| Internet-Draft | vCon Lawful Basis | September 2025 |
| McCarthy-Howe | Expires 29 March 2026 | [Page] |
This document defines a lawful basis extension for Virtualized Conversations (vCon) that provides standardized mechanisms for recording, verifying, and managing the lawful basis for processing data within conversation containers. The lawful basis extension addresses privacy compliance challenges through structured attachment metadata, including the specific lawful basis being asserted, temporal validity periods where applicable, and cryptographic proof mechanisms.¶
The extension is designed as a Compatible vCon extension that introduces lawful basis management capabilities without altering existing vCon semantics. It defines a "lawful_basis" attachment type with structured records for each of the six lawful bases defined in regulations like GDPR, including consent, contract, legal obligation, vital interests, public task, and legitimate interests.¶
Key features include automated lawful basis detection during conversation processing, auditable records with cryptographic proofs, granular purpose-based permissions for all lawful bases, documented justifications for other lawful bases, and integration with privacy regulations including GDPR, CCPA, and HIPAA.¶
This note is to be removed before publishing as an RFC.¶
The latest revision of this draft can be found at https://vcon-dev.github.io/draft-howe-vcon-consent/draft-howe-vcon-lawful-basis-latest.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-howe-vcon-lawful-basis/.¶
Discussion of this document takes place on the vCon Working Group mailing list (mailto:vcon@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/vcon/. Subscribe at https://www.ietf.org/mailman/listinfo/vcon/.¶
Source for this draft and an issue tracker can be found at https://github.com/vcon-dev/draft-howe-vcon-lawful-basis.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 29 March 2026.¶
Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Conversations originating from all modes (voice, video, email, fax and messaging), contain sensitive information that requires a documented lawful basis for processing to comply with privacy regulations and ethical standards. This document defines a lawful basis extension for Virtualized Conversations (vCon) that enables automated lawful basis detection, structured recording, and cryptographic proof mechanisms.¶
A vCon (Virtualized Conversation) is a standardized container format for storing conversation data, including metadata, participants, and conversation content, as defined in [I-D.draft-ietf-vcon-core-00]. The vCon specification supports extensible attachments that can carry additional structured data related to the conversation.¶
This lawful basis extension provides a Compatible vCon extension (as defined in Section 2.5 of [I-D.draft-ietf-vcon-core-00]) that introduces lawful basis management capabilities through a standardized "lawful_basis" attachment type. The extension captures essential metadata including:¶
The specific lawful basis being asserted for processing¶
Party identification (for consent-based processing)¶
Temporal validity periods (where applicable)¶
Granular purpose-based permissions¶
Documented justifications for non-consent-based lawful bases¶
Cryptographic proof mechanisms and external verification¶
Integration with SCITT transparency services for audit trails¶
The lawful basis extension addresses key privacy and compliance challenges while maintaining compatibility with existing vCon implementations. Implementations that do not recognize the lawful basis extension can safely ignore lawful basis attachments while maintaining valid processing of other vCon content.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 RFC2119 [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
Lawful Basis: A valid justification, as defined by applicable law (e.g., GDPR), for the processing of personal data. One of six potential bases must be identified prior to processing.¶
Data Subject: The identified or identifiable natural person to whom personal data relates [GDPR].¶
Lawful Basis Attachment: A vCon attachment with type "lawful_basis" that contains structured information documenting the lawful basis for processing conversation data.¶
Attestation Registry: An external transparency service that maintains an authoritative, verifiable log of attestations about a vCon, which can include attestations of a lawful basis. This document defines integration with registries using the SCITT protocol.¶
Compatible Extension: A vCon extension that introduces additional data without altering the meaning or structure of existing elements, as defined in [I-D.draft-ietf-vcon-core-00].¶
While this document defines an extension for recording any lawful basis for processing, it is important to understand the distinctions between them. Under regulations like the GDPR, there are six lawful bases for processing personal data. Consent is unique in that it is a permission granted by the data subject, while the other five are justifications asserted by the data controller. Understanding this distinction is critical for correctly implementing this extension.¶
The six lawful bases for processing under GDPR are:¶
Consent: The data subject has given clear, unambiguous consent for their personal data to be processed for a specific purpose. This basis is unique because it originates with the data subject.¶
