search

decentralised-dataexchange / automated-data-agreements

This repository contains the specifications for Automated Data Agreement (ADA) Project. The project is part of NGI-eSSIF-Lab that has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 871932
Apache License 2.0
11 stars 6 forks source link

Updated to align with the ISO standards #8

Closed lalc closed 3 years ago

lalc commented 3 years ago

Please review

lalc commented 3 years ago

I would be missing a reference somewhere to the pii_subject.

It's as in the DA spec. pii-subject comes in during the capture phase.

Also, I would suggest using linked data proofs or similar: https://w3c-ccg.github.io/ld-proofs/#proof-algorithm. I think that would ease the adaptation and integration, as well as understanding the cryptographic suites and protocols to be able to perform those signatures.

Thanks. Will take care of this in the signature. Good point.

Finally, I am not sure if I understand what should happen with the PRs 6 and 7 of both Jan and me.

Your PR for adding vui-implementation can remain once you fix as discussed.

When it comes to updated the data-agreement schema, this will hold and my assumption was you have raised the PR for discussions.

JanLin commented 3 years ago

Recommend make some changes to the schema.

  1. Change field "data_retention_period_in_months" to "data_retention". The field name should include format of data. This shall be done descriptively.
  2. Jurisdiction example should simply be country. Remove Stockholm so it only reads "Sweden".
  3. The field "geographic_restriction" has example "Europe, Not restricted" which makes it unclear. The field when included is automatically a restriction. Instead includes basis for restriction which may be storage_location or jurisdiction. So either "Europe" or "Sweden".
  4. Add under "Name" category personal data a field indicating it is sensitive:

"attribute_sensitive": "True"

lalc commented 3 years ago

Recommend make some changes to the schema.

  1. Change field "data_retention_period_in_months" to "data_retention". The field name should include format of data. This shall be done descriptively.

Done

  1. Jurisdiction example should simply be country. Remove Stockholm so it only reads "Sweden".

Done

  1. The field "geographic_restriction" has example "Europe, Not restricted" which makes it unclear. The field when included is automatically a restriction. Instead includes basis for restriction which may be storage_location or jurisdiction. So either "Europe" or "Sweden".

Done

  1. Add under "Name" category personal data a field indicating it is sensitive: "attribute_sensitive": "True"

We had removed this earlier based on the discussion. Added this back now.