[WG-eGov] Another NZ request: Consent Services

Thu Mar 31 00:13:31 EDT 2011

Thank you David, Rainer and John.

I'll look at WAYF through a new lens! (I read the spec years ago but consent did not jump out at me).

I think we have several use cases that do one or other of what you say below John.

So Rainer's request for use cases is entirely valid.

Cheers
Colin

-----Original Message-----
From: John Bradley [mailto:ve7jtb at ve7jtb.com] 
Sent: Thursday, 31 March 2011 12:56 a.m.
To: David Simonsen
Cc: Colin Wallis; eGov WG
Subject: Re: [WG-eGov] Another NZ request: Consent Services

I think the WAYF consent service is closer to what Colin is looking for. 

At least in the US the consent is something that is collected by the IdP before releasing some attribute.

In the EU I know that there are situations when consent must be given to the RP before it asks for the authentication.

So consent may be different things for different people.

John B.

On 2011-03-30, at 3:18 AM, David Simonsen wrote:

> Dear Colin,
> 
> WAYF - Where Are You From, yet another Danish eID federation, has operated a centralized consent service for 2 years.
> User may choose to store their (service specific) consent.
> 
> If they choose to do do, a hash of the SP-name + user attritbutes are stored in the consent db.
> Next time user tries to access the same service, the hash is calculated on the fly, the result is looked up in in the db - and if present, the user id _not_ asked to for consent, as we then know she asked us to store the consent.
> 
> Consents are stored for 3 years - which is occationally a subject of discussion as some find it too long, others appropriate...
> 
> A short video presentation of the system can be found under the title 'Users' consent to data exchange' at

 http://wayf.dk/wayfweb/video_archive.html

> FYI we have collaborated with the Fraunhofer Institute's usability specialist (Germany) and expect to improve the interface in several respects within the next 6 months.
> 
> I hope this can be of help. If you, or others, have any questions, please do not hesitate to write / call.
> 
> Kind regards
> David Simonsen
> <Screen shot 2011-02-07 at 1.08.49 PM.png>
> 
> 
> David Simonsen
> Executive manager
> Phone: +45 31216152
> 
> H. C. Andersens Boulevard 2
> DK-1553 København V
> 
> 
> 
> On Mar 30, 2011, at 7:41 AM, Colin Wallis wrote:
> 
>> Greetings all
>> 
>> We have an eGov call coming up next week which reminded me about something my developers have been hassling me about - consent services.
>> 
>> So we know of Denmark's notion of this. see the last link on this pages: OIO ID WS Scenarios (Section 3 Pages 16-18) here.
>> 
>> http://digitaliser.dk/resource/526486
>> 
>> But Finland would have one (if the presentation was anything to go by), Austria too..Canada?
>> 
>> All info welcome
>> 
>> Cheers
>> Colin
>> 
>> 
>> ====
>> CAUTION:  This email message and any attachments contain information that may be confidential and may be LEGALLY PRIVILEGED. If you are not the intended recipient, any use, disclosure or copying of this message or attachments is strictly prohibited. If you have received this email message in error please notify us immediately and erase all copies of the message and attachments. Thank you.
>> ==== _______________________________________________
>> WG-eGov mailing list
>> WG-eGov at kantarainitiative.org
>> http://kantarainitiative.org/mailman/listinfo/wg-egov
> 
> _______________________________________________
> WG-eGov mailing list
> WG-eGov at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-egov

====
CAUTION:  This email message and any attachments contain information that may be confidential and may be LEGALLY PRIVILEGED. If you are not the intended recipient, any use, disclosure or copying of this message or attachments is strictly prohibited. If you have received this email message in error please notify us immediately and erase all copies of the message and attachments. Thank you.
====