ForgeRock Consumer Data Right Standards Application Services is an example of how you can bundle all the micro-services together to create an CDR eco-system
1
stars
1
forks
source link
Only one extant consent arrangement (being an arrangement between a single Customer, a single Data Recipient and a single Data Holder) at a time #12
Consent requirements will be communicated between the Data Recipient and Data Holder via the authorisation request object. The primary mechanism for capturing consent will be scopes and claims under [OIDC].
Other patterns for the establishment of consent may be considered in the future, including the incorporation of fine-grained consent for specific use cases.
A data holder MUST support only one extant consent arrangement (being an arrangement between a single Customer, a single Data Recipient and a single Data Holder) at a time. If a second consent is authorised then the tokens associated with the previous consent MUST be revoked.
Description
Consent requirements will be communicated between the Data Recipient and Data Holder via the authorisation request object. The primary mechanism for capturing consent will be scopes and claims under [OIDC].
Other patterns for the establishment of consent may be considered in the future, including the incorporation of fine-grained consent for specific use cases.
A data holder MUST support only one extant consent arrangement (being an arrangement between a single Customer, a single Data Recipient and a single Data Holder) at a time. If a second consent is authorised then the tokens associated with the previous consent MUST be revoked.
Acceptance criteria