In a previous blog post on user consent, I had created a mock-up of a consent UI as a thought exercise. But I've always been on the lookout for what has been shown to work effectively in an operational setting. In this blog post, I wanted to highlight the consent dialog that is in production use by the WAYF federation hub
As I mentioned in my previous blog post, WAYF made the decision to implement a centralized consent service that does not store PII. David Simonsen, with the WAYF Secretariat, has a video highlighting their "informed consent" capability (think opt-in + adequate notice) that they have put in place and the rationale behind it.
A UI mockup of their consent dialog is:
What I really appreciate about this is that the simplicity of the UI is a result of several years of discussion and development with both usability and privacy experts, fine tuned with operational feedback from IDPs, SPs and end users.
I would be interested in how other federation hubs/brokers have implemented consent and the lessons learned (technical, UI and UX) from that experience.
UPDATE (2/6/13): WAYF has released a white paper on their implementation of consent dialogues and consent management system (PDF)
- How WAYF implements informed consent for attribute release without storing PII
- White paper on consent dialogues and management system implemented by WAYF (PDF)
- User Consent in the Age of Attributes
- WAYF - Consent
- Fair Information Practice Principles (FIPPs)
This blog post first appeared on Anil John | Blog (http://blog.aniljohn.com). These are solely my opinions and do not represent the thoughts, intentions, plans or strategies of any third party, including my employer.