W3C home > Mailing lists > Public > public-webpayments-ig@w3.org > February 2017

Verifiable Claims Telecon Minutes for 2017-01-31

From: <msporny@digitalbazaar.com>
Date: Wed, 01 Feb 2017 15:00:52 -0500
Message-Id: <1485979252087.0.16533@zoe>
To: Web Payments IG <public-webpayments-ig@w3.org>, Credentials CG <public-credentials@w3.org>
Thanks to Dan Burnett for scribing this week! The minutes
for this week's Verifiable Claims telecon are now available:

http://w3c.github.io/vctf/meetings/2017-01-31/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Verifiable Claims Telecon Minutes for 2017-01-31

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2017Jan/0046.html
Topics:
  1. Agenda Review and Introductions
  2. Status of Verifiable Claims WG creation
  3. Possible VCWG F2F week of March 21st 2017
  4. Use Cases Framework Discussion
Action Items:
  1. Chairs to verify with Staff contacts that meeting is okay 
    and they can attend.
  2. Joe Andrieu will update issues in github use cases repo.
Organizer:
  Manu Sporny
Scribe:
  Dan Burnett
Present:
  Dan Burnett, Manu Sporny, Shane McCarron, Nate Otto, Joe Kaplan, 
  Matt Stone, Gregg Kellogg, John Tibbetts, Adam Lake, Adrian 
  Gropper, Jonathan Holt, Adam Migus, Richard Varn, Dave Longley, 
  David I. Lehn, Joe Andrieu, Eric Korb, Rob Trainer
Audio:
  http://w3c.github.io/vctf/meetings/2017-01-31/audio.ogg

Dan Burnett is scribing.

Topic: Agenda Review and Introductions

Dan Burnett:  Want to give heads up about starting requirements 
  at some point on the call
Dan Burnett:  Will start a process to move from use cases to 
  requirements [scribe assist by Matt Stone]
Dan Burnett:  Look for email this week. [scribe assist by Matt 
  Stone]
Dan Burnett:  Purpose it to focus on the work on datamodel and 
  syntax document [scribe assist by Matt Stone]

Topic: Status of Verifiable Claims WG creation

Manu Sporny:  No update.  Chairs should reach out and take over 
  getting updates from them.
  ... Wendy Seltzer, Phil Archer, and Dave Raggett.  Will put you 
  in touch with them.

Topic: Possible VCWG F2F week of March 21st 2017

Manu Sporny:  Considering March 21st because of other groups 
  meeting in Chicago that week (payments, etc.).  Proposal is to 
  tack onto the beginning of their week.  VCWG, then Web Payments 
  IG (incl. digital offers), then Web Payments WG
  ... would be Tue/Wed for most of us, then payments for others.  
  if we want to do this, we need to announce and get a venue.  Does 
  group want to commit to meeting then?
Shane McCarron: There might be another venue option too - dezell 
  had some ideas.
Nate Otto: Is w3c membership required for this proposed meeting?
Joe Kaplan:   Is meeting open to the public?
Manu Sporny:   No, member only.
Matt Stone:  Chairs can make exceptions for guests/visitors
Manu Sporny:   The policy for Invited Experts has changed 
  recently.  Verify with W3C.  IPR concerns are always an issue.
  ... can ask, but may be difficult.
Dan Burnett:  This is one of the reasons for future meetings like 
  this, we may want to do this, future decision, we need to start 
  planning process earlier. If we're always going to be meeting w/ 
  WPIG, we need to work with them for determination of dates. 
  [scribe assist by Manu Sporny]
Dan Burnett:  For future meetings, we need to start planning 
  sooner.  And coordinate w/ the Payments group if we're going to 
  generally align dates [scribe assist by Matt Stone]
Manu Sporny:  This is as soon as we could do begin in this case.  
  payments just announced [scribe assist by Matt Stone]
Dan Burnett:  Don't want this to be a surprise in the future, we 
  need to have a meeting when the VCWG forms, we need to know about 
  this stuff as early as possible. [scribe assist by Manu Sporny]
Dan Burnett:  Thought our group was going to be a "public" group. 
  [scribe assist by Matt Stone]
Nate Otto: Alternative: Digital Badges & Credentials Summit in 
  Orlando, Feb 28, open to the public, but part of IMS Digital 
  Badges & Credentials initiative, to be followed by other meetings 
  that are limited to IMS members..
Nate Otto: We could probably get free space Wednesday March 1 
  during the Open Badges Community meeting, which is looking 
  sparsely attended. Good chance this group would be welcome if we 
  move quickly.
Nate Otto: 
  https://www.imsglobal.org/event/ims-february-2017-quarterly-meeting-and-summit-digital-credentials-and-badges
Gregg Kellogg:  What about policiies around the mailing list(s)?  
  Have they changed?
Manu Sporny:   Not that I know of.  The are member-only lists for 
  IPR-related discussions, but not for the general list.
Gregg Kellogg:   If we encourage the use of email then that gives 
  us an opportunity to be fairly open.
Shane McCarron:  It is not just the monetary value of members.  
  There are also IPR commitments that are needed.
  ... W3C is concerned about this.
Dan Burnett:  Yes, the chairs will be monitoring visitors to 
  ensure that comments from them do not cause potential IPR risks 
  for others.  Contributions will have to satisfy W3C IPR 
  disclosure requirements.
Shane McCarron: +1 For a meeting on 21 March in Chicago.
Shane McCarron:   Is it okay with Staff Contact for us to have 
  such a meeting?  Can they attend?
Matt Stone: Todo: (chair) confirm/coordinate w/ staff contact can 
  participate

