Abstract
This document is a product of the ISWG Work Group. It records the scenarios and use cases governing the development of consent receipt and guiding associated implementations and deployments.
A Scenario specifying a receipt data schema
Status
This document is currently under active development. Its latest version can always be found here. See the Change History at the end of this document for its revision number.
Editors
Mark Lizar
Intellectual Property Notice
The ISWG Work Group operates under Option ABC and the publication of this document is governed by the policies outlined in this option.
Table of Contents
Introduction and Instructions
This document is a product of the ISWG Work Group. It records the scenarios and use cases governing the development of the Consent Receipt Schema (CRS) and guiding associated implementations and deployments.
Please use the scenario template near the end of this document in adding new scenarios and subordinate use cases. Change the status keyword in each scenario and use case title as appropriate, linking to the meeting minutes page explaining the status change:
- Pending: Initial status when first submitted
- Accepted: Needs to be accounted for in Consent Receipt Schema V1 and/or its associated compliant implementations
- Deferred: Relevant to the problem space; may be considered in future versions
- Rejected: Out of scope
Edit the descriptions of technical issues and scope questions to reflect (or point to) group decisions about how to handle them.
Scenario: Minimum Viable Consent Receipt (In Progress)
Submitted by: Mark Lizar
The goal of this scenario is to create a specification for a receipt schema and a demonstrator; creating, providing and using a minimum viable consent receipt.
Initial Audience
- Open Notice & Kantara Community
- The Usable Privacy Project
- Mozilla
- Internet Society
Background
Economic Performance of Consent:
A commercial receipt you received at point of purchase has many uses, it can be submitted to a third party, either to show a budget and costs, or to report on what was purchased and for how much. It is a great tool for reducing friction, saves time, money. Like a commercial receipt, consents can also be submitted to a third party, it can be compared, counted, and like purchasing preferences, consent preferences can also be collected. In this way a receipt and preferences can be used with third parties like a token to access other services.
Experience of Consent
Hypothesis: Better managed consent preferences and policy will result in better user experience, transparency, privacy and security.
Governance of Consent:
A receipt can also be used as a tool for governance, for instance, the Tax authorities can use a commercial receipt to check and see if the sales are hidden, the purchaser can use a receipt to be sure of the cost of goods and compare the change provided against the price advertised or currency provided to make sure of compliance.
Objective
Specify the existing fields for a consent transaction receipt and list them as a basic template for consent receipts. (Note: This entails formally defined attributes, published and open for comment.)
Develop scenario covering the life cycle (Pre-consent, Consent, Post-Consent) of a minimum viable consent receipt for building a demonstrator. This would involve
- Part 1: Create a consent receipt generator, embed code and publish legal.txt --> Common Terms, Legal.TXT
- Part 2: Create a consent receipt button and provision a consent to a service user
- Part3: Service user, uses the receipt post consent to improve user experience and compare policies.
The demonstrator includes 3 parts (or a stages of the lifecyle), 1. Pre-Consent, 2. Consent 3. Post-Consent
- Pre-Consent
- a website form for a company to generate a legal.txt file
- Publishing legal.txt
- An embed code is created for company to put behind their consent buttons on the website
- Consent
- A service user selects the consent '+ receipt' option to collect a receipt
- The id used by the service user to provision consent is used to send the receipt.
- With no pre arranged application, a modal box will appear asking for selection of identifier to use with the receipt
- this could be social login, email, etc
- the receipt is then accepted and stored by the digital identity being used for the consent
- With no pre arranged application, a modal box will appear asking for selection of identifier to use with the receipt
- The id used by the service user to provision consent is used to send the receipt.
- A service user selects the consent '+ receipt' option to collect a receipt
- Post - Consent
- TOSSOS - Receipts are used to compare policy changes using TOSSOS
- TOS;Dr - Receipts are used to look up TOS;Dr rating
- Out of Scope
- Browser Plugin - Receipts are captured and used automatically to make policy responsive and to customise experience, reduces steps in stage 2. streamlining user experience.
