contain the personal data of individuals).
*Eve Maler*Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
-- Rich Furr 704-560-3801 Skype: rich.furr2 _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
-- Rich Furr 704-560-3801 Skype: rich.furr2
Jim sounds good here. Agent or representative would be good On Wed, Jun 19, 2019 at 5:32 AM Jim Willeke <jim@willeke.com> wrote:
I agree. Natural Person is the warm blooded Human Entity. And form a legal perspective "Representative" would be an "Agent" as defined within the Law of Agenc <https://en.wikipedia.org/wiki/Law_of_agency>y which are well accepted terms. "called the *agent*, that is authorized to act on behalf of another (called the principal <https://en.wikipedia.org/wiki/Principal_(commercial_law)>) to create legal relations with a third party"
-- -jim Jim Willeke
On Tue, Jun 18, 2019 at 5:29 PM Rich Furr <kmrfsmb@gmail.com> wrote:
I wonder if using the term "legal person" may create issues since: In jurisprudence, a *natural person* is a *person* (in *legal *meaning, i.e., one who has its own *legal personality*) that is an individual human being, as opposed to a *legal person*, which may be a private (i.e., business *entity* or non-governmental organization) or public (i.e., government) organization.
I would suggest staying with "natural person"
On Tue, Jun 18, 2019 at 12:45 PM Eve Maler <eve@xmlgrrl.com> wrote:
https://kantarainitiative.org/confluence/display/uma/UMA+legal+subgroup+note... 2019-06-18
Attending: Eve, Lisa, Thomas
Lisa has uncovered some discomfort with UCITA in communities we care about, which may give us pause about our references to it in the Business Model report as a source of uniform language. See this source <http://www.ucitaonline.com/> for some of the controversy. Section 2 of our report says "A possible challenge to implementing a user-centric access sharing protocol has been the lack of a set of uniform default contractual rules for the exchange of personal digital assets. Fortunately, UMA may leverage the Uniform Computer Information Transaction Act (“UCITA”) as one source of default contractual rules upon which the licensing of access rights to personal digital assets may be based." We haven't yet canonicalized *any* standard boilerplate, so we're probably not in any danger of "exciting those antibodies", but it's something to watch out for. Lisa notes that, from the P7012 perspective, fast progress is desired – but when the totality of options is presented, people can easily get overwhelmed.
Is it practical to define a Data Subject as either a natural or a legal person, as has been suggested? Architecturally, yes, it could be. But our analysis suggests that defining it this way is unhelpful and possibly harmful, because:
- UMA's primary aim is to aid "Alice" the individual (a natural person) - GDPR and many other laws/regulations/policies define data subjects as natural persons and exclude legal persons from this role - Conflating natural and legal persons is generally confusing
So let's stick to *Data Subject as just a Natural Person*.
We've been looking for a term for the person (Person? Natural/Legal? or only stick to Natural?) who is in a "proxy" role in our business use cases. If Proxy doesn't work, Tim was suggesting Representative or Legal Representative. Examples he has provided: "Personal Representatives, Executors, parents of minors, guardians appointed for minors, Conservators, guardians for elders, corporate proxies, etc." While Data Subject is human, the Representative could be a Natural or Legal Person. Given this, that's probably a good rationale for *not* adding the word Legal on the front of the term, since that makes it ambiguous (iow, it's a "legal representative" whether it's a legal person or a natural person). So let's call it *Representative*.
The point of finding and defining this name is that it's a name for a the party when they're acting on behalf of the Data Subject, not acting in an UMA flow capacity – even though (Representative == Resource Rights Administrator) in the same way that (Service Provider == Relying Party) in federated identity. The first role is about inherent value-add and the second role is about specialty protocol dance.
In the future, we might want to have a term with a definition like this, but we don't yet:
*(some phrase): The Legal Person to which a Protected Resource relates.*
We know there are use cases like this – "enterprise UMA" use cases. Maybe we just say "Legal Person" for now, and we talk about the Protected Resources that relate to them; those resources are not personal data of the Legal Persons (though the resources may contain the personal data of individuals).
