-
Type:
Task
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Component/s: Ballot request, OS Submission Ballot
-
Labels:None
-
Environment:
COEL
Submitted on Friday, October 5, 2018 - 13:45
Submitted by user:
Submitted values are:
Your name: Dave Snelling
TC name: Classification of Everyday Living TC
TC email address: coel@lists.oasis-open.org
Title: Classification of Everyday Living
Committee Specification URI:
https://www.oasis-open.org/apps/org/workgroup/coel/download.php/63359/COEL-v1.0-cs02.html
Committee Specification editable source URI(s):
docs.oasis-open.org/coel/COEL/v1.0/cs02/COEL-v1.0-cs02.docx,
docs.oasis-open.org/coel/COEL/v1.0/cs02/model/coel.json
Certification by the TC that all schema and XML instances are well-formed and
that expressions are valid: We so certify
Clear English-language summary of the specification: The OASIS COEL
specification provides a privacy-by-design framework for the collection and
processing of behavioural data. It is uniquely suited to the transparent use
of
dynamic data for personalised digital services, IoT applications where
devices
are collecting information about identifiable individuals and the coding of
behavioural data in identity solutions. The specification pseudonymises
personal
data at source and maintains a separation of different data types with
clearly
defined roles & responsibilities for all actors. All behavioural data are
defined as event-based packets. Every packet is connected directly to an
individual and can contain a summary of the consent they provided for the
processing of the data. A combination of a taxonomy of all human behaviours
(the
COEL model) and the event-based protocol provide a universal template for
data
portability. Simple interface specifications enforce the separation of roles
and
provide system-level interoperability.
Relationship of this specification to similar work:
Other OASIS IoT/MM Committees
OASIS Advanced Message Queuing Protocol (AMQP) Bindings and Mappings
(AMQP-BINDMAP) TC
Defining bindings and mappings of AMQP wire-level messaging protocol for
real-time data passing and business transactions
OASIS Advanced Message Queuing Protocol (AMQP) TC
Defining a ubiquitous, secure, reliable and open internet protocol for
handling
business messaging.
OASIS Message Queuing Telemetry Transport (MQTT) TC
Providing a lightweight publish/subscribe reliable messaging transport
protocol
suitable for communication in M2M/IoT contexts where a small code footprint
is
required and/or network bandwidth is at a premium.
OASIS Open Building Information Exchange (oBIX) TC
Enabling mechanical and electrical control systems in buildings to
communicate
with enterprise applications
Other OASIS Privacy-by-Design Committees
Cyber Standards Council
The voice of the cybersecurity user community
OASIS Biometric Services (BIOSERV) TC
Developing open standards that facilitate the use of biometrics and biometric
operations over a service-oriented architecture
OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) TC
Enabling the interoperable exchange of healthcare privacy policies, consent
directives, and authorizations
OASIS Cyber Threat Intelligence (CTI) TC
Supporting automated information sharing for cybersecurity situational
awareness, real-time network defense, and sophisticated threat analysis
OASIS Electronic Identity Credential Trust Elevation Methods (Trust
Elevation)
TC
Defining a set of standardized protocols to elevate trust in an electronic
identity
OASIS PKCS 11 TC
Enhancing PKCS #11 standard for cryptographic tokens controlling
authentication
information (personal identity, cryptographic keys, certificates, digital
signatures, biometric data)
OASIS Privacy by Design Documentation for Software Engineers (PbD-SE) TC
Enabling privacy to be embedded into IT system design and architecture
OASIS Privacy Management Reference Model (PMRM) TC
Providing a guideline for developing operational solutions to privacy issues
Non OASIS Related Activity
1. W3C Data Privacy Vocabularies and Controls Community Group
(https://www.w3.org/community/dpvcg/)
The mission of the W3C Data Privacy Vocabularies and Controls CG (DPVCG) is
to
develop a taxonomy of privacy terms, which include in particular terms from
the
new European General Data Protection Regulation (GDPR), such as a taxonomy of
personal data as well as a classification of purposes (i.e., purposes for
data
collection), and events of disclosures, consent, and processing such personal
data.
2. Kantara Consent Receipt Specification
(https://kantarainitiative.org/confluence/display/infosharing/Consent+Receipt+Specification)
A Consent Receipt is record of authority granted by a Personally Identifiable
Information (PII) Principal to a PII Controller for processing of the
Principal's PII. The record of consent is human-readable and can be
represented
as standard JSON. This specification defines the requirements for the
creation
of a consent record and the provision of a human-readable receipt. The
standard
includes requirements for links to existing privacy notices & policies as
well
as a description of what information has been or will be collected, the
purposes
for that collection as well as relevant information about how that
information
will be used or disclosed. This specification is based on current privacy and
data protection principles as set out in various data protection laws,
regulations and international standards.
