Skip to content

Issue consent

Jump to bottom
osancus edited this page Jun 25, 2020 · 1 revision

MyData Agency allows the identity holder to issue authenticated, self-signed consents to organizations and other individual identity holders. Using the issued consent credential, the receiving party can prove that they have received an explicit consent (or signed agreement) to retrieve and use the personal data.

Consents are issued to the organizational identity holder's agent. The agent then relays the incoming consent information through the webhooks to the enterprise workflow management system. The enterprise business logic uses the received consent to exchange it into a disposable access token used to access the data APIs.

In the consent issuance, the following information is provided:

  • Connection, to whom the consent is issued to
  • Service to which the consent applies to
  • Connection information to Data API
  • External authorized entities (e.g. organization's Active Directory groups affected by the consent – provided by the connection)
  • Issuer's authentication credentials
  • Dependent's authentication credentials (e.g. if issuer acts as a guardian)

Consents Issue_consent

Clone this wiki locally