search

camaraproject / IdentityAndConsentManagement

Repository to describe, develop, document and test the Identity And Consent Management for CAMARA APIs
Apache License 2.0
18 stars 30 forks source link

Implement a Future-Proof Dynamic, Geolocation-Based User Consent Mechanism Compliant with Global Privacy Regulations #84

Closed nickvenezia closed 1 month ago

nickvenezia commented 8 months ago

Implement a Future-Proof Dynamic, Geolocation-Based User Consent & Measurement Mechanism Compliant with Global Privacy Regulations

Objective:

The goal is to create a compliant framework for user consent that dynamically adapts to privacy regulations based on user geolocation. This solution should integrate seamlessly with existing security schemas.

Rationale:

As privacy laws evolve globally, it’s imperative that our system remains flexible enough to adapt to new requirements on a country-by-country and state-by-state basis. Implementing a robust, foundational layer now will mitigate the risk of accruing technical and compliance issues in the future.

Technical Specifications:

•   Integration: The solution should integrate smoothly with our existing security schema without causing disruptions or requiring significant modifications.
•   Standardization: Focus on standardizing the scopes of consent in a manner consistent with industry best practices.
•   OpenID Connect: Incorporate “user-consent” as an additional security scheme within OpenID Connect, aligned with current community guidelines and recommendations.

Deliverables:

1.  Architectural design document detailing the mechanism for dynamic consent adaptation.
2.  Code implementation of the new user consent framework.
3.  Test cases to ensure robustness and compliance with various privacy laws.
4.  Documentation on how to integrate the new consent mechanism into existing systems.

Success Metrics:

•   High adaptability to new privacy regulations without requiring code changes.
•   Zero compliance issues in a span of 12 months post-implementation.
•   Seamless integration with existing security schemas.

Timeline:

•   Architectural Design: 2 Weeks
•   Development: 6 Weeks
•   Testing and QA: 3 Weeks
•   Documentation and Roll-out: 1 Week

Ask We’re looking for contributions and feedback to make this initiative successful. Thank you for your engagement and support.

hdamker commented 7 months ago

@nickvenezia as discussed within TSC Nov 16th this issue will be transfered to https://github.com/camaraproject/IdentityAndConsentManagement/ as you are already in discussion with them.