*Eve Maler*Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
-- Rich Furr 704-560-3801 Skype: rich.furr2 _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
-- Rich Furr 704-560-3801 Skype: rich.furr2
Actually, for purposes of clarity in the division of UMA roles, we need to distinguish the Representative role here (as in the sense of full legal responsibility) from the agency appointment (with the ASO). For example, as a parent of two minors, I am legally responsible for them, going beyond being being their agent. As another example in the probate context, I have served as “Personal Representative” for a deceased’s estate. This gave me broad legal responsibility that included the ability to appoint agents for the estate. In the UMA context, the ASO (as agent) will be appointed by either the DS or the Representative of the DS. Tim Sent from my iPhone
On Jun 19, 2019, at 8:02 PM, Rich Furr <kmrfsmb@gmail.com> wrote:
Jim sounds good here. Agent or representative would be good
On Wed, Jun 19, 2019 at 5:32 AM Jim Willeke <jim@willeke.com> wrote: I agree. Natural Person is the warm blooded Human Entity. And form a legal perspective "Representative" would be an "Agent" as defined within the Law of Agency which are well accepted terms. "called the agent, that is authorized to act on behalf of another (called the principal) to create legal relations with a third party"
-- -jim Jim Willeke
On Tue, Jun 18, 2019 at 5:29 PM Rich Furr <kmrfsmb@gmail.com> wrote: I wonder if using the term "legal person" may create issues since: In jurisprudence, a natural person is a person (in legal meaning, i.e., one who has its own legal personality) that is an individual human being, as opposed to a legal person, which may be a private (i.e., business entity or non-governmental organization) or public (i.e., government) organization.
I would suggest staying with "natural person"
On Tue, Jun 18, 2019 at 12:45 PM Eve Maler <eve@xmlgrrl.com> wrote: https://kantarainitiative.org/confluence/display/uma/UMA+legal+subgroup+note... 2019-06-18 Attending: Eve, Lisa, Thomas Lisa has uncovered some discomfort with UCITA in communities we care about, which may give us pause about our references to it in the Business Model report as a source of uniform language. See this source for some of the controversy. Section 2 of our report says "A possible challenge to implementing a user-centric access sharing protocol has been the lack of a set of uniform default contractual rules for the exchange of personal digital assets. Fortunately, UMA may leverage the Uniform Computer Information Transaction Act (“UCITA”) as one source of default contractual rules upon which the licensing of access rights to personal digital assets may be based." We haven't yet canonicalized any standard boilerplate, so we're probably not in any danger of "exciting those antibodies", but it's something to watch out for. Lisa notes that, from the P7012 perspective, fast progress is desired – but when the totality of options is presented, people can easily get overwhelmed. Is it practical to define a Data Subject as either a natural or a legal person, as has been suggested? Architecturally, yes, it could be. But our analysis suggests that defining it this way is unhelpful and possibly harmful, because: UMA's primary aim is to aid "Alice" the individual (a natural person) GDPR and many other laws/regulations/policies define data subjects as natural persons and exclude legal persons from this role Conflating natural and legal persons is generally confusing So let's stick to Data Subject as just a Natural Person. We've been looking for a term for the person (Person? Natural/Legal? or only stick to Natural?) who is in a "proxy" role in our business use cases. If Proxy doesn't work, Tim was suggesting Representative or Legal Representative. Examples he has provided: "Personal Representatives, Executors, parents of minors, guardians appointed for minors, Conservators, guardians for elders, corporate proxies, etc." While Data Subject is human, the Representative could be a Natural or Legal Person. Given this, that's probably a good rationale for not adding the word Legal on the front of the term, since that makes it ambiguous (iow, it's a "legal representative" whether it's a legal person or a natural person). So let's call it Representative. The point of finding and defining this name is that it's a name for a the party when they're acting on behalf of the Data Subject, not acting in an UMA flow capacity – even though (Representative == Resource Rights Administrator) in the same way that (Service Provider == Relying Party) in federated identity. The first role is about inherent value-add and the second role is about specialty protocol dance. In the future, we might want to have a term with a definition like this, but we don't yet: (some phrase): The Legal Person to which a Protected Resource relates. We know there are use cases like this – "enterprise UMA" use cases. Maybe we just say "Legal Person" for now, and we talk about the Protected Resources that relate to them; those resources are not personal data of the Legal Persons (though the resources may contain the personal data of individuals).