Contract: The processing is necessary for a contract that the data subject has with the organization, or because they have asked the organization to take specific steps before entering into a contract. For example, processing a customer's address to deliver a purchased product.¶
Legal Obligation: The processing is necessary for the organization to comply with the law (not including contractual obligations). For example, a financial institution may be legally required to report certain transactions to prevent fraud.¶
Vital Interests: The processing is necessary to protect someone's life. For example, sharing a patient's medical history with emergency services.¶
Public Task: The processing is necessary for the organization to perform a task in the public interest or for its official functions, and the task or function has a clear basis in law. For example, a local authority processing data to provide public services.¶
Legitimate Interests: The processing is necessary for the organization's legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual's personal data which overrides those legitimate interests. For example, a business using customer data for marketing analysis to improve its services, provided it does not infringe on the customer's privacy rights.¶
This lawful basis extension for vCon provides a standardized way to record and verify any of these lawful bases. The presence and content of a lawful_basis attachment are intended to be the primary mechanism for determining the authorized uses of a vCon's data.¶
The lawful basis extension is a Compatible Extension as defined in Section 2.5 of [I-D.draft-ietf-vcon-core-00]. This extension:¶
This document defines the "lawful_basis" extension token for registration in the vCon Extensions Names Registry:¶
vCon instances that include lawful basis attachments SHOULD include "lawful_basis" in the extensions array:¶
json
{
"uuid": "01234567-89ab-cdef-0123-456789abcdef",
"extensions": ["lawful_basis"],
"created_at": "2025-01-02T12:00:00Z",
"parties": [...],
"dialog": [...],
"attachments": [
{
"type": "lawful_basis",
"start": "2025-01-02T12:15:30Z",
"party": 0,
"dialog": 0,
"encoding": "json",
"body": {
// Lawful basis data structure defined below
}
}
]
}
¶
Lawful basis information MUST be included as vCon attachments using the standard attachment object structure defined in Section 4.4 of [I-D.draft-ietf-vcon-core-00].¶
The lawful basis attachment MUST include:¶
type: MUST be set to "lawful_basis"¶
encoding: MUST be set to "json" for structured lawful basis data¶
body: MUST contain the lawful basis data structure as defined below¶
The lawful basis attachment SHOULD include:¶
The body field of the lawful basis attachment MUST contain a JSON object with the following structure:¶
terms_of_service: URL reference to applicable terms of service document¶
status_interval: Duration string for revalidation intervals (e.g., "30d")¶
content_hash: An object containing content integrity information for the lawful basis attachment. The object has the following fields:¶
algorithm: (string, required) The hash algorithm used. This document defines initial values of "sha-256", "sha-3-256", and "blake2b-256". Other values may be registered in an IANA registry.¶
canonicalization: (string, required) The canonicalization method used. This document defines an initial value of "jcs" (JSON Canonicalization Scheme per RFC 8785). Other values may be registered in an IANA registry.¶
value: (string, required) The hexadecimal-encoded hash value of the canonicalized lawful basis attachment body.¶
registry: An object containing information about an external attestation registry for audit trails. The object has the following fields:¶
proof_mechanisms: Array of proof objects supporting the lawful basis¶
metadata: Additional implementation-specific metadata¶
Each object in the purpose_grants array MUST contain:¶
purpose: String identifying the processing purpose (e.g., "recording", "transcription", "analysis")¶
granted: Boolean indicating whether permission is granted (true) or denied (false)¶
granted_at: ISO 8601 timestamp when this specific permission was granted¶
conditions: Optional array of strings describing conditions or restrictions¶
json
{
"type": "lawful_basis",
"start": "2025-01-02T12:15:30Z",
"party": 0,
"dialog": 0,
"encoding": "json",
"body": {
"lawful_basis": "consent",
"expiration": "2026-01-02T12:00:00Z",
"purpose_grants": [
{
"purpose": "recording",
"granted": true,
"granted_at": "2025-01-02T12:15:30Z"
},
{
"purpose": "transcription",
"granted": true,
"granted_at": "2025-01-02T12:15:30Z"
},
{
"purpose": "sentiment_analysis",
"granted": false,
"granted_at": "2025-01-02T12:15:30Z"
}
],
"proof_mechanisms": [
{
"proof_type": "verbal_confirmation",
"timestamp": "2025-01-02T12:15:30Z",
"proof_data": {
"dialog_reference": 0,
"time_offset": "00:01:23",
"confirmation_text": "Yes, I consent to recording this call"
}
}
],
"terms_of_service": "https://example.com/terms/v2024.1",
"status_interval": "30d",
"content_hash": {
"algorithm": "sha-256",
"canonicalization": "jcs",
"value": "a1b2c3d4e5f6789abcdef0123456789abcdef0123456789abcdef0123456789ab"
},
"registry": {
"type": "scitt",
"url": "https://transparency.example.com/lawful_purpose/registry"
}
}
}
¶
Implementations MUST validate content hashes when present in lawful basis attachments:¶
Canonicalization: Apply the specified canonicalization method to the lawful basis attachment body¶
Hash Computation: Compute the hash using the specified algorithm¶
Hash Verification: Compare computed hash with the provided value¶
