Difference between revisions of "Consent Receipt"
(→Context) |
(→Context) |
||
| Line 7: | Line 7: | ||
The current design of a Consent receipt is based on the theory of a transaction between a pii data controller and a pii data principle. | The current design of a Consent receipt is based on the theory of a transaction between a pii data controller and a pii data principle. | ||
| − | In the context of an IDESG identifier provider best practice it was based on a state at the IdP of a user immediately after a user initiated profile update. Note that user here means whatever sort of entity has the identifier shown as "user name". It cannot be inferred that the identified user has any rights under any regulation, | + | In the context of an IDESG identifier provider best practice it was based on a state at the IdP of a user immediately after a user initiated profile update. Note that user here means whatever sort of entity has the identifier shown as "user name". It cannot be inferred that the identified user has any rights under any regulation, as that would be a privacy exposure of its own. |
It might be useful for the consent receipt to carry an indication of the context (aka receipt type) at its generation. | It might be useful for the consent receipt to carry an indication of the context (aka receipt type) at its generation. | ||
Revision as of 10:43, 2 June 2018
Contents
Full Title or Meme
Consent Receipt generated by an IDESG compliant Identifier Provider
Context
The current design of a Consent receipt is based on the theory of a transaction between a pii data controller and a pii data principle.
In the context of an IDESG identifier provider best practice it was based on a state at the IdP of a user immediately after a user initiated profile update. Note that user here means whatever sort of entity has the identifier shown as "user name". It cannot be inferred that the identified user has any rights under any regulation, as that would be a privacy exposure of its own.
It might be useful for the consent receipt to carry an indication of the context (aka receipt type) at its generation.
Current draft of the Spec
Draft on which this implementation was based is listed below. In theory practice is the same as theory, in practice it is not.
Current draft of spec Version:1.1.0 DRAFT 8 Date:2018-02-20
Implementation on Microsoft ASP.NET Core 2 Web Site
Json output
Generated on a partial implementation on 2018-06-01
{
"version": "KI-CR-v1.1.0",
"jurisdiction": "WA",
"consentTimestamp": "",
"collectionMethod": "user input",
"consentReceiptID": "f4de5671-bd2c-4e54-b855-76f84f5b407e",
"publicKey": null,
"language": "en",
"piiPrincipalId": null,
"piiControllers": "IDESGidp",
"policyUrl": "http://tomjones.us/CRpolicy",
"services": null,
"sensitive": "false",
"spiCat": null
}