- Would require a receipt viewing capability, preferably on aggregate and current view as well. (by identity would be useful too)
- Browser Plugin - Receipts are captured and used automatically to make policy responsive and to customise experience, reduces steps in stage 2. streamlining user experience.
Use Case: Demonstrator Scenario 1, Part 1: Pre-Consent (In Progress)
Submitted by: Mark Lizar
The primary focus is to create the first legal.txt (which I think at the time of this writing is already done) and develop a process for an organisation to distribute a consent receipt.
Scope of Work for Stage 1
- Focus first on creating a minimum viable consent receipt schema and using this as the schema for the legal.txt file
- Create webpage with Minimum Viable Consent Form
- Create Legal.txt
- Publish Legal.TXT
- Generate Embed Code for Consent to be used by other organisations
- Optional
- Create a Common Terms option to layer policies for different consent context. e.g. mobile phone, physical location, online service
- Option would be on first page for use in creating legal.txt file and would demonstrate the ability to create certified data sets
- link existing policies to layered notice
Wireframe illustration
Scenario 1 Part 1 - Site Map
Scenario 1 Part 1 A - Create Legal.txt
- Scenario 1 Part 1: B - Publish Legal.TX
- Optional - look into publishing with multiple methods
Scenario 1 Part 1: C --> Create Embed Code for Consent to be used by other organisations
The Embed Code is the consent receipt schema. At the point of consent a snap shot of the consent is captured and sent to the consent provisioner.
- Notes:
- Exploring a Common Terms approach and layering policies for different consent context. e.g. mobile phone, physical location, online service
- use existing standards and best practices
- Option would be on first page for use in creating legal.txt file and would demonstrate the ability to create context specific consent receipts.
- link existing policies to layered notice
- Exploring a Common Terms approach and layering policies for different consent context. e.g. mobile phone, physical location, online service
- Discussion Needed:
- Publishing,
- where should legal.txt be published? (multiple places?)
- What ID should be used,how will people receive/store and use their receipts?
- Publishing,
Use Case: Demonstrator Scenario 1, Part 2: Consent (Pending)
When a consent is provisioned using the consent option/button
- a receipt is generated at the point of consent, the identity used to provision the consent is used to deliver the consent receipt
- Consent
- The org, who has generated a LEGALS.TXT and embed code, cuts and pastes the code, which links to the LEGALS.TXT, file and adds it to the code in the current consent option that exists on the website.
- We can generate three different types of buttons. (I agree button, Check box opt-in, I have read and understand terms and service - but with the receipt option)
- A service user selects the consent '+ receipt' option to collect a receipt
- The id used by the service user to provision consent is used to send the receipt.
- With no pre arranged application, a modal box will appear asking for selection of identifier to use with the receipt
- this could be social login, email, etc
- the receipt is then accepted and stored by the digital identity of choice
- With no pre arranged application, a modal box will appear asking for selection of identifier to use with the receipt
- The id used by the service user to provision consent is used to send the receipt.
- Including Data in the Receipt for the recipient
- This should include all reasonable elements that can be captured at that point and provided in a receipt format.
- DNT Header, URI links for privacy or terms, IP Addresses, (full list is pending). As well as a counter.
- This should include all reasonable elements that can be captured at that point and provided in a receipt format.
- The org, who has generated a LEGALS.TXT and embed code, cuts and pastes the code, which links to the LEGALS.TXT, file and adds it to the code in the current consent option that exists on the website.
Scenario 1: Part 2
Scenario 1: Part 2: A
Scenario 1: Part 2 : B -Digital Identity
Scenario 1 Part 2: C
Scenario 1 Part 2:: D - Consent Receipt View
Scenario 1 Part 2: Consent Summary (on Aggregate) View : (Note this is currently out of scope of this Scenario)
Use Case: Demonstrator Scenario 1, Part 3: Post-Consent (Pending)
- Post - Consent
- TOSSOS - Receipts are used to compare policy changes using TOSSOS
- TOS;Dr - Receipts are used to look up TOS;Dr rating
- Out of Scope
- Browser Plugin - Receipts are captured and used automatically to make policy responsive and to customise experience, reduces steps in stage 2. streamlining user experience.