Error Handling: Provide specific error reporting for hash validation failures¶
Implementations MUST validate lawful basis expiration before processing:¶
Implementations MUST validate attachment references:¶
When processing vCon content, implementations MUST:¶
Implementations SHOULD verify proof mechanisms when present:¶
The optional registry field enables integration with external attestation registries for audit trails. The registry object's type field specifies the protocol to be used.¶
When the registry object is present and its type is "scitt", the url field MUST:¶
Reference a SCITT (Supply Chain Integrity, Transparency, and Trust) Transparency Service implementing SCRAPI [I-D.draft-ietf-scitt-scrapi-05]¶
Provide cryptographic receipts for state changes¶
Support status queries and updates¶
Implement appropriate access controls and privacy protections¶
Other transparency service types may be used if they are registered with IANA. The documentation for each registered type must specify the necessary protocols and interaction models.¶
Implementations that support registries MUST:¶
Implementations SHOULD provide specific error reporting:¶
LawfulBasisExpiredError: Lawful basis has expired and cannot be used¶
PermissionDeniedError: Permission explicitly denies the requested processing¶
LawfulBasisMissingError: No valid lawful basis found for the requested processing¶
ProofVerificationError: Lawful basis proof mechanisms failed validation¶
ReferenceValidationError: Attachment references invalid vCon elements¶
ContentHashMismatchError: Computed hash does not match provided value¶
UnsupportedHashAlgorithmError: Hash algorithm not supported by implementation¶
UnsupportedCanonicalizationError: Canonicalization method not supported by implementation¶
To ensure interoperability across implementations:¶
The vcon-core specification provides general-purpose security mechanisms, such as digital signatures, designed to ensure the basic integrity of the vCon container. These mechanisms answer the question, "Has this vCon been tampered with?" However, managing lawful basis requires addressing a more specific and legally significant question: "Did this specific person provide a valid basis for this specific action at a specific time?" Answering this question requires a higher level of security and contextual awareness. The following sections detail the additional security considerations that are critical for a lawful basis mechanism to be considered trustworthy and compliant with privacy regulations.¶
Background: Forgery is the act of creating a fake record or altering an existing one—for instance, by changing the expiration date, expanding the scope of what was agreed to, or faking the identity of the party. The ability to prove that a lawful basis is authentic and unaltered is the bedrock of any privacy compliance framework like GDPR or CCPA. A forged record is equivalent to having no lawful basis at all and carries severe legal and financial penalties. While vcon-core provides a signature field, this extension adds the necessary business rules to ensure that a signature represents a trusted, verifiable, and legally binding act.¶
Requirements: Implementations MUST prevent forgery through:¶
Background: A replay attack involves an attacker copying a valid lawful basis attachment from one vCon and maliciously inserting it into a different vCon that the user never actually provided a basis for. Without replay protection, a user's lawful basis for a non-sensitive inquiry could be "replayed" to appear as if they provided it for the recording and analysis of a highly sensitive conversation. This would be a massive privacy violation and would render the mechanism meaningless.¶
Requirements: The lawful basis attachment design MUST prevent replay attacks through:¶
Background: Lawful basis records are themselves sensitive personal data. It is critical that they are protected while in transit between systems. An attacker in a "man-in-the-middle" position could intercept a vCon and alter it before it reaches its destination, potentially stripping or modifying lawful basis information.¶
Requirements: All lawful basis attachments MUST be integrity protected using vCon signing mechanisms as defined in [I-D.draft-ietf-vcon-core-00]. Lawful basis attachments containing sensitive information SHOULD be encrypted when transmitted outside secure environments, for instance by using TLS 1.2 or higher for all communications.¶
Background: Lawful basis is a matter of legal and regulatory compliance. If a dispute arises, the organization processing the data must be able to prove it had a valid lawful basis at the time of the action. An audit log provides this crucial, non-repudiable evidence for regulators, auditors, and courts. It is a cornerstone of the "accountability" principle in modern privacy law.¶
Requirements: Systems that process or manage lawful basis attachments SHOULD maintain a secure, immutable record of all related activities (e.g., when a lawful basis was given, checked, revoked, or expired). When a registry is used, this requirement may be fulfilled by the registry service.¶
Lawful basis attachments MUST implement data minimization principles by:¶
The lawful basis extension addresses requirements from major privacy regulations:¶
GDPR Article 7: Conditions for lawful basis including withdrawal mechanisms¶
CCPA Section 1798.135: Requirements for personal information processing¶
HIPAA Privacy Rule: Requirements for protected health information¶
