-
Notifications
You must be signed in to change notification settings - Fork 3
Issue consent
osancus edited this page Jun 25, 2020
·
1 revision
MyData Agency allows the identity holder to issue authenticated, self-signed consents to organizations and other individual identity holders. Using the issued consent credential, the receiving party can prove that they have received an explicit consent (or signed agreement) to retrieve and use the personal data.
Consents are issued to the organizational identity holder's agent. The agent then relays the incoming consent information through the webhooks to the enterprise workflow management system. The enterprise business logic uses the received consent to exchange it into a disposable access token used to access the data APIs.
In the consent issuance, the following information is provided:
- Connection, to whom the consent is issued to
- Service to which the consent applies to
- Connection information to Data API
- External authorized entities (e.g. organization's Active Directory groups affected by the consent – provided by the connection)
- Issuer's authentication credentials
- Dependent's authentication credentials (e.g. if issuer acts as a guardian)