- Would require a receipt viewing capability, preferably on aggregate and current view as well. (by identity would be useful too)
- Browser Plugin - Receipts are captured and used automatically to make policy responsive and to customise experience, reduces steps in stage 2. streamlining user experience.
Scenario 1; Part 3 Wire Frames - (in Progress Through Stage 1 & 2)
Issue: unique-title
(Provide technical commentary on the issues brought up by this use case.)
Change History
| Version | Date | Comment |
|---|---|---|
| Current Version (v. 22) | Dec 05, 2013 08:47 | Mark Lizar |
| v. 38 | Aug 27, 2017 13:52 | Former user |
| v. 37 | Sept 11, 2014 22:32 | Mark Lizar |
| v. 36 | Sept 11, 2014 22:31 | Mark Lizar |
| v. 35 | Sept 11, 2014 21:15 | Mark Lizar |
| v. 34 | Sept 11, 2014 18:32 | Mark Lizar |
| v. 33 | Sept 10, 2014 12:20 | Mark Lizar |
| v. 32 | Aug 10, 2014 11:18 | Mark Lizar |
| v. 31 | Aug 10, 2014 10:59 | Mark Lizar |
| v. 30 | Aug 07, 2014 11:48 | Mark Lizar |
| v. 29 | Aug 07, 2014 11:04 | Mark Lizar |
| v. 28 | Dec 18, 2013 21:16 | Mark Lizar |
| v. 27 | Dec 18, 2013 21:15 | Mark Lizar |
| v. 26 | Dec 05, 2013 11:21 |
Mark Lizar Migration of unmigrated content due to installation of a new plugin |
| v. 25 | Dec 05, 2013 11:21 |
Mark Lizar Migration of unmigrated content due to installation of a new plugin |
| v. 24 | Dec 05, 2013 11:21 | Mark Lizar |
| v. 23 | Dec 05, 2013 11:21 | Mark Lizar |
| v. 22 | Dec 05, 2013 08:47 | Mark Lizar |
| v. 21 | Dec 04, 2013 23:16 | Mark Lizar |
| v. 20 | Dec 04, 2013 22:16 | Mark Lizar |
| v. 19 | Dec 04, 2013 22:01 | Mark Lizar |
| v. 18 | Dec 03, 2013 10:29 | Mark Lizar |
| v. 17 | Dec 03, 2013 10:22 | Mark Lizar |
| v. 16 | Dec 02, 2013 20:23 | Mark Lizar |
| v. 15 | Dec 01, 2013 15:33 | Mark Lizar |
| v. 14 | Dec 01, 2013 14:18 | Mark Lizar |
| v. 13 | Dec 01, 2013 13:45 | Mark Lizar |
| v. 12 | Dec 01, 2013 11:20 | Mark Lizar |
| v. 11 | Dec 01, 2013 10:22 | Mark Lizar |
| v. 10 | Dec 01, 2013 10:18 | Mark Lizar |
| v. 9 | Dec 01, 2013 10:17 | Mark Lizar |
| v. 8 | Nov 30, 2013 12:32 | Mark Lizar |
| v. 7 | Nov 30, 2013 12:26 | Mark Lizar |
| v. 6 | Nov 30, 2013 12:14 | Mark Lizar |
| v. 5 | Nov 30, 2013 12:03 | Mark Lizar |
| v. 4 | Nov 30, 2013 10:41 | Mark Lizar |
| v. 3 | Nov 29, 2013 21:49 | Mark Lizar |
| v. 2 | Nov 29, 2013 21:43 | Mark Lizar |
| v. 1 | Nov 29, 2013 19:01 | Mark Lizar |