Consent Receipt

From MgmtWiki
Revision as of 18:38, 3 June 2018 by Tom (talk | contribs) (Json classes)

Jump to: navigation, search

Full Title or Meme

Consent Receipt generated by an IDESG compliant Identifier Provider

Context

The current design of a Consent receipt is based on the theory of a transaction between a pii data controller and a pii data principle.

In the context of an IDESG identifier provider best practice it was based on a state at the IdP of a user immediately after a user initiated profile update. Note that user here means whatever sort of entity has the identifier shown as "user name". It cannot be inferred that the identified user has any rights, or indeed any legal standing, under any regulation, as that would be an unwarranted privacy exposure of its own.

It might be useful for the consent receipt to carry an indication of the context (aka receipt type) at its generation.

Current draft of the Spec

Draft on which this implementation was based is listed below. In theory practice is the same as theory, in practice it is not.

Current draft of Kantara Initiative Technical Specification Recommendation, Consent Receipt Specification Version:1.1.0 DRAFT 8 Date:2018-02-20

Warning: this document is based the 1980 OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data [OECD] focusing on consent using the ISO 29100 [ISO 29100:2011] lexicon, which means that the terms are stilted and do not reflect current usages.

Implementation on Microsoft ASP.NET Core 2 Web Site

Consent receipts were added to the IDESG best practice web site which is accessible at this site.

Warning that this is a work in process and it works at varying levels of support as changes continue to be added to the site.

Json classes

 // ConsentReceipt helper clases (c) 2018 tom jones
 {
   public class ConsentReceipt
   {
       [JsonObject]
       public class ProfileResponse
       {
           [JsonProperty]
           public string version { get; set; }
           [JsonProperty]
           public string jurisdiction { get; set; }
           [JsonProperty]
           public string consentTimestamp { get; set; }
           [JsonProperty]
           public string collectionMethod { get; set; }
           [JsonProperty]
           public string consentReceiptID { get; set; }
           [JsonProperty(NullValueHandling=NullValueHandling.Ignore)]
           public string publicKey { get; set; }
           [JsonProperty(NullValueHandling = NullValueHandling.Ignore)]
           public string language { get; set; }
           [JsonProperty]
           public string piiPrincipalId { get; set; }
           [JsonProperty]
           public Array piiControllers { get; set; }
           [JsonProperty]
           public string policyUrl { get; set; }
           [JsonProperty]
           public Array services { get; set; }
           [JsonProperty]
           public string sensitive { get; set; }
           [JsonProperty(NullValueHandling = NullValueHandling.Ignore)]
           public string spiCat { get; set; }
       }
       [JsonObject]
       public class jsonController
       {
           public static jsonController Create(string json)
           {
               return new jsonController(json);
           }
           public static string Write(jsonController options)
           {
               return JsonConvert.SerializeObject(options);
           }
           public jsonController()
           { }
           public jsonController(string json)
           {
               try
               {
                   JsonConvert.PopulateObject(json, this);
               }
               catch (Exception ex)
               {
                   throw new Exception(string.Format("Error deserializing json:'{0}', into '{1}.", json, GetType()), ex);
               }
           }
           [JsonProperty]
           public string piiController { get; set; }
           [JsonProperty(NullValueHandling = NullValueHandling.Ignore)]
           public string onBehalf { get; set; }
           [JsonProperty]
           public string contact { get; set; }
           [JsonProperty]
           public string address { get; set; }
           [JsonProperty]
           public string email { get; set; }
           [JsonProperty]
           public string phone { get; set; }
           [JsonProperty(NullValueHandling = NullValueHandling.Ignore)]
           public string fax { get; set; }
           [JsonProperty(NullValueHandling = NullValueHandling.Ignore)]
           public string piiControllerURL { get; set; }
           //            [JsonProperty(NullValueHandling = NullValueHandling.Ignore)]
           //            public IDictionary<string, object> type { get; set; }
       }
       [JsonObject]
       public class jsonService
       {
           [JsonProperty]
           public string service { get; set; }
           [JsonProperty]
           public Array purposes { get; set; }
       }
       [JsonObject]
       public class jsonPurpose
       {
           [JsonProperty]
           public string purpose { get; set; }
           [JsonProperty]
           public string[] purposeCategory { get; set; }
            [JsonProperty]
           public string consentType { get; set; }
           [JsonProperty]
           public string[] piiCategory { get; set; }
           [JsonProperty]
           public bool primaryPurpose { get; set; }
           [JsonProperty]
           public string termination { get; set; }
       }
   }
 }

Json Initializer

Json output

Generated on a partial implementation on 2018-06-01. One thing that might seem a little odd to others is that the Consent receipt for this site never really varies. It is always that same three fields entered at this time.

One thing that becomes a little weird in the near future of this site is that the user will have the option of adding more information in the future in support of authentication at other sites. It seems that neither the GDPR nor the Consent Receipt considers that fact that users can enter data of their own free will for reasons that are not known to the IdP but will be used later at a relying party. In this case the IdP is just a trusted third party, a problem which will recur frequently in the health industry.

It is also not clear how to code the jurisdiction for US states. Maybe that is covered elsewhere?

But the real problem is, now that I have a Consent Receipt on the web site, what do I do with it?

 {
 "version": "KI-CR-v1.1.0",
 "jurisdiction": "WA",
 "consentTimestamp": "2018-06-04T02:34:12.9239336Z",
 "collectionMethod": "user input",
 "consentReceiptID": "25696cbc-9bd4-4abf-9774-7c57dd5bedc6",
 "language": "en",
 "piiPrincipalId": "tomcjones",
 "piiControllers": [
   {
     "piiController": "IDESGidp",
     "contact": "jerry",
     "address": "if required there is a class of address lists, like kids soccer, that would be in violation",
     "email": "jerry@ca0.net",
     "phone": "someone needs to think this thing thru!"
   }
 ],
 "policyUrl": "http://tomjones.us/CRpolicy",
 "services": [
   {
     "service": "IdP",
     "purposes": [
       {
         "purpose": "IdP",
         "purposeCategory": [ "1 - Core Function" ],
         "consentType": "EXPLICIT",
         "piiCategory": [ "2 - Contact" ],
         "primaryPurpose": true,
         "termination": "one year after last use"
       }
     ]
   }
 ],
 "sensitive": "false"
 }