►
From YouTube: OpenActive W3C Community Call / 2020-04-22
Description
Revisiting safeguarding
* Initial proposal
* Feedback so far
* Revisions
A
C
A
Fantastic
chris.
E
Tom
tom
marley
co-founder
played.
A
Okay,
fantastic.
Thank
you
very
much
for
that
I'll
just
start
sharing
my
screen.
A
So
yeah,
as
I
said,
the
topic
of
this
call
is
safeguarding,
which
is
obviously
an
important
issue,
and
I
think
it's
a
difficult
one
to
address,
partly
because
in
fact
it's
not
really
it's
not
purely
a
technical
question
right
there's
the
representation
which
is
in
some
ways
fairly
straightforward,
but
the
domain
or
the
requirements
are
fairly
complicated.
First
of
all,
is
everybody
seeing
my
screen
right
now.
A
Yep,
okay,
great,
so
the
initial
proposal
was
made
some
time
ago
back
in
september
by
nick
and
we've
already
talked
about
it
a
bit
I'll
give
a
brief
summary
if
nick
wants
to
jump
in-
and
you
wants
that.
That
would
be
great.
A
So
I
think
the
model
that
was
being
thought
of
here
was
mostly
something
like
club
mark
and
they
would
publish
two
kinds
of
document,
one
of
which
would
be
the
actual
certifications
and
the
definitions
of
those
and
the
other
of
which
would
be
a
feed,
aligning
those
certifications
with
given
organizations
or
given
organizations
and
the
activities
that
they
were
providing.
A
There
was
an
additional
nuance
whereby
embedded
markup
could
be
used
to
identify
which
organization
a
published
page
was
coming
from,
so
we
had
an
ecosystem
that
was
kind
of
two
publishers
of
different
kinds
and
two
outputs
on
each
of
those,
and
there
was,
I
think,
some
fairly
fine-grained
work
about
what
the
content
of
each
of
those
representations
was.
B
Only
the
recent
observation
out
of
the
back
of
some
of
the
mcr
work-
and
I
guess
it's
saying
no
one's
representing
that
here.
I
don't
think,
but
I
think
we've
got.
We
there's
an
interesting
trend
which
is
that
this
this
work
has
been
kind
of
discussed
for
a
while
and
the
same
requirements
seem
to
kind
of
keep
occurring
in
different
forms.
B
But
this
is
the
same
requirement.
So
bbc
get
inspired
change
for
life,
mcr,
the
sport,
england,
recent
england
campaign
for
virtual-
and
I
will
if
you
will
bury
all
examples
where
they
had
kind
of
said-
we're
going
to
have
an
authority
which
is
going
to
vet
activities
and
that
and
that's
going
to
be
the
way
that
we
decide
what's
in
or
out
of
this
of
our
service
and,
interestingly,
more
recently
mcr.
B
But
I
guess
then,
following
the
trend
of
all
the
others
and
then
sport,
england,
with
virtual
one
at
a
time,
everyone
seems
to
have
decided
that
actually
it's
too
expensive
and
resource
intensive
to
do
that
process
and
club
mark's.
Another
example
of
that
where,
where
the
clubmark
pro
program
didn't
continue,
so
it's
interesting
because
there
seems
to
be
an
ambition
across
all
the
organizations
names
that
they
were
to
do
that.
B
But
in
every
case,
if
they
were
doing
it,
they've
stopped
doing
it
and
if
they
were
planning
to
do
it,
they've
also
changed
their
plan
and
they're
now
not
doing
it,
which
is
yeah.
So
I
actually
I
don't
know
whether
yeah
I'm
not
sure,
and
it
might
be,
that
you're
and
tim.
Your
recent
conversations
with
support
men
have
shed
some
light
on
alternatives,
but
I
don't
know
if
the
plan
we've
previously
had
for
this
is
actually
as
viable
as
it
seemed
to
be
in
terms
of
publishers.
B
Don't
seem
to
want
to
do
this
because
that's
not
the
way
they're
thinking
about
this
now
and
more
recently,
with
the
virtual
campaign.
This
new
formal
criteria
met
self-certification
approach
where
people
basically
tick
a
box
to
say
I've
checked
and
I'm
happy
and
that's
enough,
and
so
that
kind
of
self-certification
seems
to
be
more
interesting.
B
So-
and
I
don't
know
where
that's
going
because,
obviously
that's
that's
still
early
and
and
it's
being
it's
being
kind
of
kind
of
discussed
at
the
moment,
with
all
the
implementers
for
virtual,
so
so
yeah.
So
I
I'd
so
the
the
I
think
the
proposal
before
was
responding
to
requirements.
B
That
may
not
be
clear
anymore,
and
I
and
I
guess
my
my
thoughtful
and
all
of
that
was
that
to
have
a
robust
discussion
that
out
that
results
in
a
new
spec,
it
might
be
worth
actually
having
those
people
that
would
implement
such
a
spec.
You
know
those
publishers
involved
in
that
discussion
and
committing
to
it,
because
I
think
that
it
seems
like
with
all
these
cases.
B
We
thought
if
we
can
get
a
spec
out,
then
that
will
enable
these
people
to
do
what
they're
doing,
but
if
ultimately,
no
one's
gonna
actually
do
it,
then
it
doesn't
seem
almost
worth
even
getting
to
the
point
of
the
spec
stage,
because
the
spec
isn't
the
blocker.
