...
...
*** This is in the process of being updated to include and reference the MVCR which replaces and updates a great deal of this specification ***
| Excerpt | ||
|---|---|---|
| ||
It may be easiest to edit the incomplete links in the template text below in "wiki markup" mode. |
Abstract
This document is a product of the ISWG Work Group. It records the scenarios and use cases governing the development of consent receipt and guiding associated implementations and deployments.
A Scenario specifying a receipt data schema
Status
| Excerpt | ||
|---|---|---|
| ||
Generating a change history automatically is handy because it's hard to capture the link to a saved revision and then put the link at the top of the document (making yet another revision!). But if the change history gets too long, you might want to delete it, make occasional PDF snapshots and attach them to this page, then link from this Status section to a short list of each new snapshot. |
This document is currently under active development. Its latest version can always be found here. See the Change History at the end of this document for its revision number.
Editors
Mark Lizar
Intellectual Property Notice
The ISWG Work Group operates under Option ABC and the publication of this document is governed by the policies outlined in this option.
...
Table of Contents
| Excerpt | ||
|---|---|---|
| ||
You can find help on this macro at http://kantarainitiative.org/confluence/renderer/notationhelp.action, under Confluence Content. |
| Table of Contents | ||||||||
|---|---|---|---|---|---|---|---|---|
|
...
Introduction and Instructions
This document is a product of the ISWG Work Group. It records the scenarios and use cases governing the development of the Consent Receipt Schema (CRS) and guiding associated implementations and deployments.
Please use the scenario template near the end of this document in adding new scenarios and subordinate use cases. Change the status keyword in each scenario and use case title as appropriate, linking to the meeting minutes page explaining the status change:
...
Edit the descriptions of technical issues and scope questions to reflect (or point to) group decisions about how to handle them.
...
| Anchor | ||||
|---|---|---|---|---|
|
Submitted by: Mark Lizar
...
- Open Notice & Kantara Community
- The Usable Privacy Project
- Mozilla
- Internet Society
Background
Economic Performance of Consent:
A commercial receipt you received at point of purchase has many uses, it can be submitted to a third party, either to show a budget and costs, or to report on what was purchased and for how much. It is a great tool for reducing friction, saves time, money. Like a commercial receipt, consents can also be submitted to a third party, it can be compared, counted, and like purchasing preferences, consent preferences can also be collected. In this way a receipt and preferences can be used with third parties like a token to access other services.
Experience of Consent
Hypothesis: Better managed consent preferences and policy will result in better user experience, transparency, privacy and security.
Governance of Consent:
A receipt can also be used as a tool for governance, for instance, the Tax authorities can use a commercial receipt to check and see if the sales are hidden, the purchaser can use a receipt to be sure of the cost of goods and compare the change provided against the price advertised or currency provided to make sure of compliance.
Objective
Specify the existing fields for a consent transaction receipt and list them as a basic template for consent receipts. (Note: This entails formally defined attributes, published and open for comment.)
...
- Pre-Consent
- a website form for a company to generate a legal.txt file
- Publishing legal.txt
- An embed code is created for company to put behind their consent buttons on the website
- Consent
- A service user selects the consent '+ receipt' option to collect a receipt
- The id used by the service user to provision consent is used to send the receipt.
- With no pre arranged application, a modal box will appear asking for selection of identifier to use with the receipt
- this could be social login, email, etc
- the receipt is then accepted and stored by the digital identity being used for the consent
- With no pre arranged application, a modal box will appear asking for selection of identifier to use with the receipt
- The id used by the service user to provision consent is used to send the receipt.
- A service user selects the consent '+ receipt' option to collect a receipt
- Post - Consent
- TOSSOS - Receipts are used to compare policy changes using TOSSOS
- TOS;Dr - Receipts are used to look up TOS;Dr rating
- Out of Scope
- Browser Plugin - Receipts are captured and used automatically to make policy responsive and to customise experience, reduces steps in stage 2. streamlining user experience.
