[WG-InfoSharing] Security Considerations for the Consent Receipt

Mark Lizar mark at openconsent.com
Tue Oct 3 14:58:42 UTC 2017

H Everyone, 
Sal & I had a chat about the first draft of security considerations - Sal mentioned that Tom Jones (cc'd) reached out and raised some very good points for security considerations. 
In this regard, we have started a draft outline of Security Considerations. 
We agreed and you’ll see these Security Considerations are explicit about being only for the consent receipt and not for any other type of personal data receipt - or any other kind of personal information management use cases.  
** Security Considerations *** 
General - Since consent receipts can contain personal information it is a requirement that transmission of consent receipts not take place in the clear and that secure communications, i.e. HTTPS (properly implemented) be used.  The requirements for implementers of consent receipts and consent management include, signing, encryption, key management and other operations for their creation, transmission, use and storage, if the consent receipt is to be useful for proof of consent, withdrawal of consent or any other rights.
Securely authenticated connection - use modern cryptology
If receipt contains PII, a receipt without PII is not in scope here, but possible - and it needs to be transmitted, using the secure connection in 1, at the point of consent the user must be able to manage the receipt interactions with:
Local machine (server, client, application, device..) 
Use and storage needs further considerations
Other receipt repositories and consent services
Security of these repositories and services - i.e. non-local - requires considerations but is currently out of scope of the CR v1.1 spec 
When considered it should include the use case where for some reason a receipt has not been transmitted it should be available from the provider of the receipt repository for direct download. This and other infrastructure is out of scope for the Consent Receipt discussion.
Transmission of the receipt - with personal information is considered here 
A receipt without PII is not in scope at this time
The ability to validate and revoke the receipt – and other aspects of the consent receipt lifecycle is out of scope at this time for the consent receipt specification but will need to be taken up shortly.
Perhaps this is a topic for the Consent Best Practices? 
If so, these  consideration should include 
Status and revocation of consent 
Consent management & validation; to include other aspects of its lifecycle  
 Hopefully this is a good starting point for others on this list to jump in.


Mark Lizar
CEO & Founder | Open Consent | 
Trust is the new currency and its measured in the quality of Consent 
+44 (0) 208 123 2476
Twitter @Smartopian

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20171003/a0edaafb/attachment-0001.html>

More information about the WG-InfoSharing mailing list