Eve Maler Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
-- Rich Furr 704-560-3801 Skype: rich.furr2 _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
-- Rich Furr 704-560-3801 Skype: rich.furr2 _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
Thanks, Tim. And as some of our roles could be filled by either "bags of protoplasm" (human beings) or organizations, it's still useful for us to have two terms -- so I don't think we can entirely discard the term for the latter, whether we stick with Legal Person or decide to use some other term. For my money, we'd probably be over-rotating on the issue if we spend a lot more time hunting for another term. Legal Person seems commonly used (see, e.g., here <https://www.merriam-webster.com/legal/legal%20person> or here <https://www.law.cornell.edu/wex/legal_person>). But if people really want to take a look, we can. *Eve Maler*Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl On Wed, Jun 19, 2019 at 2:18 PM Tim Reiniger <tsreiniger@gmail.com> wrote:
Actually, for purposes of clarity in the division of UMA roles, we need to distinguish the Representative role here (as in the sense of full legal responsibility) from the agency appointment (with the ASO). For example, as a parent of two minors, I am legally responsible for them, going beyond being being their agent. As another example in the probate context, I have served as “Personal Representative” for a deceased’s estate. This gave me broad legal responsibility that included the ability to appoint agents for the estate. In the UMA context, the ASO (as agent) will be appointed by either the DS or the Representative of the DS.
Tim
Sent from my iPhone
On Jun 19, 2019, at 8:02 PM, Rich Furr <kmrfsmb@gmail.com> wrote:
Jim sounds good here. Agent or representative would be good
On Wed, Jun 19, 2019 at 5:32 AM Jim Willeke <jim@willeke.com> wrote:
I agree. Natural Person is the warm blooded Human Entity. And form a legal perspective "Representative" would be an "Agent" as defined within the Law of Agenc <https://en.wikipedia.org/wiki/Law_of_agency>y which are well accepted terms. "called the *agent*, that is authorized to act on behalf of another (called the principal <https://en.wikipedia.org/wiki/Principal_(commercial_law)>) to create legal relations with a third party"
-- -jim Jim Willeke
On Tue, Jun 18, 2019 at 5:29 PM Rich Furr <kmrfsmb@gmail.com> wrote:
I wonder if using the term "legal person" may create issues since: In jurisprudence, a *natural person* is a *person* (in *legal *meaning, i.e., one who has its own *legal personality*) that is an individual human being, as opposed to a *legal person*, which may be a private (i.e., business *entity* or non-governmental organization) or public (i.e., government) organization.
I would suggest staying with "natural person"
On Tue, Jun 18, 2019 at 12:45 PM Eve Maler <eve@xmlgrrl.com> wrote:
https://kantarainitiative.org/confluence/display/uma/UMA+legal+subgroup+note... 2019-06-18
Attending: Eve, Lisa, Thomas
Lisa has uncovered some discomfort with UCITA in communities we care about, which may give us pause about our references to it in the Business Model report as a source of uniform language. See this source <http://www.ucitaonline.com/> for some of the controversy. Section 2 of our report says "A possible challenge to implementing a user-centric access sharing protocol has been the lack of a set of uniform default contractual rules for the exchange of personal digital assets. Fortunately, UMA may leverage the Uniform Computer Information Transaction Act (“UCITA”) as one source of default contractual rules upon which the licensing of access rights to personal digital assets may be based." We haven't yet canonicalized *any* standard boilerplate, so we're probably not in any danger of "exciting those antibodies", but it's something to watch out for. Lisa notes that, from the P7012 perspective, fast progress is desired – but when the totality of options is presented, people can easily get overwhelmed.