Here
it
sounds
like
it's.
It's
the
logistics
and
the
and
the
time.
C
Let
me
let
me
jump
in
there
because
I
probably
got
I
don't
know-
might
be
speaking
a
little
bit
on
behalf
of
others
here
as
well.
But
my
recent
conversations
with
other
active
partnerships
are
suggested
that
the
requirement
very
much
still
stands.
C
There's
a
there's,
a
concern
out
there
not
wholly
stopping
people
from
onboarding
onto
the
open,
active
program,
but
certainly
being
a
area
of
concern
around
how
open
open
data
is,
by
definition,
it's
open,
but
wanting
some
kind
of
vetting
to
know
that
the
quality
of
what
they're
getting
and
more
not
the
quality.
But
the
safeguards
are
in
place
to
prevent
any
content
reaching
them
so
and
that's
purely
a
publisher
concern
so
that
the
general
understanding
here
is
that
they're
receiving
quality
data.
C
If
they're
picking
up
the
data
from
I'm
in
obviously
from
I'm
in
and
that's
been
well
vetted,
and
they
know
it's
standardized,
so
they're
getting
good
quality.
But
whether
it's
safe
is
is
the
big
question
and
the
inability
for
them
to
have
any
kind
of
approval
is
a
concern,
not
a
barrier
but
a
snag,
probably
as
it's
best
best
to
find
us.
But
it's
very
much
alive
so
so
this
is
so.
I've
heard
that
from.
B
Everyone
who
wants
to
use
the
data
consistently
I'd
totally
yeah
totally,
I
mean-
and
people
have
been
saying
that
I
think,
since
you
know
since
day,
one.
How
do
we
know
that
there's
not
going
to
be
abuse
in
the
system
etc.
I
guess
I
guess
my
question
is
on
the
other
side.
So
absolute
data
users
want
this,
but
who
is
going
to
do
the
actual
vetting
from
your
discussions
like
who's
actually
going
to
be
going
through?
B
C
The
only
we
we
investigated
this
very
lightly
and
it
wasn't
me
leading
on
it.
I
left
it
with
my
farb,
far
more
expert
technology
team.
There's
two
things.
We
looked
at
one
physical,
the
challenges,
the
challenge
is
high
because
you
are
not
vetting
the
actual
activity
and
that's
very
difficult
to
do.
Obviously,
you've
got
all
the
precursors
to
quality
quality
checking
and
certifying,
but
again
hugely
manual.
We
we
have
given
this
more
thoughts
recently
with
the
virtual
piece.
C
We
I
don't
know
how
far
investigation
got
us
whether
there
was
a
solution
out
there.
We
considered
looking
for
similar
technology
to
what
might
be
in
place
around
browser
browser
use
whereby,
if
you
try
and
enter
a
site
that
know
that
the
browser
knows
you
need
to
be
of
a
certain
age
for
or
similar
that
it
can,
that
it
can
put
flags
up
about
that.
Whether
whether
there's
any
sort
of
better
higher
level
tracking
to
know
you're
going
to
an
unsafe
place
or
or
similar
to
be
able
to.
C
When
you're
clicking
a
url
sort
of
warn
someone
before
they
go
in
to
go
into
that
space.
And
we
haven't
found
a
solution
on
that.
Yet.
But
that
was
our
only
sort
of
things
that
we
could
be
doing
either
on
a
public
on
a
publisher
side
or
an
aggregator
side.
Looking
to
try
and
put
some
controls
in
place
around
what
urls
people
are
using.
B
So,
in
that
case
you
would
be
the
person
going
through
those.
Obviously
virtual
is
easier
because,
like
you
see,
they
don't
need
to
actually
go
to
the
sessions
or
the
checks,
maybe
slightly
easier,
but
would
you
be
the
you
would
be
the
person
doing
or
sorry
your
playlist
of
the
organization
would
be
would
be
doing
that
kind
of
leg.
Work
to
get
the
information
feasibly.
C
I
mean
we
we've,
we've
discussed
it
with
with
with
nish
and
the
team
to
get
to
sort
of
our.
C
Are
they,
but
it
wouldn't
really
make
sense
for
us
at
data
source
to
do
that,
because
then
we'd
be
the
only
ones
checking,
although
that's
good,
it's
obviously
a
small
volume
of
the
larger
percentage
of
data,
so
if
it
can
be
done
at
aggregation
point,
that
means
it's
standard
for
every
standard
for
everybody
and
benefiting
from
that
and
all
data
is
checked,
but
whether
it's
even
possible
is
another
another
matter,
so
yeah
good.
If
we
can
do
it,
but
we
only
then
touch
data.
That's
in
playways
from.
D
A
similar
point
of
open
sessions-
I
I
haven't
seen
any
way
that
we
could
be
checking
everyone,
who's
registering
even
looking
at
stuff
like
sport,
england's
club
mark,
they
seem
to
they
stopped
that
officially,
and
I
know
it
continues
for
some
sports,
but
that
even
that
process
that
was
run
nationally
has
has
stopped.
I
can't
see
austin's
own
concessions,
having
the
kind
of
resources
to
be
checking
insurance
and
crbs
at
that
point,
so
I
would
echo
the
issue
I
don't
know
who
and
where
that
checking
could
take
place.
C
Is
there
a
better?
