Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

Abstract

This document is a product of the CISWG Work Group. It records the scenarios and use cases governing the development of consent receipt and guiding associated implementations and deployments.

A Scenario specifying a receipt data schema
Status


This document is currently under active development. Its latest version can always be found here. See the Change History at the end of this document for its revision number.

Editors

Mark Lizar

Intellectual Property Notice

The CISWG Work Group operates under Option ABC and the publication of this document is governed by the policies outlined in this option.


Table of Contents


Introduction and Instructions

This document is a product of the CISWG Work Group. It records the scenarios and use cases governing the development of the Consent Receipt Schema (CRS) and guiding associated implementations and deployments.

Please use the scenario template near the end of this document in adding new scenarios and subordinate use cases. Change the status keyword in each scenario and use case title as appropriate, linking to the meeting minutes page explaining the status change:

  • Pending: Initial status when first submitted
  • Accepted: Needs to be accounted for in Consent Receipt Schema V1 and/or its associated compliant implementations
  • Deferred: Relevant to the problem space; may be considered in future versions
  • Rejected: Out of scope

Edit the descriptions of technical issues and scope questions to reflect (or point to) group decisions about how to handle them.


Scenario: unique-title (Pending)

Submitted by: Mark Lizar

 

The goal of this scenario is to create a specification for a receipt schema and a demonstrator for creating, providing and using a minimum viable consent receipt. 

 

Initial Audience

  1. Open Notice & Kantara Community
  2. The Usable Privacy Project
  3. Mozilla
  4. Internet Society

 

Background

Economic Performance of Consent:

A receipt you get when you buy something has many uses, it can be submitted to a third party, either to show a budget and costs, or to report on what was purchased and for how much.  It is a great tool for reducing friction, saves time, money.  Like a transaction receipt, consents can also be submitted to a third party, it can be compared, counted, and like purchasing preferences, consent preferences can also be collected.  


Experience of Consent

Better managed preferences result in better user experience. 

 

Governance of Consent:

A receipt can also be used for governance, for instance, the Tax authorities can use a receipt to check and see if the sales are hidden, the purchaser can use a receipt to be sure of the cost of goods and compare the change provided and the receipt against the price advertised to make sure of compliance.  

 A receipt can be taken and used with third parties like a token to access other services.

Objective

 Specify the existing fields for a consent transaction receipt and list them as a basic template for consent receipts. (Note: This entails formally defined attributes, published and open for comment.)

Develop scenario covering the life cycle of a minimum viable consent receipt for building a demonstrator.  This would involve

  1. Create a consent receipt generator, --> Common Terms, Legal.TXT
  2. Create a consent receipt button,  --> Embed Code, publish legal.txt
  3. Provision a consent to a service user
  4. Service user, uses the receipt  to achieve the use case specified.  

The demonstrator includes 3 stages, 1. Pre-Consent, 2. Consent 3. Post-Consent

  1. Pre-Consent
    1. a website/server with form for a company to generate a legal.txt file
    2. Publishing legal.txt
    3. An embed code is created for company to put behind their consent buttons on the website
  2. Consent
    1. A service user selects the consent '+ receipt' option to collect a receipt
      1. The id used by the service user to provision consent is used to send the receipt. 
        1. With no pre arranged application, a modal box will appear  asking for slection of identifier to use with the receipt
          1. this could be social login, email, etc
        2. the receipt is then accepted and stored by the digital identity being used for the consent
  3. Post - Consent
    1. TOSSOS - Receipts are used to compare policy changes using TOSSOS
    2. TOS;Dr - Receipts are used to look up TOS;Dr rating
    3. Out of Scope
      1. Browser Plugin - Receipts are captured and used automatically  to make policy responsive and to customise experience, reduces steps in stage 2. streamling user experience. 
        1. Would require a receipt viewing capability, preferably on aggregate and current view as well. (by identity would be useful too)

Use Case: Demonstrator Scenario 1, Stage 1: Pre-Consent (Pending)

Submitted by: Mark Lizar

The primary focus is to create the first legal.txt (which I think at the time of this writing is already done) and develop a process for an organisation to distribute a consent receipt. 

