Toward End-User Consent at Internet Scale
Scalable Consent is an initiative to develop a framework, and working code, in support of effective and informed end-user consent at Internet scale. The intent is to support fine-grained, revocable, informed, and well managed consent services that will allow both user and organization to control the release of their attributes to relying parties throughout an identity ecosystem. The work was catalyzed by an NSTIC grant from NIST, and is being enhanced and maintained by the TIER activity within Internet2.
The deliverables include:
- an architectural model and APIs associated with each flow and component within the model
- working code, both as a standalone service and embedded within a Shibboleth IdP, that implements scalable consent across a variety of protocols, including SAML,OIDC, OAuth, etc.
- a next-gen UI that allows the user to manage their attribute release in an informed and effective manner
- API's and sample connectors that deliver the information for informed consent - services such as RP identification, minimal and optional attributes, information dialogues, histories of prior and similar releases, etc.
- enterprise management services to help an organization deploy and management attribute release that integrates both end-user and institutional policies.
- planning documents, discussion materials, and inter-institutional communications to facilitate deployments
The work is intended to help foster an open and interoperable identity ecosystem. Goals include identity portability, improved support for accessibility, and consent that is usable and privacy preserving. All the specifications and code will be open-source.
Mailing Lists
Information on the EU General Data Protection Regulation (GDPR) - The GDPR has significant impacts on the appropriate use of consent. See the following General Data Protection Regulation (GDPR) and Safer Harbor
Information on Privacy and Consent from the UK ICO - UK Information Resources
Draft on EU Privacy Code of Conduct - http://www.bbc.com/news/science-environment-35524440 and DraftmHealthCodeofConduct.pdf
Scalable Consent Demo - The PrivacyLens demo site at https://work.iamtestbed.internet2.edu/drupal/ shows the capabilities of PrivacyLens. In addition it illustrates how PL and fine-grain attribute release is a key step towards scalable access control with privacy and security. In addition to the real-time demo site, there are a set of annotated slides at https://work.iamtestbed.internet2.edu/confluence/display/YCW/Demonstration+Slides.
Architectural Information
Current use cases - https://docs.google.com/document/d/1ilm3temB7rEwYZ_SmH-Ig5IpG9Fq9BDmKLBRAyfaoGQ/edit?usp=sharing
Requirements Connected To Use Cases
https://docs.google.com/document/d/14Q7uM8dt8eA1vVmLhFsnrIKmBdravDvjLdjAWxXuEdM/edit?usp=sharing
Current architectural model basic model 6.1.16.pdf
Working in a consistent fashion across multiple protocols. Working with multiple protocols
PrivacyLens - a next-gen UI - https://wiki.larpp.internet2.edu/confluence/display/LARPP/PrivacyLens+Home
"Informed Content" management - Information and Metadata Management in support of informed consent - Informed Consent Support and Metadata
The previous LARPP site https://wiki.larpp.internet2.edu/confluence/display/LARPP/LARPP+Home
Work described is supported in part by the National Strategy for Trusted Identities in Cyberspace (NSTIC) National Program Office and the National Institute of Standards and Technology (NIST). The views in this presentation do not necessarily reflect the official policies of the NIST or NSTIC, nor does mention by trade names, commercial practices, or organizations imply endorsement by the U.S. Government.