Is
there
a
different
model
to
look
at
this
by
if
the
vetting
is
too
difficult,
which
I
think
is
from
everything
with
looking
at
it
from
a
completely
naive
point
of
view,
may
be
made
easier
with
virtual
but
still
very
challenging?
C
Would
we
be
better
to
be
looking
at
an
implementation
that
considers
the
power
of
the
review
versus
the
power
of
the
block
so
taking
a
trip
advisor
model
and
suggesting
that
people
can
rate
rate
a
session,
a
rate
of
provider
that
can
be
standardized
as
a
way
to
then
sort
of
if
you're,
if
your
ratings
sit
below
a
certain
percentage,
we're
going
to
stop
stop
promoting
your
activity,
because
that's
then
getting
the
flags
from
the
user,
albeit
the
risk.
The
initial
risk
is
still
posed,
but
medium
to
long
term.
We
can.
A
So
I
think
my
conversations
at
sport,
england
are
kind
of
relevant
here.
In
that
I
mean
to
a
certain
extent,
the
question
of
who
enforces.
It
is
avoided
because
it's
devolved
so
in
the
case
of
ngbs
right,
the
idea
is
typically,
although
it'll
vary
from
ngb
to
ngb,
that
each
club
is
responsible
for
implementing
safeguarding
measures
and
what
safeguarding
measures
are
considered.
Appropriate
is
defined
by
the
ngb
and
the
ngb
is
responsible
for
auditing
to
make
sure
that
those
measures
are
appropriately
in
place.
A
And
those
measures
are
not
really
aimed
at
checking
that
everything
is
safe.
It's
making
sure
that
there's
a
process
in
place
in
case
there's
a
breach
so
making
sure
that
there
are
some
named
individuals
who
are
responsible
for
ensuring
that
safeguarding
within
the
organization
is
protected,
defined
policy
statements
about
how
safeguarding
is
handled
in
that
kind
of
thing,
making
sure
that
everybody's
gone
through
appropriate
training
and
that
kind
of
stuff-
and
there
will
be
an
annual
review
process
for
that.
A
So
responsibility
really
lies
with
the
individual
organizations
and
if
the
organization
wants
to
claim
that
it's
affiliated
with
the
ngb,
it
has
to
demonstrate
to
the
ngb
that
it's
met
those
standards.
So
it
is
kind
of
it's
not
quite
bottom-up,
but
it's
kind
of
like
a
middle
level,
down
kind
of
way
of
of
enforcing
this.
A
Even
there.
However,
there
is
a
concern
that
this
is
actually
pretty
heavyweight,
that
if
you're
a
sport,
that's
big
enough
to
have
an
ngb
and
or
that
considers
it's
or
you're
running
a
class
that
considers
itself
large
enough
to
affiliate.
A
So
there
is
a
project
underway
for
sport,
england
to
look
at
more
lightweight
kind
of
mechanisms
for
safeguarding
and
again
it's
about
making
sure
that
people
are
aware
of
safeguarding
requirements
and
demonstrate
that
they
have
a
policy
in
place
and
that
kind
of
thing
you
know
much
more
than
it's
about
doing.
You
know
double
checking
everybody's
criminal
background
checks
and
that
kind
of
thing.
A
So
it's
a
it-
is
a
lighter
touch,
more
documentation,
heavy
kind
of
approach.
I
think
that
was
envisaged.
The
first
time
around.
C
Yeah
tim
building
on
that,
I
I
don't
know
whether
it's
relevant
or
useful,
it
may
prove
not
to
be.
I
just
it's
flagged
something
in
my
mind
really
in
this
discussion
that
we
have
to
do
a
lot
of
work
with
british
universities.
Colleges,
sport
who
sit
outside
the
open
data
landscape,
their
delivery
would
not
usually
all
be.
They
are
looking
at
term
engaging
you
know.
In
virtual,
open
data
wouldn't
usually
sit
in
this
landscape,
but
completely
outside
of
us.
C
Then
they
have
a
challenge
over
the
fact
that
their
demographic
is
student-based
as
a
as
an
ngb
themselves
for
higher
education,
sport,
the
risks
around
initiations
and
and
student
experience
of
sport
being
coupled
with
student
behavior
at
university.
C
This
has
been
certainly
been
around
for
18
months
two
years,
albeit
they've,
been
looking
at
it
sharply
for
that
period,
it's
been
around
since
the
dawn
of
probably
student
sport.
They
have
spent
a
long
time
pulling
together
sort
of
policies
processes
around
how
people
can
report
an
issue,
so
in
this
case
sort
of
similarly
report
a
breach
and
the
process
as
to
how
that
gets
handled.
C
Much
of
the
time
reports
come
to
them
and
if
it's
related
to
a
specific
institution,
let's
say
a
university
that
report
report
would
be
passed
back
to
the
unit
that
university
concerned
and
they
they
are
mandated
to
follow
certain
process
processes
to
work
out.
What's
happened
and
the
the
following
sort
of
response
to
that
and
depending
on
the
severity
that
can
come
back
to
to
be
managed
and
governed
by
bucks.
C
So
in
the
same
sense
I
can
see
a
sort
of
breach
and
reporting
process
potentially
being
possible
and
that
being
fed
back
to
an
ngb,
if
indeed
it
was
concerned,
a
specific
sport
and
provider
and
the
ngb
needed
to
handle
that.
