A Rough Consensus is emerging on the characteristics for a consent mechanism to satisfy a diverse set of legal requirements, be effective for end-users, and foster a Internet-scale infrastructure to support it. These items are consumed by the IdP operator and/or by the end-user.
One statement of the set of requirements - Scalable Consent Requirements.pdf
They include:
- trustmarks - e.g. R&S, CoC, IDESG
- notification and consent suppression options
- icons to represent either the SP or the IdP or both
- required and optional attributes
- informed consent informational dialogues
- third party reuse and other privacy policy information
A variety of mechanisms are anticipated to provide this information:
- SAML end-entity, generally acting as trustmarks, particularly for dynamic information
- Well-known URIs where policies and more static information might reside
- Resolvable attributes, where the information is obtained directly through resolving the attribute name or value
- Others
Internal sources of the information could include local configuration options (e.g.notification options) as well as supporting above the above information for local applications
External sources may provide the above information for federated applications.