-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Management of opt-out with Implicit consent (legitimate Interest) #138
Comments
How about this sequence?
|
Hi @AxelNennker, not sure to understand the goal of your sequence. You would like to get another way to manage the implicit consent with opt-out, different from the other way to collect consent ? |
@sebdewet In the past, it has been raised that since the consent check is done within the unauthenticated auth code stage of the Authorisation Code flow, if an error is returned to /authorize request, it would be possible to find out whether the user had consented to an operation or even had ever accessed another app. That would constitute PII leakage. From Telefónica, we are fine to revisit the documented flow and consider your proposed evolution to include an error in the /authorize response when consent is not provided by the user, when it is provided (opt-in) but then revoked (opt-out), or in the case of, as you suggest, an implicit consent scenario (such as legitimate interest), when consent is then revoked by the user (opt-out). And to address potential PII leakage and protect the "/authorize" endpoint, we suggest using RFC9101, as we also proposed in #128 (comment) |
@sebdewet et all, any feedback on the above proposal? This is one of the issues we need to address as part of the Fall24 meta-release. If you like, and if it helps, I could incorporate the suggested changes into the flow. Would that be ok with you to resolve this issue? But we should also discuss whether we need the support of RFC9101 to cover the potential PII leakage scenario reported by Vonage in the past. The decision to support of RFC9101 is also related to Issue #128. |
I thought that we would have to resolve first the #128 before discussing about this subject ? |
…error Auth code flow update to fix Issue #138
Problem description
In the "CAMARA APIs access and user consent management" documentation, only two scenarios are discussed on consent management:
• Scenario 1: User consent is not required or consent is already given (Step 7).
• Scenario 2: Consent is required and not yet provided by user (Step 8)
Note that for performance and environment reasons (Orange is internally challenged on environmental topics), Orange France currently manages the "error": "access_denied", at the /authorize level and not the /token. Having the client_id, the scope and the redirect_uri seemed enough to secure this access.
Possible evolution
We would like to add the scenario of consent being revoked in order to standardize behaviour.
It would seem that the scenario of a consent refused when collecting consent is presented on flow 12, but is not detailed in the explanatory text below the sequence diagram (besides the numbers of the stages do not correspond to those of the diagram)
Here is a simplified sequence diagram on consent management on flows 8 to 12 under implied consent with opt-out (see uml diagram)
The text was updated successfully, but these errors were encountered: