13:36:51 <RRSAgent> RRSAgent has joined #dpvcg
13:36:51 <RRSAgent> logging to https://www.w3.org/2022/04/27-dpvcg-irc
13:41:03 <harsh> ScribeNick: harsh
13:41:15 <harsh> Meeting: DPVCG Meeting Call
13:41:19 <harsh> Chair: harsh
13:41:42 <harsh> Present: harsh, georg, paul, julian, nishad, beatriz, mark
13:41:50 <harsh> Date: 27 APR 2022
13:42:16 <harsh> Agenda: https://lists.w3.org/Archives/Public/public-dpvcg/2022Apr/0026.html
13:42:32 <harsh> Previous minutes -> https://www.w3.org/2022/04/20-dpvcg-minutes.html
13:42:41 <harsh> Topic: Proposed concepts for Technology
13:50:11 <harsh> We have several concepts collected and proposed under the Technology extension (namespace dpv-tech). We are now discussing them for sufficiency, design, structuring, etc.
13:50:42 <harsh> Discussion consensus that the current list of terms is inadequate, and needs several other concepts that need to be represented. Propoals for these are welcome.
13:51:23 <harsh> Some potential sources for finding such terms are: ENISA reports, ISO standards, even Wikipedia entries where there is a list or taxonomy to adopt.
13:51:56 <harsh> For example, ENISA has a document on Data Protection Engineering that talks about concepts such as data security and encryption https://www.enisa.europa.eu/publications/data-protection-engineering
13:52:28 <harsh> Georg has proposed concepts related to plugins (e.g. wordpress plugins), scripts, stylesheets, fonts, etc.
13:53:35 <harsh> Paul has proposed concepts regarding Encryption at rest, Encryption in transit, Vulnerability scanning, SIEM, Firewalls, Patching, MFA / 2FA
13:53:56 <harsh> Mark has suggested inclusion of concepts associated with tracking and fingerprinting from https://privacytests.org/private.html
13:54:36 <harsh> In these discussions, the overlap and conflict between Technology and TOMs (Technical/Organisational Measures) is apparent as often times the concept seems to be duplicated.
13:55:14 <harsh> Our aim is to avoid duplication where possible. TOMs are 'abstract concepts' that specify a generic principle or concept, whereas the Technology concepts provide specific implementation details for how those are realised.
13:55:32 <harsh> An example is Encryption, which is a TOM, and then specific kinds of encryption which are technologies.
13:57:50 <harsh> This needs more introspection and discussion to have a clear criteria or explanation for separation or relation between the two.
13:58:17 <harsh> It would be beneficial, for example, to have a real-life product as an instance of Technology, and have an annotated list of TOMs is implements or provides. And vice-versa.
13:58:56 <harsh> In discussion of concepts, the notion of what is a 'Technology' came up, particularly in relation to the concept 'Service' with the argument that it may or may not be a service.
13:59:52 <harsh> For now, we exclude Service concept and focus on adding other concepts. The Digital Services Act may provide some reusable definitions for what is a service, or whether to define technology as being restricted to Digital Service.
14:00:15 <harsh> Topic: Next Meeting
14:00:48 <harsh> We will meet in 1 week on MAY-04 at the usual time slot 14:00 CEST
14:00:57 <harsh> Agenda will be continued discussion of these concepts.
14:01:28 <harsh> In the meantime, any updates or resources or proposed concepts should be shared via the mailing list and discussed there.
14:01:29 <harsh> zakim, bye
14:01:30 <Zakim> leaving.  As of this point the attendees have been harsh, georg, paul, julian, nishad, beatriz, mark
14:01:30 <Zakim> Zakim has left #dpvcg
14:01:40 <harsh> rrsagent, publish minutes v2
14:01:40 <RRSAgent> I have made the request to generate https://www.w3.org/2022/04/27-dpvcg-minutes.html harsh
14:01:45 <harsh> rrsagent, set logs world-visible
14:02:30 <harsh> rrsagent, bye
14:02:30 <RRSAgent> I see no action items