[WG-InfoSharing] Removing Subject ID Field from receipt fields

Justin Richer jricher at mit.edu
Fri Mar 11 06:41:47 CST 2016


I don't understand what you mean by something being "in the payload" but 
not "in the receipt", since technologically speaking the payload *is* 
the receipt. What does the data structure you're envisioning look like?

  -- Justin

On 3/10/2016 7:53 PM, Mark Lizar - OCG wrote:
>
> Hello CISWG,
>
> I have added a new issue to Github for discussion.  Another one of 
> those long outstanding issues about how to present and transfer PII in 
> the receipt.  This is relative to the specification review of the 
> table fields.
>
> The issue #23 
> <https://github.com/KantaraInitiative/CISWG/issues/23> is a suggestion 
> to remove the subject id field from the consent receipt field so that 
> the consent receipt fields don't contain PII, but, instead, attached 
> is the receipt payload with all of the data entered by the consent 
> grantee.
>
> The benefit would be that the receipt fields themselves don't contain 
> PII, thus are less sensitive themselves, with the PII entered into 
>  the receipt delivered in the receipt payload. The payload of PII data 
> would be provisioned to the consent grantee, but not displayed on the 
> website, via the consent receipt as to protect privacy and be privacy 
> by design.
>
> All thoughts welcome, especially on how to specify this in the 
> specification (if it should be specified).
>
> Best,
>
> Mark
>
>
> _______________________________________________
> WG-InfoSharing mailing list
> WG-InfoSharing at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-infosharing

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20160311/8b5ac9b8/attachment.html>


More information about the WG-InfoSharing mailing list