So
it's
I
don't
know
who
would
do
the
first
component,
maybe
that
supporting
the
role,
but
perhaps
there's
relevance
there
and
we
could
probably
learn
something
from
bucks
in
terms
of
process.
They
went
through
to
establish
that
and
the
challenges
etc.
A
Yeah
with
the
overall
idea
that
yes,
you're,
defining
a
deterrent
so
that
yeah
you're
aware
that
you're
going
to
be
prosecuted
and
that
people
are
alert
to
these
things
rather
than
you're
kind
of
preemptively,
making
sure
there's
no
risk
whatsoever.
Yeah,
that's
much
lower,
lower
resource
intensive!
Isn't
it
that's!
That
makes
a
lot
of
sense,
yeah,
yeah,
okay,
so
that
I
think
those
would
be
useful
conversations
to
have
probably
via
sport,
england,
because
yeah
it's
more
than
just
a
technical
issue.
A
But
I
guess
the
question
now
is:
can
we
flush
out
some
kind
of
technical
structure
that
is
flexible
enough
to
encompass
this
kind
of
option?
I
have
made
a
stab
at
this,
so
I'm
just
going
to
summarize
the
feedback
we
had
from
the
on
the
previous
proposal
and
how
I've
tried
to
cope
with
that,
given
also
the
the
shift
in
requirements
or
maybe
the
clarification
about
requirements
in
the
last
couple
of
months.
A
Came
from
chris
actually
was
that
it's
one
thing
to
say
that
people
need
to
have
certain
qualifications
in
order
to
to
teach
or
to
engage
in
an
authority
role,
but
a
lot
of
the
time.
Long
tail
providers
won't
actually
know
what
those
qualifications
are,
how
to
acquire
them.
So
we
need
to
represent
that
somehow
one
piece
of
feedback
we
got
from
izzy
was
that
we
were
kind
of
conflating
safeguarding
with
qualifications.
More
generally,
so
we
were
yeah.
A
We
were
both
dealing
with
kind
of
legal
questions
about
ensuring
that
no
laws
were
being
broken
and
no
exploitation
was
taking
place
with
you
know
is
such
and
such
a
person
able
to
you
know
instruct
in
wall
climbing
or
something
like
that.
I
think
the
third
point
we've
already
dealt
with
existing
safeguarding
frameworks.
A
We
weren't
really
engaging
with,
I
think,
we'd
envision
a
general,
a
very
general
use
case
that
maybe
didn't
answer
the
scene
on
the
ground.
A
As
nick
said,
I
think
there
was
a
kind
of
presupposition
that
there
was
some
sort
of
authorizing
body
that
was
publishing
these
certifications
and
was
prepared
to
enforce
them
and
audit
them
in
a
fairly
rigorous
way
and
that
this
would
be
like
quite
a
high
level
organization,
and
that
seems
not
to
be
the
case
generally
speaking
and
then
again
also,
I
think,
raised
by
izzy
earlier.
It's
kind
of
a
heavyweight
process.
Overall,
so
I've
attempted
to
kind
of
shake
that
all
up.
A
So
the
latest
proposal,
which
is
just
attached
to
the
same
thread,
is
first
of
all,
let's
scope
this
right
down
to
safeguarding
and
then
see
if
we
can
generalize,
because
I
think
it
is
the
case
that
if
we
address
safeguarding
well
something
similar
to
that
will
deal
well
with
qualifications
for
teaching
as
well.
But
let's
just
solve
one
problem
at
a
time
and
make
sure
we've
got
safeguarding
covered
before
we
try
to
make
it
a
more
generic
structure.
A
A
Self-Certification
was
a
little
bit
difficult
to
deal
with
within
that
framework,
the
revised
proposal
is
to
make
self-certification
the
norm
really,
but
with
the
option
of
pointing
from
your
self-certification
up
to
another
body
and
saying
this
is
the
standard
that
we
aim
to
achieve.
This
is
our
affiliation
number,
with
this
particular
ngb
or
whatever.
This
is
the
organization
to
which
we
are
answerable.
A
Another
difference
is
that
the
certifica-
it
was
one
thing
that
arose
on
the
previous
call
about.
This
was
how
often
audits
were
done.
How
often
was
certification
information
going
to
be
changing,
and
I
don't
think
we
really
had
an
answer
to
that
and
we
went
with
the
idea
that
it
might
change
quite
quickly
and
that
say,
certification
might
be
removed
very
suddenly
from
an
organization
if
a
breach
were
found,
for
instance,
and
it
would
be
imperative
to
make
sure
that
all
records
were
updated
as
quickly
as
possible.
A
Given
that
change
in
status,
I
think
in
reality
it's
it's
like
an
annual
review
process
at
best,
really
just
because
of
the
of
the
overheads
of
auditing,
and
even
in
the
case
that
there
was
a
safeguarding
issue
that
wouldn't
necessarily
invalidate
safeguarding
certification
as
long
as
the
processes
were
being
followed
to
follow
up
on
that
alleged
breach.
A
There
would
have
to
be
further
investigation
into
that,
but
it's
not
necessarily
the
case
that
you
would
be
yanking
everything
right
away
and
then
the
final
point
is
that
there
was
a
mechanism
in
there
for
trust
networks
in
the
original
proposal.
So
the
idea
would
be
that
you
could
say
as
a
certifying
body.