Implementers MUST ensure their implementations comply with applicable regulations in their jurisdiction.¶
Implementations MUST support data subject rights including:¶
Right of Access: Enable data subjects to access their records¶
Right of Rectification: Allow correction of inaccurate information¶
Right to be Forgotten: Support deletion and data erasure¶
Right of Portability: Enable export of data in interoperable formats¶
Withdrawal: Provide mechanisms for revocation of a lawful basis¶
This document defines a comprehensive lawful basis extension for vCon that balances privacy protection with practical implementation requirements. The extension provides a foundation for lawful basis-aware conversation processing while maintaining compatibility with existing vCon infrastructure.¶
This lawful basis extension addresses several critical security and privacy concerns:¶
Integrity: Cryptographic protection prevents unauthorized modification of records while maintaining verifiability across system boundaries.¶
Temporal Security: Expiration controls and revalidation intervals ensure a lawful basis cannot be misused beyond its intended temporal scope.¶
Audit Transparency: SCITT integration provides cryptographic audit trails for operations while maintaining privacy protections.¶
Regulatory Compliance: Structured management supports compliance with GDPR, CCPA, HIPAA and other privacy regulations through standardized metadata and processing controls.¶
Data Minimization: Privacy-preserving design minimizes data collection and supports lawful basis-driven access controls throughout the conversation lifecycle.¶
Implementers should conduct thorough security reviews and ensure compliance with applicable privacy regulations in their deployment environments.¶
This document requests IANA to register the following extension in the vCon Extensions Names Registry established by [I-D.draft-ietf-vcon-core-00]:¶
This document requests IANA to register the following parameter in the Attachment Object Parameter Names Registry:¶
Parameter Name: type¶
Parameter Description: Semantic type identifier for attachment content¶
Change Controller: IESG¶
Specification Document(s): RFC XXXX, Section 4¶
Note: This addresses the "TODO: type or purpose" noted in Section 6.3.6 of [I-D.draft-ietf-vcon-core-00].¶
This document requests IANA to establish a new registry for lawful basis attachment type values with the following initial registration:¶
Type Value: lawful_basis¶
Description: Structured lawful purpose records with temporal validity and cryptographic proof mechanisms¶
Change Controller: IESG¶
Specification Document(s): RFC XXXX¶
Registration Template:¶
Type Value: The string value used as the attachment type identifier¶
Description: Brief description of the attachment type and its purpose¶
Change Controller: For Standards Track RFCs, list "IESG". For others, give the name of the responsible party.¶
Specification Document(s): Reference to defining documents with URIs where available ## Lawful Basis Registry Type Values Registry¶
This document requests IANA to establish a new registry for lawful basis registry type values with the following initial registration:¶
Type Value: scitt¶
Description: A transparency service implementing the SCITT (Supply Chain Integrity, Transparency, and Trust) protocol.¶
Change Controller: IESG¶
Specification Document(s): RFC XXXX, [I-D.draft-ietf-scitt-scrapi-05]¶
Registration Template:¶
Type Value: The string value used as the registry type identifier¶
Description: Brief description of the registry type and its purpose¶
Change Controller: For Standards Track RFCs, list "IESG". For others, give the name of the responsible party.¶
Specification Document(s): Reference to defining documents with URIs where available¶
This document requests IANA to establish a new registry for lawful basis content hash algorithm values with the following initial registrations:¶
Algorithm Value: sha-256¶
Description: SHA-256 hash algorithm as defined in FIPS 180-4¶
Change Controller: IESG¶
Specification Document(s): RFC XXXX, [FIPS-180-4]¶
Algorithm Value: sha-3-256¶
Description: SHA-3-256 hash algorithm as defined in FIPS 202¶
Change Controller: IESG¶
Algorithm Value: blake2b-256¶
Description: BLAKE2b-256 hash algorithm as defined in RFC 7693¶
Change Controller: IESG¶
Registration Template:¶
Algorithm Value: The string value used as the hash algorithm identifier¶
Description: Brief description of the hash algorithm and its purpose¶
Change Controller: For Standards Track RFCs, list "IESG". For others, give the name of the responsible party.¶
Specification Document(s): Reference to defining documents with URIs where available¶
This document requests IANA to establish a new registry for lawful basis content hash canonicalization values with the following initial registration:¶
Canonicalization Value: jcs¶
Description: JSON Canonicalization Scheme as defined in RFC 8785¶
Change Controller: IESG¶
Registration Template:¶
Canonicalization Value: The string value used as the canonicalization method identifier¶
Description: Brief description of the canonicalization method and its purpose¶
Change Controller: For Standards Track RFCs, list "IESG". For others, give the name of the responsible party.¶
Specification Document(s): Reference to defining documents with URIs where available¶
Appreciation to Vinnie Micciche for his unwavering support during the development of this lawful basis attachment in particular, and vCons in general.¶