Is it practical to define a Data Subject as either a natural or a legal person, as has been suggested? Architecturally, yes, it could be. But our analysis suggests that defining it this way is unhelpful and possibly harmful, because:
- UMA's primary aim is to aid "Alice" the individual (a natural person) - GDPR and many other laws/regulations/policies define data subjects as natural persons and exclude legal persons from this role - Conflating natural and legal persons is generally confusing
So let's stick to *Data Subject as just a Natural Person*.
We've been looking for a term for the person (Person? Natural/Legal? or only stick to Natural?) who is in a "proxy" role in our business use cases. If Proxy doesn't work, Tim was suggesting Representative or Legal Representative. Examples he has provided: "Personal Representatives, Executors, parents of minors, guardians appointed for minors, Conservators, guardians for elders, corporate proxies, etc." While Data Subject is human, the Representative could be a Natural or Legal Person. Given this, that's probably a good rationale for *not* adding the word Legal on the front of the term, since that makes it ambiguous (iow, it's a "legal representative" whether it's a legal person or a natural person). So let's call it *Representative*.
The point of finding and defining this name is that it's a name for a the party when they're acting on behalf of the Data Subject, not acting in an UMA flow capacity – even though (Representative == Resource Rights Administrator) in the same way that (Service Provider == Relying Party) in federated identity. The first role is about inherent value-add and the second role is about specialty protocol dance.
In the future, we might want to have a term with a definition like this, but we don't yet:
*(some phrase): The Legal Person to which a Protected Resource relates.*
We know there are use cases like this – "enterprise UMA" use cases. Maybe we just say "Legal Person" for now, and we talk about the Protected Resources that relate to them; those resources are not personal data of the Legal Persons (though the resources may contain the personal data of individuals).
*Eve Maler*Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
-- Rich Furr 704-560-3801 Skype: rich.furr2 _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
-- Rich Furr 704-560-3801 Skype: rich.furr2
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
“Legal Person” is widely used and unobjectionable in legal circles. It has the disadvantage of being quite opaque to non-lawyers. Is a “legal person” contrasted with an illegal one? “Natural Person” is also fine in legal circles, though on first blush it seems like it might have something to do with an Aretha Franklin song. I’ve used “Entity” and “Human,” but Entity works only because the context is already disambiguated as being part of IDs. CommonAccord.Org/index.php?action=list&file=G/Agt-Form-CmA/00/ID/Human/ <http://commonaccord.org/index.php?action=list&file=G/Agt-Form-CmA/00/ID/Human/> CommonAccord.Org/index.php?action=list&file=G/Agt-Form-CmA/00/ID/Entity/ <http://commonaccord.org/index.php?action=list&file=G/Agt-Form-CmA/00/ID/Entity/>
On Jun 20, 2019, at 5:57 AM, Eve Maler <eve@xmlgrrl.com <mailto:eve@xmlgrrl.com>> wrote:
Thanks, Tim. And as some of our roles could be filled by either "bags of protoplasm" (human beings) or organizations, it's still useful for us to have two terms -- so I don't think we can entirely discard the term for the latter, whether we stick with Legal Person or decide to use some other term.
For my money, we'd probably be over-rotating on the issue if we spend a lot more time hunting for another term. Legal Person seems commonly used (see, e.g., here <https://www.merriam-webster.com/legal/legal%20person> or here <https://www.law.cornell.edu/wex/legal_person>). But if people really want to take a look, we can.
Eve Maler Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
On Wed, Jun 19, 2019 at 2:18 PM Tim Reiniger <tsreiniger@gmail.com <mailto:tsreiniger@gmail.com>> wrote: Actually, for purposes of clarity in the division of UMA roles, we need to distinguish the Representative role here (as in the sense of full legal responsibility) from the agency appointment (with the ASO). For example, as a parent of two minors, I am legally responsible for them, going beyond being being their agent. As another example in the probate context, I have served as “Personal Representative” for a deceased’s estate. This gave me broad legal responsibility that included the ability to appoint agents for the estate. In the UMA context, the ASO (as agent) will be appointed by either the DS or the Representative of the DS.