A
Well,
we
also
trust
certifications
issued
by
this
other
body
and
take
those
as
equivalent
that's
been
dropped
from
the
latest
proposal,
not
because
it's
a
bad
idea,
but
just
because
I'm
I
was
sort
of
aiming
at
simplicity
here,
and
that
seemed
like
one
of
the
more
difficult
areas
and
I
think
we
need
more
evidence
that
that's
a
requirement,
although
again
nick,
might
be
better
informed
here.
B
A
Yeah,
okay,
yeah,
it
was
it's,
it
was
a
nice
proposal
and
it
kind
of
did
all
the
things.
So
I
I
have
this
like
feeling
like
it
might
be
a
question
of
like
pairing
back
to
this
minimum
and
then
building
out
until
it
looks
a
lot
like
the
the
original
proposal
was.
But
what
I'll
do
then
is
I'll
just
go
to
the
proposal
that
I
made
I'm
afraid
rather
late
yesterday.
A
So
taking
it
from
the
top
analysis
was
that
we
had
sort
of
six
kinds
of
pieces
of
information
that
need
to
be
communicated.
A
The
first
is
information
provided
by
the
activity
provider
about
what
they
do
for
safeguarding.
So
this
would
be
something
like
you
know
who
the
safety
officer
is,
who
the
public
engagement
officer
is
what
their
policy
is
and
so
on
and
so
forth.
A
Yeah,
I'm
I'm
back
with
you.
I'm
not
too
sure
what
happened
there,
sudden
total
drop.
What
was
the
last
thing?
Anyone
heard.
A
Okay,
yeah
that
wasn't
what
I
was
trying
to
convey:
okay,
so
anyway,
kinds
of
information,
safeguarding
activities
undertaken
by
the
provider
codes.
A
What
good
safeguarding
is
assertions
that
an
organization
meets
those
those
codes,
assertions
about
whether
other
organizations
are
trustworthy
assertions
that
information
has
been
published
by
a
given
organization,
so
saying
yeah,
we're
we're
the
ones
publishing
this
data
and
then
information
about
how
to
attain
accreditation
and
safeguarding
standards.
How
to
how
do
how
to
find
out
more
basically
about
a
safeguarding
code.
A
A
So
anyway,
I
with
that
kind
of
analysis
of
the
previous
proposal,
as
discussed,
I
sort
of
thought
dropping
the
point
four
about
regarding
trustworthiness
of
other
organizations
about
building
a
network
is
out
of
scope
for
the
moment,
so
there's
a
much
more
simplified
kind
of
data
structure
here,
which
consists.
Basically,
it's
probably
easiest
to
go
by
example.
Here
consist
basically,
if
you're
self-certifying
of
just
some
information
about
what
you're
doing
for
safeguarding
and
I
just
sort
of
made
up
these
terms.
A
If
there
is
a
third
party
certifying
your
safeguarding
practice,
so
if
there
is
say
an
ngb
or
something
that
does
undertake
audits,
everything
stays
the
same,
except
that
you
create
a
kind
of
rich
pointer
to
that
organization.
Saying
here's
the
standards
that
we
meet
up
to
he's
responsible
for
auditing
us,
etc.
A
And
then
the
certification
publisher
has
to
have
some
kind
of
simple
api
so
that,
if
queried
with
that
identifier,
it
will
respond
and
give
information
saying.
Yes,
this
person
meets
our
safeguarding
code.
Here's
the
last
time
we
reviewed
this
information,
here's
what
they're
called
and
so
on
and
so
forth.
So
it's
basically
the
original
proposal,
but
really
stripped
back.
A
I
think,
to
a
couple
of
core
elements
and
with
the
trust
networks
aspect
completely
removed,
so
yeah,
in
sum,
basically,
two
pieces
of
information,
documentation
and
people
published
by
the
opportunity
provider,
possibly
a
third
published.
B
You
say
it
it's
about
referring
in
it's
two
directions:
you've
got
two
there's
an
api
that
is
available
on
the
certification
publisher
that
can
be
called,
and
that
is
what's
used
to
check,
to
confirm
the
certification,
yeah.
A
That's
right
and
I
haven't
really
specified
what
that
api
looks
like
it's
really
just
I've.
Just
given
a
json
object
there,
which
is
yeah
what
the
basically
just
indicates,
the
information
you'd
have
to
convey,
but
it's
not
very
fleshed
out
there.
A
So
I'm
sure
other
people
will
have
thoughts
to
contribute
there,
questions
that
came
to
my
mind
as
I
was
drafting
it
fairly
quickly
security.
What
kind
of
security
does
there
have
to
be
if
any
generalization,
so
given
that
the
scope
was
narrowed?
How
applicable
is
this
model
to
other
kinds
of
qualification?
A
Schema.Org
modeling,
like
I
said,
I
kind
of
dived
around
a
bit
in
schema.org
looking
for
things
that
would
help
model
this,
I
didn't
find
too
much.
I
might
have
even
used
too
much.
Schema.Org
stuff,
like
digital
document,
seems
like
a
kind
of
complex
object,
maybe
for
what
we're
trying
to
do,
but
it
seemed
to
fit
the
build
most
closely
and
then
what
would
the
guidance
be
for
implementers?
A
So,
with
those
questions
in
mind,
I
guess
I'm
just
interested
in
hearing
initial
feedback.
Anybody
might
have
on
the
general
shape
of
the
specification
as
it
stands
or
the
proposal
as
it
stands
right
now,.
