RE: RPE analysis

Folks,

For the call today, in case I’m not there, here are my comments on this, so you can make progress.

The glossary (section 5) is already in this document so that maps directly across.

[>>] Agreed.

The definitions of roles (section 2.1) can also go to the glossary.

[>>] Agreed.

I think we could create a non-normative section in the new document called ‘Privacy-by-design implementations’, it would contain:

Principles (section 3)
Actors, roles & responsibilities (section 2.1 grid, sections 2.2 – 2.6, section 4.1)

[>>] Agreed.

I think the data flows (section 4.2) is part of the overall COEL intro

[>>] Agreed. These are informative in nature rather than normative, like the UML sequence diagrams elsewhere in the specs.

The security material (section 4.3) could form the basis of a security section in the new document as previously discussed with a normative section.

[>>] Yes security should be normative. The authorisation bits I integrated last night are in the Glossary. They might need to be moved to the security section or referenced from there. Hard to say until we confirm the creation. Matt also created a security and privacy standards section (10). I feel we are starting to scatted the security issues around a bit too much.

If we had Security and Privacy sections in the new document, it might make sense to have a short, non-normative ‘Identity’ section that sets out how we envision interactions with identity solutions – essentially stating that the Unique Pseudonymous Key is a private subject key and that the Operator has the role of assessing and validating identity in the ecosystem.

[>>] Yes we should describe this in the non-normative section.

Regards

Joss

[>>] Possibly talk with you this afternoon.

Take care:

Dr. David Snelling < David . Snelling . UK . Fujitsu . com >

Senior Research Fellow / Fujitsu Distinguished Engineer

Fujitsu Laboratories of Europe Ltd.

+44-7590-293439 (Mobile)

coel message