Session Date/Time: 07 Nov 2024 15:30

vcon

Summary

The vcon working group meeting covered several important topics related to the VCon specification, including expressing Mimi instance messages in VCon, updates to the container draft, and privacy considerations. Rohan Mahy presented a draft on representing Mimi instant messages in VCon, followed by Dan Petrie discussing updates to the container draft, focusing on use cases, hackathon findings, and issues related to redacted and appended VCons. Diana and Thomas Howe presented a draft outlining privacy law requirements and how VCon can aid in compliance, which generated considerable discussion around consent, licensing, and lawful bases for processing. Steve Lasker then presented on using SCIT to record the history and lineage of VCons, further connecting to privacy concerns.

Key Discussion Points

Mimi and VCon Integration: Expressing instant messaging semantics, including relationships between messages (replies, reactions, edits) and handling multi-part content with attachments.
Content Hash Consistency: Standardizing the way content hashes are represented within VCon, considering existing conventions and the possibility of supporting multiple hashes.
Redacted VCons: Debated removing body and encoding parameters for referring to redacted VCons. Discussion on representing the original VCon in a chain of redactions.
Appended VCons: Exploring the concept of appended VCons and methods for adding new information without modifying the original VCon. Discussion on shallow copies with placeholders and the need for integrity protection through hashing.
VCon Media Types: Addressing how to properly define media types for different VCon formats, especially those involving JWS (JSON Web Signature) and GZIP compression.
Privacy Primer: Discussing the implications of privacy laws on VCons and how they can be used to aid compliance. Concerns included data minimization, encryption, and user rights.
Consent and Licensing: Discussion on how consent information and data usage licenses could be incorporated into VCons. The challenge of machine-readable licenses versus human-readable agreements, and the need to consider various lawful bases for data processing beyond consent were highlighted.
SCIT Integration: Using SCIT (Secure Content Integrity Transperancy) to track the lineage and modifications of VCons, supporting accountability and aiding in revocation of consent.

Decisions and Action Items

Content Hash Consistency: The working group agreed to standardize on a single method of representing content hashes in VCon, potentially adopting a convention like hash-algorithm:hash-value.
Redacted VCons: Dan to remove body and encoding parameters for referring to redacted VCons.
Privacy Document: The working group needs to decide whether the individual privacy draft will be adopted as a working group document (informational or best practices). The benefits of working group review and consensus were weighed.

Next Steps

Rohan will update the Mimi draft based on feedback, potentially adding examples of proprietary messaging systems.
Dan will update the container draft with agreed changes, including a standardized content hash representation and removal of body and encoding parameters for redacted VCons.
Steve will consider feedback related to licenses within VCons and continue work on the SCIT draft.
The working group will continue discussion on the privacy document and its role within the group's deliverables. Consider adding contributions to ensure alignment with privacy laws within the EU and UK.