OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

coel message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] (COEL-180) Provide a mechanism for SP to authorize forgetting consumer

    [ https://issues.oasis-open.org/browse/COEL-180?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=67815#comment-67815 ] 

Joss Langford commented on COEL-180:

There are both security and data protection reasons not to allow a Consumer forget to happen without a specific Service Provider intervention (i.e. exclude standing agreements). The data protection issue the irretrievable loss of data and the security point is that this call is made without authorization credentials. If it was just privacy then something in chapter 11 (privacy by design) would be OK but, as it is security too, I think we need some in the main body to preclude the use of blanket agreements.

I understand the client issue for the Data Engine and I think the suggested approach to mark the consumer as 'to be forgotten' and prevent queries is sensible. The SP and DE would agree how to deal with the data – delete completely or render non-personal with anonymisation techniques. What would happen with the data from a ‘to be forgotten’ consumer in aggregate queries?

> Provide a mechanism for SP to authorize forgetting consumer
> -----------------------------------------------------------
>                 Key: COEL-180
>                 URL: https://issues.oasis-open.org/browse/COEL-180
>             Project: OASIS Classification of Everyday Living (COEL) TC
>          Issue Type: Bug
>            Reporter: David Snelling
>            Assignee: David Snelling
> We need to design a simple mechanism to allow SPs to control forgetting of Consumers. In the present implementation it always happens, which is spec compliant with the out of band channel being a SP/DE standing agreement to always forget a Consumer when requested by the Operator. Clearly not ideal.

This message was sent by Atlassian JIRA

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]