Consent given to Agents with the necessary credentials

[dimi-schepers]

Most authentication systems are bound to specific individuals (or organisations). Credential consents (e.g., every nurse has consent to access my blood group information) are also important, however. There are two approaches for this:

• The first approach is role-based, e.g. every nurse/doctor/etc.
• A second approach is credential-based, e.g. every legally registered healthcare practitioner.

During the workshop dd. 2021-09-23, the credential-based approach was generally preferred. The Core Criterion and Core Evidence Vocabulary and W3C’s Verifiable Credentials could perhaps serve as modelling suggestions.

[michaelgeamanu]

Digitaal Vlaanderen proposes to use the CCCEV data model which is a European standard for organisations to set the requirements of a certain service. It helps to standardise the wide possibilities of contexts for which a consent could be needed.

CCCEV contains two basic and complementary core concepts:

1. the Requirement, a broad notion encompassing all forms of requests for information, that is often, but not necessarily, made with the objective to use it as a basis for making a judgement or decision; and
2. the Evidence, the data proving or disproving that a specific Requirement is met by someone or something, and thus has been fulfilled.