B
I
think
it's
it
looks
great.
I
I
guess
I
have
a
kind
of
yeah
like
it
sounds
good,
although
I'm
not
yeah.
B
I
guess
my
my
my
main
concern
looking
at
this
is
just
thinking
about
the
systems
that
would
implement
it
and
there's
quite
a
big
there's,
a
much
bigger
burden
on
the
systems
here
to
do
to
add
those
fields,
and
I
wonder
if
there
isn't,
if
there
isn't
a
way
that
we
can
do
something
whereby
a
system
can
do
because
there's
two
things:
there's
another
self-serve
and
then
there's
you
know
referencing
the
ngb
cert.
B
Can
we
do
it
so
that
the
information
actually
lives
with
the
ngb
and
they
publish
it?
And
then
we
just
point
a
you
know:
id
or
url
pointer
to
the
ngb.
That
says
this
is
my
certification
and
then
you
we
centralize,
because
I
imagine
it
also
is
going
to
be
different
for
every
ngb
in
terms
of
what
they
allow
exactly
and
what
the
different
bits
are.
That's
where
the
variance
lives,
but
if
you've
got
a
generic
booking
system,
you
you
maybe
want
to
point
to
that
and
say
just
just.
B
And
here
and
the
booking
system
is
just
url,
essentially
it's
just
yeah.
D
Yeah,
can
I
just
jump
in
and
ask
a
stupid
question
which
is:
could
you
actually
explain
all
the
stuff
you
just
said
from
say
the
booking
point
of
view?
What
what
would
we
be
implementing,
so
I
understand
that
was
the
bit
around
contact
point
just
a
really
kind
of
basic
summary:
how
how
might
we
implement
the
current
proposal.
A
So
yeah,
I
think
I
think
most
of
the
burden
does
end
up
being
on
the
data
consumer
yeah,
because
there's
always
going
to
be
some
variation
at
the
individual
publisher
level.
I
think
because
there
have
to
be
contact
names
associated
with
the
lowest
level
of
the
organization
right.
The
contact
point
is
not
going
to
be
the
ngb
ever
it'll
be
the
particular
club.
A
You,
if
you
want
to
give
some
kind
of
quality
assurance
you
have
to
do
two
things
you
have
to
parse
the
data
object,
which
has
the
links
to
the
safeguarding
policy
and
so
on
and
so
forth,
and
I
guess
at
a
minimum,
make
sure
that
it's
not
a
404
make
sure
that
there
actually
is
something
there.
That's
that's
the
safeguarding
policy.
A
Ideally
there
would
be
like
a
human
review
process
saying:
okay,
yeah.
This
is
actually
like
a
sensible,
sensible
link
and
then
verify
that
the
the
people
named
were
actually
associated
with
the
organization
and
so
on
and
so
forth.
If
there's
a
pointer
to
the
ngb
level,
the
same
process
has
to
be
has
to
occur.
A
You
have
to
make
sure
that
the
safeguarding
well
sorry,
I've
already
checked
that
I
guess,
then
you
have
to
ping
the
api
provided
by
the
certification
authority
and
essentially
just
check
that
the
review
date
is
a
sensible
one,
probably
annual,
or
something
like
that.
Once
you
had
those
pieces
of
information,
then
you'd
be
in
a
position
to
put
a
green
tick
mark
next
to
it.
A
D
A
Sure,
oh
yeah,
okay,
I
see
what
you
mean
now
right
yeah,
so
you
need
to
have
some
points
on
your
form,
saying,
safeguarding
officer,
safeguarding
policy
or
safeguarding
code
that
you
adhere
to.
I
guess
would
be
the
other.
D
Field
and
that
would
be
a
link
to
either
on
their
website
or
on
the
ngb,
but
the
the
policy
that
they
follow.
A
D
B
B
A
B
Well,
and
a
bit
more
than
that
at
the
moment,
because
you've
got
to
booking
system
has
to
somehow
know
what
web
api
for
various
affiliations
is
yeah,
so
you
would
have
to
have
like
a
like
a
yeah.
I
guess
you'd
need
to
have
an
index
file
of
those
somewhere
that
all
the
booking
systems
could
use.
So
they
knew
all
the
endpoints
or
all
the
booking
systems
may
maintain
that
information.
A
Yeah
or
the
onus
could
be
on
the
on
the
provider,
I
suppose
to
have
that
url
yeah,
but
yeah
there's
something
there's
some
kind
of
burden
there
of
how
you
find
that
information
yeah.
C
C
My
concern
comes
in
at
lengthening
and
making
ever
more
complicated
the
journey
and
route
to
creating
activity
data
for
people
who
are
neither
technology
experts
nor
fully
bought
into
why,
especially
in
these
early
days,
still
to
why
they
do
that,
especially
grassroots
level,
by
adding
more
fields
in-
and
I
don't
don't
that's
not
to
comment
on
the
importance
and
priority
of
the
fields,
but
equally
the
more
and
more,
we
add
to
the
standards,
the
more
and
more
difficult
we
make
it
and
unappealing
we
make
it
to
engage
like
globally.
C
So
my
I
guess
my
reflection
without
giving
this
any
more
thought
would
be.
Is
this
the
right
thing
to
be
looking
at
the
booking
system
to
start
putting
controls
in
I'm?
Not.