- Would require a receipt viewing capability, preferably on aggregate and current view as well. (by identity would be useful too)
- Browser Plugin - Receipts are captured and used automatically to make policy responsive and to customise experience, reduces steps in stage 2. streamlining user experience.
Use Case: Demonstrator Scenario 1, Part 1: Pre-Consent (In Progress)
Submitted by: Mark Lizar
The primary focus is to create the first legal.txt (which I think at the time of this writing is already done) and develop a process for an organisation to distribute a consent receipt.
...
Wireframe illustration
Scenario 1 Part 1 - Site Map
Scenario 1 Part 1 A - Create Legal.txt
- Scenario 1 Part 1: B - Publish Legal.TX
- Optional - look into publishing with multiple methods
Scenario 1 Part 1: C --> Create Embed Code for Consent to be used by other organisations
The Embed Code is the consent receipt schema. At the point of consent a snap shot of the consent is captured and sent to the consent provisioner.
...
- Notes:
- Exploring a Common Terms approach and layering policies for different consent context. e.g. mobile phone, physical location, online service
- use existing standards and best practices
- Option would be on first page for use in creating legal.txt file and would demonstrate the ability to create context specific consent receipts.
- link existing policies to layered notice
- Exploring a Common Terms approach and layering policies for different consent context. e.g. mobile phone, physical location, online service
- Discussion Needed:
- Publishing,
- where should legal.txt be published? (multiple places?)
- What ID should be used,how will people receive/store and use their receipts?
- Publishing,
Use Case: Demonstrator Scenario 1, Part 2: Consent (Pending)
When a consent is provisioned using the consent option/button
...
- Consent
- The org, who has generated a LEGALS.TXT and embed code, cuts and pastes the code, which links to the LEGALS.TXT, file and adds it to the code in the current consent option that exists on the website.
- We can generate three different types of buttons. (I agree button, Check box opt-in, I have read and understand terms and service - but with the receipt option)
- A service user selects the consent '+ receipt' option to collect a receipt
- The id used by the service user to provision consent is used to send the receipt.
- With no pre arranged application, a modal box will appear asking for selection of identifier to use with the receipt
- this could be social login, email, etc
- the receipt is then accepted and stored by the digital identity of choice
- With no pre arranged application, a modal box will appear asking for selection of identifier to use with the receipt
- The id used by the service user to provision consent is used to send the receipt.
- Including Data in the Receipt for the recipient
- This should include all reasonable elements that can be captured at that point and provided in a receipt format.
- DNT Header, URI links for privacy or terms, IP Addresses, (full list is pending). As well as a counter.
- This should include all reasonable elements that can be captured at that point and provided in a receipt format.
- The org, who has generated a LEGALS.TXT and embed code, cuts and pastes the code, which links to the LEGALS.TXT, file and adds it to the code in the current consent option that exists on the website.
Scenario 1: Part 2
Scenario 1: Part 2: A
Scenario 1: Part 2 : B -Digital Identity
Scenario 1 Part 2: C
Scenario 1 Part 2:: D - Consent Receipt View
Scenario 1 Part 2: Consent Summary (on Aggregate) View : (Note this is currently out of scope of this Scenario)
Use Case: Demonstrator Scenario 1, Part 3: Post-Consent (Pending)
- Post - Consent
- TOSSOS - Receipts are used to compare policy changes using TOSSOS
- TOS;Dr - Receipts are used to look up TOS;Dr rating
- Out of Scope
- Browser Plugin - Receipts are captured and used automatically to make policy responsive and to customise experience, reduces steps in stage 2. streamlining user experience.
- Would require a receipt viewing capability, preferably on aggregate and current view as well. (by identity would be useful too)
- Browser Plugin - Receipts are captured and used automatically to make policy responsive and to customise experience, reduces steps in stage 2. streamlining user experience.
Scenario 1; Part 3 Wire Frames - (in Progress Through Stage 1 & 2)
Issue: unique-title
(Provide technical commentary on the issues brought up by this use case.)
...
| Anchor | ||||
|---|---|---|---|---|
|
| Change History |
|---|