Re: [Txauth] User consent

Dick Hardt <> Fri, 10 July 2020 18:52 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8AD723A08B6 for <>; Fri, 10 Jul 2020 11:52:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.468
X-Spam-Status: No, score=-0.468 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id eQ8V3tvr5q5n for <>; Fri, 10 Jul 2020 11:52:19 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CCB2F3A0884 for <>; Fri, 10 Jul 2020 11:52:18 -0700 (PDT)
Received: by with SMTP id y18so3764521lfh.11 for <>; Fri, 10 Jul 2020 11:52:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jcuFtTbIMfkdG7hJGN1he+sk6aWctuEpRg0P5Pu2FLc=; b=IfNNo5+1Q2hLj8fvi8qfOrYQqxDPk6B5x/rxdil6XBil6O7OShZ1z7OtZ7Cw78sgPh a2sL0gxb5vaqi9/a/ErMdM/TX51z4lsugnMjECQHtFlyCJUhKQ5SqzpJOB2WywmrhQrs 4oyC14yavSRk/Iu18iacEo6CZCRJ+cLp3qfwL9l0aVHb7YI2eBUoWFtyQpSYIekq9d0n AAGPmwWZMrE9ieq+3Q5BB5/JjeRBpwrkNBtdlnjqrq0o1KqQgcc+uGUUK1EMw5PcFd1H jzYMzf0u4EoT9l6N4ycwLJR9QNfMevq+zSVOvGeI1frhAsibaVYBwwwoa7tTT40kDcm2 sfcA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jcuFtTbIMfkdG7hJGN1he+sk6aWctuEpRg0P5Pu2FLc=; b=WJY5zR2XSOwEsbQRCbB+e0E8e/aaN/N8WdKaC+vCzOdsOjg2/VG1AP0vbZ15NMRbYJ sTgR+TQTdOZusfJwo17MhQZDG4NPjqQjlPmTbDYFim6Rw/DLQ7xutrMDW1G+kZkv1fJ5 DlKtBAeQCWasLmMguMVq3Bghja4i7EmpIIVjKuso9SFy9ZT+4sLkW4tVX+8vquJBeKT/ oaKesdPapZqBk0MfvMWHFIQeSMfzbaKkPNVqRkKhae9Awd9pZILAS1+2jIy+y/MhQaFZ R7kxSY0mIY0x/7YTrB3v8OKKbP/twrmfxmHW9uRtsgZwcEauRzb3bTGGQOg1qglW3deQ eOLQ==
X-Gm-Message-State: AOAM530JjlI0WGNLas6h7EjjJ2Vh/vW0XEV0GuORXjYPm3rlQy1C0I7m cKSsMmlC56fqsSLR6zNF7/07iGmBf/T5hmJGYQVAmQH3
X-Google-Smtp-Source: ABdhPJzZbYEQqOsT0WLWJQi/bRyylGpN8L2THzsE8xjFJzvvuLyz0EFN4scZU8FTN46dK9EcyLuIkCLNvEb9fhR7uI0=
X-Received: by 2002:a19:4143:: with SMTP id o64mr43903871lfa.157.1594407136935; Fri, 10 Jul 2020 11:52:16 -0700 (PDT)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: Dick Hardt <>
Date: Fri, 10 Jul 2020 11:51:40 -0700
Message-ID: <>
To: Tom Jones <>
Content-Type: multipart/alternative; boundary="00000000000006434605aa1ad72c"
Archived-At: <>
Subject: Re: [Txauth] User consent
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 10 Jul 2020 18:52:26 -0000

Hey Tom

As you know, consent is currently gathered by a user experience between the
user and the party needing consent.

I think a machine readable consent artifact is interesting, but it does not
appear to be in the groups charter at this time. Do you know of any other
bodies working no this?


On Fri, Jul 10, 2020 at 11:43 AM Tom Jones <>

> Dick said:
> From a privacy perspective in non-enterprise use cases, I think the user
> should give consent to any updated personal information to a client. In
> general, the client should not be able to get the latest information about
> a user whenever it wants.
> My statement about user consent from kantara perspective:
> The above statement is not machine proccessible. This can only be fixed if
> the as or rs knows what the user consented to. One element of consent needs
> to be the expiration time. Could this group create the minimum viable
> consent?
> U
> thx ..Tom (mobile)
> --
> Txauth mailing list