ietf-wg-gnap / gnap-core-protocol

143 stars 26 forks source link

User consent is not supported #283

Closed Denisthemalice closed 3 years ago

Denisthemalice commented 3 years ago

Page 56 states:

The authorization and consent gathering process in GNAP is left deliberately flexible to allow for a wide variety of different deployments, interactions, and methodologies. In this process, the AS can gather consent from the RO as necessitated by the access that has been requested.

The wording “user consent” is being used in the document, but is unrelated to the consent from the user but is related to the consent of the RO !

This issue about "User choice and consent, and user notice" is still open under issue #215:

smartopain wrote:

To draw a parallel: Since the publication of the EU GDPR (General Data Protection Regulation) the use of the cookies has changed. An end-user is allowed to accept them all, to deny them all (except functional cookies) and even to make some choices.

The end-users can know which legal entity will collect the cookies and what for.

The same kind of screens should be proposed to the end-user.

From a technical perspective, specific end-points should be defined and used, since this kind of dialog is done using APIs.

I fully agree.

jricher commented 3 years ago

Please do not copy other issues.

Closing as duplicate.