Tim
Sent from my iPhone
On Jun 19, 2019, at 8:02 PM, Rich Furr <kmrfsmb@gmail.com <mailto:kmrfsmb@gmail.com>> wrote:
Jim sounds good here. Agent or representative would be good
On Wed, Jun 19, 2019 at 5:32 AM Jim Willeke <jim@willeke.com <mailto:jim@willeke.com>> wrote: I agree. Natural Person is the warm blooded Human Entity. And form a legal perspective "Representative" would be an "Agent" as defined within the Law of Agenc <https://en.wikipedia.org/wiki/Law_of_agency>y which are well accepted terms. "called the agent, that is authorized to act on behalf of another (called the principal <https://en.wikipedia.org/wiki/Principal_(commercial_law)>) to create legal relations with a third party"
-- -jim Jim Willeke
On Tue, Jun 18, 2019 at 5:29 PM Rich Furr <kmrfsmb@gmail.com <mailto:kmrfsmb@gmail.com>> wrote: I wonder if using the term "legal person" may create issues since: In jurisprudence, a natural person is a person (in legal meaning, i.e., one who has its own legal personality) that is an individual human being, as opposed to a legal person, which may be a private (i.e., business entity or non-governmental organization) or public (i.e., government) organization.
I would suggest staying with "natural person"
On Tue, Jun 18, 2019 at 12:45 PM Eve Maler <eve@xmlgrrl.com <mailto:eve@xmlgrrl.com>> wrote: https://kantarainitiative.org/confluence/display/uma/UMA+legal+subgroup+note... <https://kantarainitiative.org/confluence/display/uma/UMA+legal+subgroup+notes#UMAlegalsubgroupnotes-2019-06-18> 2019-06-18 Attending: Eve, Lisa, Thomas Lisa has uncovered some discomfort with UCITA in communities we care about, which may give us pause about our references to it in the Business Model report as a source of uniform language. See this source <http://www.ucitaonline.com/> for some of the controversy. Section 2 of our report says "A possible challenge to implementing a user-centric access sharing protocol has been the lack of a set of uniform default contractual rules for the exchange of personal digital assets. Fortunately, UMA may leverage the Uniform Computer Information Transaction Act (“UCITA”) as one source of default contractual rules upon which the licensing of access rights to personal digital assets may be based." We haven't yet canonicalized any standard boilerplate, so we're probably not in any danger of "exciting those antibodies", but it's something to watch out for. Lisa notes that, from the P7012 perspective, fast progress is desired – but when the totality of options is presented, people can easily get overwhelmed. Is it practical to define a Data Subject as either a natural or a legal person, as has been suggested? Architecturally, yes, it could be. But our analysis suggests that defining it this way is unhelpful and possibly harmful, because: UMA's primary aim is to aid "Alice" the individual (a natural person) GDPR and many other laws/regulations/policies define data subjects as natural persons and exclude legal persons from this role Conflating natural and legal persons is generally confusing So let's stick to Data Subject as just a Natural Person. We've been looking for a term for the person (Person? Natural/Legal? or only stick to Natural?) who is in a "proxy" role in our business use cases. If Proxy doesn't work, Tim was suggesting Representative or Legal Representative. Examples he has provided: "Personal Representatives, Executors, parents of minors, guardians appointed for minors, Conservators, guardians for elders, corporate proxies, etc." While Data Subject is human, the Representative could be a Natural or Legal Person. Given this, that's probably a good rationale for not adding the word Legal on the front of the term, since that makes it ambiguous (iow, it's a "legal representative" whether it's a legal person or a natural person). So let's call it Representative. The point of finding and defining this name is that it's a name for a the party when they're acting on behalf of the Data Subject, not acting in an UMA flow capacity – even though (Representative == Resource Rights Administrator) in the same way that (Service Provider == Relying Party) in federated identity. The first role is about inherent value-add and the second role is about specialty protocol dance. In the future, we might want to have a term with a definition like this, but we don't yet: (some phrase): The Legal Person to which a Protected Resource relates. We know there are use cases like this – "enterprise UMA" use cases. Maybe we just say "Legal Person" for now, and we talk about the Protected Resources that relate to them; those resources are not personal data of the Legal Persons (though the resources may contain the personal data of individuals).
