The objective of AuthC (authorization from consent) is to create and maintain an active state of trust in surveillance with a special class of surveillance called digital identity for dynamic data control (diddc) to automate human governance. The result must be the freedom to control your personal information, to choose who benefits from it, including ourselves, to be empowered with our own record of relationships.
AuthC specifies a two factor notice (2FN) and two factor Notice for Consent (2FC) flow for presenting digital privacy transparency, accountability and rights access.
2FN ->2FC produces legal proofs (computational privacy) that can be used to enhanced access and mobility services so they can be better used directly by people. regardless of physical or digtial technology or data governance providence (digi-space). The specification for 2FN is designed to produce 'Privacy Assurance', (versus the existing framework of IAL, AAL, FAL), a new category of eConsent and identity management.
The work builds on a decade of effort, much of it in Kantara workgroups. The Consent Receipt has been widely recognized and adopted, with iteration and implementations since the publication of the Consent Receipt and then its inclusion in the ISO/IEC 29184 annex.
2FN -> 2FC specifies how consent receipts be generated from a Notice Record to provide evidence of consent and can be used for any legal justification for processing personal data. Most importantly, AuthC presents how ANCR Records and Consent Receipts can be generated by either party (the PII Controller and the PII Principal) or by both stakeholders, for active state privacy and security.
To learn more, check out initial document for 2FN for Data Governance 2FC for Data Controls
For a sneak preview, take a look at ANCR: Consent Receipt Section 1 - which is the work to specify the ANCR Notice Record Format for generating Notice and Consent Receipts - for PII Controller and Principal processing records