Interoperable Consent Management
Session Topic: Interoperable Consent Management
Tuesday 1C
Convener: Steve Greenberg
Notes-taker: Eve Maler
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Interesting efforts going on:
Authentication and Authorization in Constrained
Environments (ACE): IETF working group
XDI Link Constraints: OASIS technical committee
User-Managed Access (UMA): Kantara work group
KRL: technology platform from Phil Windley
OAuth: IETF standard/working group
Open Mustard Seed: effort
ID Data Web: company
Where Are You From (WAYF): federation
Consent Receipt: draft spec from Kantara Consent and
Information Sharing work group
Identity Broker: product from UnboundID
Open Digital Rights Language (ODRL): W3C standard
Health Level 7 (HL7): health standard
SBVL: standard business (something) language?
Extensible Access Control Markup Language (XACML): OASIS standard/technical committee
Platform for Privacy Preferences (P3P): (failed) W3C standard
Capabilities: security concept that is an alternative to access control
What's needed: common semantics and useful translations around: 1) identity, 2) data, 3) permissions, and 4) transactions.
Some themes to consider:
Consent versioning
Alice-to-Alice (app-to-app) vs. Alice-to-other-party
Synchronous (during access attempt) vs. asynchronous (before access attempt and after access attempt)