MVCR: CISWG Join Form - Consent Receipt Button - Draft
Join From Consent Receipt Button
Author
Mark & WG
Editor
Oliver
Introductions
Â
This use case is dog food and a test for the consent receipt generator
 Consent Receipt MVCR Overview Diagram.png
Walk Through
Â
Alice wants to join the  CIS - Work Group
Alice clicks the join link from the CIS-Wiki,
Alice Arrives at the Consent Enhanced Form
The only difference, is when Alice clicks on submit,
user clicks options and agree’s to form
The consent receipt is rendered to the webpage
An option to download and email the consent receipt appears
in the receipt is a link to change preferences to withdraw consent
Â
Implementation Guidance
Administrator -creates API request, should take into account a few aspects.
CRG-Web-Sequence Diagram.png
To make this a two-party system, Kantara would simply need to generate and sign the receipt itself instead of relying on a third party. There’s nothing in the technology or protocol here that would require a third party service, that’s just how we’re developing it for the demonstration site, so I would recommend that the working group not get hung up on that detail.
 — Justin
[[ web sequence diagram source for future reference:
title Consent Receipt Generator
participant "Alice's Browser" as a
participant "consentreceipts.org" as c
participant "kantarainitiative.org" as k
opt Optional setup, happens before Alice shows up
c->k: download consent receipt\nbutton and renderer javascript
k->k: configure consent receipt\nbutton with local parameters
end
a->k: request consent-requiring action
k->a: return consent-receipt button page
a->a: render consent preview\n(no issuer, timestamp, or signature)
a->a: click "I Consent"
a->c: POST to consent generator API\nwith terms included in configured button
c->a: return signed JWT consent receipt
a->a: render signed consent receipt HTML
a->a: download signed consent receipt JWT
a->k: POST signed consent receipt JWT
k->k: validate receipt issuer and signature
k->k: store copy of receipt
k->a: acknowledge receipt of receipt