3. MyData (https://mydata.org/)
MyData is a human centred approach in personal data management that combines
industry need to data with digital human rights. MyData is both an
alternative
vision and guiding technical principles for how we, as individuals, can have
more control over the data trails we leave behind us in our everyday actions.
The core idea is that we, you and I, should have an easy way to see where
data
about us goes, specify who can use it, and alter these decisions over time.
-Statements of Use-
Link to Statement of Use #1:
https://www.oasis-open.org/apps/org/workgroup/coel/email/archives/201808/msg00002.html
Link to Statement of Use #2:
https://www.oasis-open.org/apps/org/workgroup/coel/email/archives/201807/msg00008.html
Link to Statement of Use #3:
https://www.oasis-open.org/apps/org/workgroup/coel/email/archives/201808/msg00010.html
Additional Statements of Use:
https://www.oasis-open.org/apps/org/workgroup/coel/email/archives/201809/msg00017.html
https://www.oasis-open.org/apps/org/workgroup/coel/email/archives/201808/msg00004.html
https://www.oasis-open.org/apps/org/workgroup/coel/email/archives/201808/msg00003.html
-Public Reviews-
First public review announcement URI:
https://www.oasis-open.org/news/announcements/public-reviews-for-6-coel-classification-of-everyday-living-drafts-ends-dec-9th
Comment resolution log:
http://docs.oasis-open.org/coel/COEL/v1.0/csprd01/COEL-v1.0-csprd01-comment-resolution-log.xlsx
Additional public review announcement URIs:
Additional comment resolution log URIs: See notes.
Approval link:
https://www.oasis-open.org/apps/org/workgroup/coel/email/archives/201810/msg00006.html
Earlier attempts to standardize: No
Sources of explanatory information: www.coelition.org
Notes:
COEL is a business-to-business technology specification that makes it
possible
to treat the distinctive patterns of what we do as humans, and what we are
likely to do next, as a standard form of machine-readable data.
The specification allows easy portability for behavioural data, and this
portability drives innovation, reduces costs and maximises the value of data.
The COEL framework is transparent, open, and international by design.
Applications that use it can thus be trusted by individuals, other business
partners, interested non-Governmental bodies, and data privacy regulators in
a
wide range of jurisdictions around the world.
The COEL specification is a fundamentally person-centric IT standard. For
this
reason, it will be highly relevant to any organisation that wants to collect
and/or analyse data about individuals - including their active or passive
interactions with digital infrastructure and IoT devices. This type of
interaction between humans and infrastructure is required for the provision
of
personalised services to the individual, public health interventions,
research
data collection, and for the evaluation of identity and security risks.
Key features of the specification:
• The COEL roles framework provides a privacy-by-design governance
structure
for pseudonymous data about people's real-world, observable behaviours. The
purpose of both the pseudonymisation-at-source and structured role
definitions
is to enhance security and privacy.
• The COEL event coding (the Atom) provides a syntactic structure for
recording, representing, transmitting and analysing any observable human
behavioural event. The resulting data is micro-structured – preserving the
insight potential of unstructured data while providing the audit and
compliance
benefits of structured data. Each Atom is an independent record of an event,
facilitating the creation insight from multiple sources with no data
transformations required. Every Atom is connected directly to an individual
and
can contain a summary of the consent they provided for the processing of the
data. These Atoms, and the real-word events they encode, become behavioural
attributes in identity systems and evidence in intelligence systems.
• The Classification of Everyday Living (COEL) data model is a unique and
extensible hierarchical taxonomy of human behaviours. It provides the basis
for
semantic interoperability across platforms, languages and cultures.
• The interfaces defined in COEL allow platforms to integrate using JSON
over
HTTPS for all interactions. The specification is agnostic to the data storage
construct that is implemented – centralised, personalised or distributed.
The
delivery of data from IoT devices and connected infrastructures using COEL is
as
lightweight as possible to ensure bandwidth, connectivity or local processing
power are not limitations in implementation or adoption.
• The specification has a number of embodiments in the form of dedicated
devices, mobile apps, web interfaces and data warehouses which provide
evidence
of use. Sample code in the specification is drawn from these real world
implementations.
The URLs were too long to include both earlier comment responses. These are
here:
https://www.oasis-open.org/sites/www.oasis-open.org/files/Simple-comment-resolution-log-template_0.ods
https://www.oasis-open.org/apps/org/workgroup/coel/email/archives/201806/msg00012.html
The results of this submission may be viewed at:
http://tools.oasis-open.org/issues/browse/TCADMIN