Cleanup of the readme towards OpenDSR

Ben · Ben · commit b8ddb4b9e5e4 · 2020-01-10T13:05:51.000-05:00
diff --git a/README.md b/README.md
@@ -1,27 +1,23 @@
 # OpenDSR Summary
 
 # Overview
-This is an introductory document intended to provide a summary of OpenDSR. For full reference details, please see the complete specification at https://www.OpenDSR.org and https://github.com/OpenDSR/OpenDSR. This project was formerly known as OpenGDPR and existed at https://www.OpenGDPR.org and https://github.com/OpeGDPR/OpenGDPR.
+This is an introductory document intended to provide a summary of the OpenDSR framework. For full reference details, please see the complete specification at https://github.com/OpenGDPR/OpenDSR. This project was formerly known as OpenGDPR and existed at https://www.OpenGDPR.org and https://github.com/OpeGDPR/OpenGDPR.
 
 # Goals and Scope
-The OpenDSR specification defines a common approach for data Controllers and Processors to build interoperable systems for tracking and fulfilling Data Subject requests as defined under the General Data Protection Regulation (GDPR).
+The OpenDSR specification defines a common approach for data Controllers and Processors to build interoperable systems for tracking and fulfilling Data Subject requests as defined under the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). To reduce confusion, this document uses the language and terminology of the GDPR.
 
-For more information on the Data Subject Rights, see chapter 3 of the GDPR.
-
-This spec is intended to:
+This framework is intended to:
 1. Provide a well defined JSON specification that allows Controllers and Processors to communicate and
-manage Data Subject access, portability and erasure requests in a uniform and scalable
-manner.
+manage Data Subject Requests (DSRs) in a uniform and scalable manner.
 2. Provide strong cryptographic verification of request receipts to provide chain of
 processing assurance and demonstrate accountability to regulatory authorities (Article
 5.2).
-3. Provide for a callback mechanism to enable Controllers to track the status of
-all Data Subject requests.
+3. Provide for a callback mechanism to enable Controllers to track the status of all DSRs.
 
 This specification does not cover:
 1. Defining the technical measures to describe the fulfill of Data Subject requests.
 It is the responsibility of each Data Controller and Data Processor to interpret and
-apply the GDPR to honor Data Subject requests (GPDR Chapter 3).
+apply relevant regulatory analysis and expertise to honor DSRs (the text of the GDPR and CCPA).
 2. The protocol for communications between Controllers and Data Subjects.
 3. The protocol for communications between Controllers, Processors and Supervisory
 Authorities.
@@ -31,33 +27,39 @@ Authorities.
 
 ## Roles
 **Data Subject**
-A European Union resident whose personal data is being processed.
+The person whose data is being collected and/or processed.
+
+The CCPA refers to data subjects as 'consumers'.
 
 **Data Controller**
-The Data Controller receives Data Subject requests from the Data Subjects and validates them. The Controller submits requests to the Data Processors.
+The Data Controller receives DSRs from the Data Subjects and validates them. The Controller submits requests to the Data Processors.
+
+The CCPA refers to controllers as businesses.
 
 **Data Processor**
-The Data processor fulfills the request for the Controllers scope.
+The Data processor acts on behalf of the controller and fulfills requests within the Controllers scope.
+
+The CCPA refers to processors as service providers.
 
 ## Request Sequence
-This diagram outlines the flow of GDPR data subject requests all the way from the data subject to the fulfillment by each Processor. This flow includes optional callbacks that allow the Controller to receive status changes.
+This diagram outlines the flow of DSRs all the way from the data subject to the fulfillment by each Processor. This flow includes optional callbacks that allow the Controller to receive status changes.
 
 ![protocol flow](images/figure_protocol_flow.png)
 
-1. New Data Subject Request: The data subject files a request to the data controller containing appropriate information. Request may be of any type provisioned in the GDPR text, commonly: access, portability, erasure, rectification.
+1. New Data Subject Request: The data subject files a request to the data controller containing appropriate information. Request may be of any type defined herein.
 2. Request Distribution: The controller verifies the request and if it will be honored, it is submitted to Processors.
 3. Request Fulfillment: The Processor fulfills their obligation within the scope of this request. For example, this may include deleting user data in the case of a deletion request.
 4. Request Status via Callback: The processor will submit status updates to the controller if callbacks are included in the request.
 5. Communication to the Data Subject: The Controller communicates the results to the data subject.
 
 ## Request Types
-The spec supports request types of “erasure”, "access" and “portability”. For all types, the details of how a processor fulfills the request is defined by the GDPR and is out of scope for this specification. For access and portability requests, secure transmission of the resulting personal data is left up to the controller and processor.
+The spec supports request types of “erasure”, "access" and “portability”. For all types, the details of how a processor fulfills the request is defined by the regulations and is out of scope for this specification. For access and portability requests, secure transmission of the resulting personal data is left up to the controller and processor.
 
 # API Summary
 ## Endpoints
 This is an overview of available HTTP methods for communicating between Controllers and Processors. The following endpoints should be provided by the Processor (to receive requests from the Controller).
 
-Restful API endpoints for the resource “opendsr_requests”:
+Restful API endpoints for the resource "request":
 
 | HTTP Method | Path | Description | Supported? |
 | --- | --- | --- | --- |
@@ -79,6 +81,7 @@ Refer to the full specification for definitions of objects and fields.
 ```
 {
  "subject_request_id":"a7551968-d5d6-44b2-9831-815ac9017798",
+ "regulation": "gdpr",
  "subject_request_type":"erasure",
  "submitted_time":"2018-10-02T15:00:00Z",
  "subject_identities":[
@@ -90,7 +93,7 @@ Refer to the full specification for definitions of objects and fields.
  ],
  "api_version":"1.0",
  "status_callback_urls":[
-   "https://example-controller.com/opendsr_callbacks"
+   "https://example-controller.com/opendsr/callbacks"
  ]
 }
 ```
diff --git a/specification.md b/specification.md
@@ -2,7 +2,7 @@
 
 An open specification for data subject request management, formerly called OpenGDPR.
 
-### Version 1.0
+### Version 2.0
 
 ### Abstract
 