Eve Maler Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org <mailto:WG-UMA@kantarainitiative.org> https://kantarainitiative.org/mailman/listinfo/wg-uma <https://kantarainitiative.org/mailman/listinfo/wg-uma>
-- Rich Furr 704-560-3801 Skype: rich.furr2 _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org <mailto:WG-UMA@kantarainitiative.org> https://kantarainitiative.org/mailman/listinfo/wg-uma <https://kantarainitiative.org/mailman/listinfo/wg-uma>
-- Rich Furr 704-560-3801 Skype: rich.furr2 _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org <mailto:WG-UMA@kantarainitiative.org> https://kantarainitiative.org/mailman/listinfo/wg-uma <https://kantarainitiative.org/mailman/listinfo/wg-uma>
WG-UMA mailing list WG-UMA@kantarainitiative.org <mailto:WG-UMA@kantarainitiative.org> https://kantarainitiative.org/mailman/listinfo/wg-uma <https://kantarainitiative.org/mailman/listinfo/wg-uma> _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org <mailto:WG-UMA@kantarainitiative.org> https://kantarainitiative.org/mailman/listinfo/wg-uma
I think lega person and natural person are quite acceptable and as noted widely used, so I vote for them and not to spend more time on it. Best, Rich On Thu, Jun 20, 2019 at 10:21 AM James Hazard <james.g.hazard@gmail.com> wrote:
“Legal Person” is widely used and unobjectionable in legal circles. It has the disadvantage of being quite opaque to non-lawyers. Is a “legal person” contrasted with an illegal one?
“Natural Person” is also fine in legal circles, though on first blush it seems like it might have something to do with an Aretha Franklin song.
I’ve used “Entity” and “Human,” but Entity works only because the context is already disambiguated as being part of IDs.
CommonAccord.Org/index.php?action=list&file=G/Agt-Form-CmA/00/ID/Human/ <http://commonaccord.org/index.php?action=list&file=G/Agt-Form-CmA/00/ID/Human/>
CommonAccord.Org/index.php?action=list&file=G/Agt-Form-CmA/00/ID/Entity/ <http://commonaccord.org/index.php?action=list&file=G/Agt-Form-CmA/00/ID/Entity/>
On Jun 20, 2019, at 5:57 AM, Eve Maler <eve@xmlgrrl.com> wrote:
Thanks, Tim. And as some of our roles could be filled by either "bags of protoplasm" (human beings) or organizations, it's still useful for us to have two terms -- so I don't think we can entirely discard the term for the latter, whether we stick with Legal Person or decide to use some other term.
For my money, we'd probably be over-rotating on the issue if we spend a lot more time hunting for another term. Legal Person seems commonly used (see, e.g., here <https://www.merriam-webster.com/legal/legal%20person> or here <https://www.law.cornell.edu/wex/legal_person>). But if people really want to take a look, we can.
*Eve Maler*Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
On Wed, Jun 19, 2019 at 2:18 PM Tim Reiniger <tsreiniger@gmail.com> wrote:
Actually, for purposes of clarity in the division of UMA roles, we need to distinguish the Representative role here (as in the sense of full legal responsibility) from the agency appointment (with the ASO). For example, as a parent of two minors, I am legally responsible for them, going beyond being being their agent. As another example in the probate context, I have served as “Personal Representative” for a deceased’s estate. This gave me broad legal responsibility that included the ability to appoint agents for the estate. In the UMA context, the ASO (as agent) will be appointed by either the DS or the Representative of the DS.