Scope of Work for Stage 1

  • Focus first on creating a minimum viable consent receipt schema and using this as the schema for the legal.txt file
  • Create webpage with Minimum Viable Consent Form
  1. Create Legal.txt
  2. Publish Legal.TXT
  3. Generate Embed Code for Consent to be used by other organisations
  • Optional
    • Create a Common Terms option to layer policies for different consent context. e.g. mobile phone, physical location, online service 
    • Option would be on first page for use in creating legal.txt file and would demonstrate the ability to create certified data sets
      • link existing policies to layered notice

 

   

  • Create Legal.txt

 

  • Publish Legal.TXT

 

  • Create Embed Code for Consent to be used by other organisations

  • Notes: 
    • Exploring a Common Terms approach to layer policies for different consent context. e.g. mobile phone, physical location, online service 
      • based on existing standards and best practices
    • Option would be on first page for use in creating legal.txt file and would demonstrate the ability to create context specific consent receipts. 
      • link existing policies to layered notice
  • Thought/Discussion Needed:
    • Publishing, 
      • where should legal.txt be published?
      • How will/can people get and use their receipts? 

 

Use Case: Demonstrator Scenario 1, Stage 2: Consent (Pending)

When a consent is provisioned using the button 

- a receipt is created  at the point of consent, the identity used to provision the consent is used to deliver the consent receipt

-  

 

Use Case: Demonstrator Scenario 1, Stage 3: Post-Consent (Pending)

The consent rec

Issue: unique-title

(Provide technical commentary on the issues brought up by this use case.)


Change History

Version Date Comment
Current Version (v. 13) Dec 01, 2013 13:45 Mark Lizar
v. 38 Aug 27, 2017 13:52 Oliver Maerz
v. 37 Sep 11, 2014 22:32 Mark Lizar
v. 36 Sep 11, 2014 22:31 Mark Lizar
v. 35 Sep 11, 2014 21:15 Mark Lizar
v. 34 Sep 11, 2014 18:32 Mark Lizar
v. 33 Sep 10, 2014 12:20 Mark Lizar
v. 32 Aug 10, 2014 11:18 Mark Lizar
v. 31 Aug 10, 2014 10:59 Mark Lizar
v. 30 Aug 07, 2014 11:48 Mark Lizar
v. 29 Aug 07, 2014 11:04 Mark Lizar
v. 28 Dec 18, 2013 21:16 Mark Lizar
v. 27 Dec 18, 2013 21:15 Mark Lizar
v. 26 Dec 05, 2013 11:21 Mark Lizar:
Migration of unmigrated content due to installation of a new plugin
v. 25 Dec 05, 2013 11:21 Mark Lizar:
Migration of unmigrated content due to installation of a new plugin
v. 24 Dec 05, 2013 11:21 Mark Lizar
v. 23 Dec 05, 2013 11:21 Mark Lizar
v. 22 Dec 05, 2013 08:47 Mark Lizar
v. 21 Dec 04, 2013 23:16 Mark Lizar
v. 20 Dec 04, 2013 22:16 Mark Lizar
v. 19 Dec 04, 2013 22:01 Mark Lizar
v. 18 Dec 03, 2013 10:29 Mark Lizar
v. 17 Dec 03, 2013 10:22 Mark Lizar
v. 16 Dec 02, 2013 20:23 Mark Lizar
v. 15 Dec 01, 2013 15:33 Mark Lizar
v. 14 Dec 01, 2013 14:18 Mark Lizar
v. 13 Dec 01, 2013 13:45 Mark Lizar
v. 12 Dec 01, 2013 11:20 Mark Lizar
v. 11 Dec 01, 2013 10:22 Mark Lizar
v. 10 Dec 01, 2013 10:18 Mark Lizar
v. 9 Dec 01, 2013 10:17 Mark Lizar
v. 8 Nov 30, 2013 12:32 Mark Lizar
v. 7 Nov 30, 2013 12:26 Mark Lizar
v. 6 Nov 30, 2013 12:14 Mark Lizar
v. 5 Nov 30, 2013 12:03 Mark Lizar
v. 4 Nov 30, 2013 10:41 Mark Lizar
v. 3 Nov 29, 2013 21:49 Mark Lizar
v. 2 Nov 29, 2013 21:43 Mark Lizar
v. 1 Nov 29, 2013 19:01 Mark Lizar

  • No labels