Anil John | Blog

On Architecture, Digital Security, Privacy, ...

User Consent in the Age of Attributes - Part 2

By on | Comments

In a previous blog post on user consent, I had created a mock-up of a consent UI as a thought exercise.  But I've always been on the lookout for what has been shown to work effectively in an operational setting. In this blog post, I wanted to highlight the consent dialog that is in production use by the WAYF federation hub

As I mentioned in my previous blog post, WAYF made the decision to implement a centralized consent service that does not store PII. David Simonsen, with the WAYF Secretariat, has a video highlighting their "informed consent" capability (think opt-in + adequate notice) that they have put in place and the rationale behind it.

A UI mockup of their consent dialog is:

WAYF Consent UI

What I really appreciate about this is that the simplicity of the UI is a result of several years of discussion and development with both usability and privacy experts, fine tuned with operational feedback from IDPs, SPs and end users.

I would be interested in how other federation hubs/brokers have implemented consent and the lessons learned (technical, UI and UX) from that experience.

UPDATE (2/6/13): WAYF has released a white paper on their implementation of consent dialogues and consent management system (PDF)


Topic: |

Anil John

I write about architecture, digital security, privacy and more ...

Subscribe by RSS
Subscribe by Email
Privacy Guarantee: I will never share your e-mail address with anyone else.

The entries in my blog are solely my opinions and do not represent the thoughts, intentions, plans or strategies of any third party, including my employer.

Archive of all Blog Posts

Recent Posts