Tim
Sent from my iPhone
On Jun 19, 2019, at 8:02 PM, Rich Furr <kmrfsmb@gmail.com> wrote:
Jim sounds good here. Agent or representative would be good
On Wed, Jun 19, 2019 at 5:32 AM Jim Willeke <jim@willeke.com> wrote:
I agree. Natural Person is the warm blooded Human Entity. And form a legal perspective "Representative" would be an "Agent" as defined within the Law of Agenc <https://en.wikipedia.org/wiki/Law_of_agency>y which are well accepted terms. "called the *agent*, that is authorized to act on behalf of another (called the principal <https://en.wikipedia.org/wiki/Principal_(commercial_law)>) to create legal relations with a third party"
-- -jim Jim Willeke
On Tue, Jun 18, 2019 at 5:29 PM Rich Furr <kmrfsmb@gmail.com> wrote:
I wonder if using the term "legal person" may create issues since: In jurisprudence, a *natural person* is a *person* (in *legal *meaning, i.e., one who has its own *legal personality*) that is an individual human being, as opposed to a *legal person*, which may be a private (i.e., business *entity* or non-governmental organization) or public (i.e., government) organization.
I would suggest staying with "natural person"
On Tue, Jun 18, 2019 at 12:45 PM Eve Maler <eve@xmlgrrl.com> wrote:
https://kantarainitiative.org/confluence/display/uma/UMA+legal+subgroup+note... 2019-06-18
Attending: Eve, Lisa, Thomas
Lisa has uncovered some discomfort with UCITA in communities we care about, which may give us pause about our references to it in the Business Model report as a source of uniform language. See this source <http://www.ucitaonline.com/> for some of the controversy. Section 2 of our report says "A possible challenge to implementing a user-centric access sharing protocol has been the lack of a set of uniform default contractual rules for the exchange of personal digital assets. Fortunately, UMA may leverage the Uniform Computer Information Transaction Act (“UCITA”) as one source of default contractual rules upon which the licensing of access rights to personal digital assets may be based." We haven't yet canonicalized *any* standard boilerplate, so we're probably not in any danger of "exciting those antibodies", but it's something to watch out for. Lisa notes that, from the P7012 perspective, fast progress is desired – but when the totality of options is presented, people can easily get overwhelmed.
Is it practical to define a Data Subject as either a natural or a legal person, as has been suggested? Architecturally, yes, it could be. But our analysis suggests that defining it this way is unhelpful and possibly harmful, because:
- UMA's primary aim is to aid "Alice" the individual (a natural person) - GDPR and many other laws/regulations/policies define data subjects as natural persons and exclude legal persons from this role - Conflating natural and legal persons is generally confusing
So let's stick to *Data Subject as just a Natural Person*.
We've been looking for a term for the person (Person? Natural/Legal? or only stick to Natural?) who is in a "proxy" role in our business use cases. If Proxy doesn't work, Tim was suggesting Representative or Legal Representative. Examples he has provided: "Personal Representatives, Executors, parents of minors, guardians appointed for minors, Conservators, guardians for elders, corporate proxies, etc." While Data Subject is human, the Representative could be a Natural or Legal Person. Given this, that's probably a good rationale for *not* adding the word Legal on the front of the term, since that makes it ambiguous (iow, it's a "legal representative" whether it's a legal person or a natural person). So let's call it *Representative*.
The point of finding and defining this name is that it's a name for a the party when they're acting on behalf of the Data Subject, not acting in an UMA flow capacity – even though (Representative == Resource Rights Administrator) in the same way that (Service Provider == Relying Party) in federated identity. The first role is about inherent value-add and the second role is about specialty protocol dance.
In the future, we might want to have a term with a definition like this, but we don't yet:
*(some phrase): The Legal Person to which a Protected Resource relates.*
We know there are use cases like this – "enterprise UMA" use cases. Maybe we just say "Legal Person" for now, and we talk about the Protected Resources that relate to them; those resources are not personal data of the Legal Persons (though the resources may contain the personal data of individuals).
*Eve Maler*Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
-- Rich Furr 704-560-3801 Skype: rich.furr2 _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
-- Rich Furr 704-560-3801 Skype: rich.furr2
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
-- Rich Furr 704-560-3801 Skype: rich.furr2
participants (5)
-
Eve Maler -
James Hazard -
Jim Willeke -
Rich Furr -
Tim Reiniger