The authorization and consent gathering process in GNAP is left deliberately flexible to allow for a wide variety of different deployments, interactions, and methodologies. In this process, the AS can gather consent from the RO as necessitated by the access that has been requested.
The wording “user consent” is being used in the document, but is unrelated to the consent from the user
but is related to the consent of the RO !
This issue about "User choice and consent, and user notice" is still open under issue #215:
smartopain wrote:
To draw a parallel: Since the publication of the EU GDPR (General Data Protection Regulation) the use of the cookies has changed.
An end-user is allowed to accept them all, to deny them all (except functional cookies) and even to make some choices.
The end-users can know which legal entity will collect the cookies and what for.
The same kind of screens should be proposed to the end-user.
From a technical perspective, specific end-points should be defined and used, since this kind of dialog is done using APIs.
Page 56 states:
The wording “user consent” is being used in the document, but is unrelated to the consent from the user but is related to the consent of the RO !
This issue about "User choice and consent, and user notice" is still open under issue #215:
smartopain wrote:
I fully agree.