ACTION: Chairs to verify with Staff contacts that meeting is okay 
  and they can attend.

Gregg Kellogg: +1
John Tibbetts: Unsure of attendance at this time
Shane McCarron: +1
Manu Sporny: +1 For Chicago meeting VCWG
Matt Stone: +1 For Chicago
Matt Stone:   Who thinsk we shoudl have this meeting?
Adam Lake: +1
Adrian Gropper: Busy
Matt Stone:   Any objections?
Adrian Gropper: -1
Jonathan Holt: Abstain, not a member yet.
John Tibbetts: +1 For having a meeting; ? if I can attend
Shane McCarron: (I note that I am happy meeting another time - 
  this was just convenient and it was my idea)
Dan Burnett:   We will also verify on the list for those who are 
  not on today's call.
Matt Stone:   There is sufficient interest for us to contact 
  Staff Contacts about this.
Jonathan Holt: I'm still trying to convince the ABMS to become a 
  member.  If unsuccessful, I will consider joining myself.

Topic: Use Cases Framework Discussion

Joe Kaplan:  Last week we focused on the prescription use case.  
  questions came up about privacy.
Joe Andrieu: 
  http://nvlpubs.nist.gov/nistpubs/ir/2017/NIST.IR.8062.pdf
Joe Kaplan:  We will discuss privacy engineering around this use 
  case today.
  ... anyone familiar with this approach?
Adam Migus: Me
Adam Migus:  Yes, I am
  ... reading Gropper's use case, what are the domains in this 
  use case and what is available for correlation across those 
  domains.
  ... there are phyiscian, patient, pharmacist, deliverer, state 
  monitoring service,
  ... adam, are these the entities?
John Tibbetts:   Sometimes it would be service and sometimes a 
  person who would reviewer.  The PVMP is a registry, the physician 
  is a person.
Joe Kaplan:  (Missed)
Jonathan Holt: Rx monitoring is a service, but Dr. needs to 
  review the Rx history for the patient.
Adam Migus:  Insurance not needed in the simplest possible case, 
  but for completeness yes.
  ... patient is allowed to pay cash by law
Joe Kaplan:  What info does the insurance system need in this 
  transaction.
Adam Migus:  Insurance introduces formulary that physician may 
  want to consult.  so adds two layers.
Joe Kaplan:  Formulary is what insurance will pay for (and how 
  much)
Jonathan Holt: Also consider the person picking up the Rx, could 
  be a family member of care giver.
  ... two external domains: pharma and marketing firms (not 
  inside trust boundary).  anything else?
Jonathan Holt:  Learning systems in medicine that monitor for 
  adverse reactions (eventually).  ongoing monitoring methods, but 
  we can leave off for now.
Adam Migus:  A complete list would include adverse drug reports 
  to FDA, for devices would need their identifiers to be tracked as 
  well .  both extetrnal registries
Joe Kaplan:   They are similar actors in that they prescribe 
  these.
Jonathan Holt: Also, labs in the future world of 
  Pharmacogenomics,  genome-informed medicine.  Future work.
Adam Migus:   Devices are required to have serial numbers by law
Joe Kaplan:  Prescription, delivery address, and patient id.  any 
  other data we need to track?
Jonathan Holt:  Person picking up prescription (caregiver, etc.).
Joe Kaplan:   Different from deliverer?
Jonathan Holt:   Deliverer is pharmacy.
Joe Kaplan:  Delivery services are because pharmacy may give to 
  someone to deliver
Richard Varn:  What about generic category of agent?  Could be 
  patient, caregiver, etc. who takes care of picking up, ordering, 
  etc.
  ... we may not know every possible function in advance.
Adrian Gropper: The pharmacy can deliver to the physician so only 
  the physician knows the patient - as in giving out samples
Joe Kaplan:   Sounds good.  historically delegation is complex.  
  delivery service/caregiver do fit under agent.
Matt Stone:  Regarding adverse drug reactions, this seems like a 
  new use case that would require deeper access
