Multi user consent

[nitsoni]

There can be cases where the DP needs the consent from multiple parties to execute the request. like in case of a joint account of user A and B.

[nitsoni]

Taking an use case -
User A and B have a joint account J with a bank who is the DP.
DC requests a some data type with user A who is willing to take some service with DC. A shares his CM-id to DC.

suggested flow 1 - (user B is not knowing this at the time of taking service)

1. A gives the consent to DC and DP via his DC.
2. DP cant share the data unless B also provides the consent.
3. DP fwds the consent request to CM of user B if account is linked else flow ends here and data cant be shared.
4. user B shares his consent.
5. DP is ready to share the data if consent given.

suggested flow 2 - (user B also knows about the service being taken)

1. user A shares his and user Bs cm-id to the DC.
2. DC sends the consent request to both users.
3. both users give/deny consent.
4. DP shares data based on consent from both users.

issues in this approach -

1. user will have to make decision before hand on which DP will be selected.
2. The dp selected may or may not require a multi consent for the request.

suggested flow 3 - (cm takes the reasonability of fwd the request to other user)

1. user A shared his cm-id to DC.
2. DC places a request to cm.
3. user A selects the DP and account (which requires multi consent)
4. user A gives consent.
5. DP response back to CM that "consent insufficient" . May or may not give the other user who is required to give the consent.
6. CM of A fwd the consent request to cm of B. cm-id of B is captured by cm of A or returned by the DP.
7. user B gives the consent.
8. Data is shared by DP.