I
can
see
why
we're
doing
that,
but-
and
it
might
be
the
only
option
but
just
yeah-
I'm
concerned
about
the
impact
on
a
user,
and
we
could
be
mitigating
against
lots
of
really
good
quality
data
and
content
by
just
making
it
harder.
A
I
think
at
the
level
of
self-certifying
it's
it's
kind
of
necessary.
Just
that
the
point
I
suppose
is
really
to
show
that
you've
thought
about
it
and
given
it
some
consideration,
so
it's
a
little
bit
hard
to
get
any
more
paired
back.
I
think
then,
here's
the
person
responsible
and
here's
the
standard
that
they
you
know
we
undertake
to
fulfill
once
you've
got
start
getting
the
third
party
certification.
A
I
can
start
seeing
how
that
becomes,
but
I
feel
like
if
you
want
to
address
safeguarding
at
all,
you
have
to
have
that
as
a
as
a
as
a
minimum.
C
Yeah,
I
don't
disagree,
I'm
wondering
I
agree
on
the
necessity.
I
I'm
wondering
whether,
if
this
falls
into
an
certainly
not
a
legal
expert
of
sleep
by
any
stretch,
but
when
this
falls
closer
into
just
an
option
to
agree
to
not
t's
and
c's,
but
a
similar
style
of
behavior,
where
we
have
standardized
text
that
fits
that
fits
everyone
to
say.
Yes,
I
acknowledge
that
I've,
given
this
thought,
I
acknowledge
what
I'm
doing.
C
I
acknowledge
the
responsibility
I'm
taking,
but
it
being
far
more
than
started
far
less
than
starting
to
provide
a
safeguarding
officer
and
their
contact
details
and
more
just
an
acknowledgement
that
I
am
aware
of
these
things
and
I'm
aware
of
my
obligations,
the
problem
there
is.
It
then
becomes
something,
that's
so
generic
that
people
are
just
going
to
take
a
box
and
move
on
so
that
neither
it
is
valuable
or
invaluable.
E
So,
just
to
jump
in
here
I've
we've
got
a
bit
of
experience
with
safeguarding
on
a
project
that
we
did
with
the
mayor's
office
and
there
it
there's
a
more
frictionless
way
of
kind
of
getting
people
to
self-certify
through
the
sign
up
process
or
through
the
organizer
details.
So
they
wouldn't
have
to
do
it
on
a
kind
of
per
session
basis.
E
You
could
kind
of
have
some
assurance
that
once
they
they
kind
of
set
up
their
account,
they
kind
of
opt
in
or
out
of
a
safe
saying
that
they've
they've
kind
of
thought
about
and
adhere
to
safeguarding
measures.
And
then
you
can
kind
of
affirm
that
that's
the
case
across
all
their
sessions.
E
So
it
was
a
bit
different
to
this,
but
they
needed
a
certificate
which
the
publisher
went
through,
but
they
also,
there
was
more
check
boxes
on
the
sign
up
that
kind
of
allowed
people
to
give
thought
to
the
various
different
things
and
it
it's
a
frictionless
process.
E
Oh
okay,
so
there
may
be
a
few
different
angles
in
which
people
you
can
kind
of
agree
which
are
the
components
of
safeguarding
which
will
kind
of
ensure
that
you've
got
a
tick
as
it
may
be,
and
it
could
be
ensure
that
you
hold
this
insurance
or
ensure
that
your
activities
are
suitable
for
this
age
range
or
whatever
they
may
be.
And
then
they
just
tick
on
sign
up.
And
it
links
to
further
information
for
that
publisher
to
kind
of
correlate
against
the
various
ngb.
C
My
my
only
initial
thoughts
that
makes
a
lot
of
sense
tom.
My
initial
thoughts
would
be.
Are
there
going
to
be
systems
out
there
where
that
model
just
doesn't
quite
fit
so
from
a
playways
perspective,
and
I
think
this
goes
all
the
way
up
to
even
a
leisure
center
operator
and
obviously
don't
use
our
system
or
any
of
us
on
the
call
that,
like
we,
you
can
become.
C
You
can
be
given
the
permission
to
to
do
to
create
activity,
but
through
after
or
any
point
after
your
your
own
registration-
and
we
wouldn't
certainly
wouldn't
want
to
ask
every
single
user
of
our
system
to
acknowledge
that
it
would
be
suitable
for
a
participant
and
you
can
become
an
administrator
who
can
create
just
simply
by
someone
making
an
administrator
taking
a
toggle.
So
it's
not
that
necessarily
them
being
able
to
opt
in
at
that
stage
I
mean
there
are
things
we
could
probably
put
in
controls
next
time
they
log
in.
C
They
need
to
confirm
these
things
because
they've
been
given
that
permission
it
gets
quite
complex.
I
guess
at
a
leisure
center
level.
Are
they
going
to
know?
Is
every
user
of
their
system
going
to
be
suitably
going
to
be
asked
that
question
and
are
they
going
to
be
a
creator
of
content,
etcetera
and
are
we
asking
people
it's
not
relevant
to
et
cetera?
I
just
wonder
if
it's
a,
I
can
see
how
it
could
fit
in
a
smaller,
smaller,
specific
landscape,
but
I'm
nervous
it
wouldn't
fit
everywhere.
E
Yeah,
I
would,
I
would
they're
kind
of
head
operators
where
it
will
become
a
bit
more
complicated,
I'm
more
thinking
of
it
from
a
tail
perspective,
but
kind
of
the
bigger
operators
by
nature
kind
of
have
those
assurances
in
place
anyway-
and
I
guess
the
conversation
is
more
about
validating
the
tail.
So
I
guess
it
wouldn't
be
as
much
of
a
barrier.
Maybe.
E
B
That's
a
really
good
point,
because
the
requirements
for
gll,
so
you
could
do
that
at
the
organization
level
in
both
cases,
but
the
requirements
for
gll
self-certifying
would
be
probably
quite
different.
So,
for
example,
the
contact
point
for
gll
wouldn't
probably
be
one
for
all
sites.
I
I
guess
I
don't
know
they
might
have
a
general
mailbox,
but
maybe
their
phone
number.
B
C
Yeah,
just
just
on
at
a
high
level,
I
immediately
like
the
sound
of
that.
It
sounds
like
something
where
a
workflow
could
be
created
by
somebody.
That
is
the
workflow
that
you
need
to
go
through
to
manage
your
your
certification
and
probably
provide
some
evidence.
I
don't
know
how
that
would
get
managed
if
that's
just
building
on
that
idea,
but
there's
a
way
that,
even
at
a
grassroots
level,
people
could
certify
themselves
twitter,
bluetick
level
and
an
easy
way
for
us
to
manage
the
data
of
going
yes
or
no.
C
This
person
is
certified.
This
person
isn't
against
a
single
api
endpoint,
so
there's
a
there
sounds
like
there
could
be
a
beautiful
simplicity
to
that
and
it's
aligned
with
other
sort
of
other
platforms
other
use
cases
completely
outside
our
remit.
E
Yeah,
I
guess
it
plays
with
like.
What's
that
say,
for
example,
what
changed
your
life
are
doing?
They
have
a
white
list
of
approved
organizations
which
would
be
aching
to
the
bigger
guys
and
what
they
want
to
do
is
promote
kind
of
smaller
organizations,
but
there's
no
mechanism
in
place
for
them
to
understand
that
they've
been
safeguarded.
So
in
that
use
case,
that
solution
could
work
well.
B
I
feel
like
probably
the
important
thing
here
is
is
talking
to
those
talking
to
the
change
of
life.
Talking
to
the
deities
is
to
see
because
it
sounds
like
it
sounds
like
it
makes
sense
in
terms
of
the
data
we're
talking
about
publishing,
but
the
question
of
like
guess
whether
it's
sufficient
and
then
and
then
maybe
this
even
you
know.
Second
or
third
question
is,
is
you
know?
What's
the
technical
mechanism,
because
you
can
see,
there's
there's
definitely
a
whole
bunch
of
stuff.
B
I
can
do
about
like
the
conversations
about
the
best
way
of
making
this
possible
with
the
minimum
work
for
each
system,
but
I
guess,
however,
we
managed
to
get
that
information
published.
Whoever
does
it
it
has
to
be
it
has
to.
If
we
do
all
of
that
and
change
for
life
still
say
well,
no,
it's
not
good
enough
that
we
just
know
the
contact
details,
because
actually
we
need
to
know
that
someone's
looked
at
them.
Otherwise
we
can't
use
the
data.
Then
I
guess
that's
that's
kind
of
what
we
need.
Isn't
it.
E
A
I
so
I'm
slightly
lost
here
in
the
sense
that
it
feels
to
me
like
these
are
implementation,
questions
more
than
standards.
Questions
like
I'm,
not
clear
on
what
changes
in
the
standard
as
proposed,
given
the
desire
to
create
more
usable,
workflows
within.
B
Systems,
I
I
think
the
highlighted
thing
was
that
this
is
probably
an
organizer
level
rather
than
an
event
level
right
right.
That's
probably
the
only
thing
that
was
and
and
therefore
the
flow
could
be
just
for
an
organizer
sign
up
process
and
flow
rather
than
every
event
you
create,
which
was
part
of
it
right.
A
Right,
but
I
think
you
still
want
to
it-
gets
complicated
to
publish
a
sort
of
separate
organizer
endpoint.
I
think
saying
these
people
are
certified
for
such
and
such
like.
Wouldn't
you
still
want
the
safe
writing
information
attached
at
the
level
of
the
session
is
that
where
this
information
exists,
I
guess
because
the
or
or
whatever
yeah
I
guess
it
could
be
within
the
organization
rather
than
attached
to
the
event,
but
it
would
still
appear
within
every
event,
object.
D
So
just
in
that
attempt
it
said
you
said
if
it
was
at
the
organizer
level,
you
would
still
need
it
to
be
pulled
through
to
every
session,
because
we
certainly
within
open
sessions,
wouldn't
want
on
every
session,
add
safeguarding
info,
but
you
might
do
it
for
the
organizer
and
then
like.
I
guess,
if
it's
the
organizer
organizer
session,
then
copy
and
pull
through
that
information.
Is
that
what
you're
saying.
A
A
B
A
Okay:
okay,
thank
you
all
yeah.
We
are
at
the
top
of
the
hour
and
we
started
a
bit
late.
I
guess
the
next
step
is
indeed
to
talk
to
people
like
change
for
life
and
also
more
talking
to
to
booking
systems
about
what
they
would
find
feasible
to
do
so
I'll
make
a
note
of
that
on
the
end
of
the
issue,
and
I
suspect
we
will
address
this
again
in
future.
Okay,
thanks.