  ... let's not get too far away from delivering prescription
  ... don't go into what an adverse reaction is.  don't guess 
  about what we need to deliver to them.
Joe Kaplan:  Data set: prescrition, delivery address, patient 
  info. anything else?
Nate Otto:  Does PII include previous prescriptions?
Joe Kaplan:  Not in my definition.  is there a link in this 
  prescription to prior ones?
Adam Migus:   No.  in practice dr might consult a registry but 
  that doesn't need to be part of the use case.
Matt Stone: Correlation?
Joe Kaplan:  Part of what we don't want correlation around is 
  between this and other prescriptions.
Adam Migus:   We want to control but not prevent.
  ... in the opioid case we want to control for this even though 
  no registry is implied.
Joe Kaplan:  So maybe we need to monitor this as a data item.
  ... delivery address and patient identity also
Adam Migus:  Use agent and take delegation out of it.  context 
  and data actions are important and need to be dealt with 
  separately.
  ... if data actions are different with two prescriptions 
  separate them.
Manu Sporny: +1 To what Adam Migus just said
Joe Kaplan:  Let's make agency out of scope for this use case.
Matt Stone: +1
Adrian Gropper:  Fine by me.  have to deal with phys giving out 
  samples.  there is no pharmacy here.
Joe Kaplan:   Will include items that are out of scope for 
  certain use cases but included in general
  ... in each domain, need to identiy actions that occur in those 
  domains.
Adam Migus:   Context and domain are different.
  ... if we have either/or situations, deal with them using 
  separate data actions.
Joe Kaplan:  Re privacy, are there different contexts or a single 
  one?
Adam Migus:  Each use case has a context associated with it.
Joe Kaplan:  UC should have a single context.
Adam Migus:  The UC then would have data that traverses from 
  domain to domain.  context is relationship between dr and 
  prescribee, for example
Nate Otto: +1 To selecting a specific use case from the cluster 
  of options (i.e. explicitly deciding whether this case is 
  controlled substance vs not, who the delivery agent works for, 
  etc.)
  ... Sean (sp?) Brooks has spreadsheets that walk through the 
  entire privacy process.  Should I get those for us to use?  I 
  don't know if they're public.  If we can use them they will 
  really help this kind of discussion.  I'll try.
Manu Sporny: +1 To following the worksheets.
Joe Kaplan:   Great!
Adam Migus:  Will get back to you.
Joe Kaplan:  There are references to registries here and 
  assumptions around credentials.  How do we know Dr is authorized 
  to prescribe
Adrian Gropper:  Yep, very important.  for controlled substances, 
  ability to e-sign is dealt with by the Dr's employer.  For others 
  it is entirely at ?? discretion
  ... In typical case, checking credentials is at the option of 
  the pharmacy.
Joe Kaplan:  Can we pick one? (controlled or not, for this UC)
Adam Migus:   Yes, that was my point.  pick one.
Adrian Gropper:   We have to do both.
Adam Migus:  Start with non-controlled, then build a second UC on 
  top for controlled.
Jonathan Holt: Agree, do both.
  ... assuming controlled is more complex.
Manu Sporny:  So what's next?  joe needs to write up a summary of 
  the discussion and point people to it.
  ... will we have a google doc summarizing this or the 
  worksheets adam mentioned?
Joe Kaplan:  Will put my notes in the github issue. should it be 
  somewhere else?
Manu Sporny:   Use cases
  ... (use case issue)
Jonathan Holt:   For non-controlled it's often still done via 
  fax.  Controlled is more interesting.

ACTION: Joe Andrieu will update issues in github use cases repo.

  ... Need to do both, non-controlled first.
Adam Migus: Ok
Received on Wednesday, 1 February 2017 20:01:22 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:08:57 UTC