Anil John
Making Digital Services Secure and Trustworthy

Anil John

User Consent in the Age of Attributes - Part 2

 Tweet  Share  Share  Comment  Print  Email

In a previous blog post on user consent, I had created a mock-up of a consent UI as a thought exercise.  But I've always been on the lookout for what has been shown to work effectively in an operational setting. In this blog post, I wanted to highlight the consent dialog that is in production use by the WAYF federation hub

As I mentioned in my previous blog post, WAYF made the decision to implement a centralized consent service that does not store PII. David Simonsen, with the WAYF Secretariat, has a video highlighting their "informed consent" capability (think opt-in + adequate notice) that they have put in place and the rationale behind it.

A UI mockup of their consent dialog is:

WAYF Consent UI

What I really appreciate about this is that the simplicity of the UI is a result of several years of discussion and development with both usability and privacy experts, fine tuned with operational feedback from IDPs, SPs and end users.

I would be interested in how other federation hubs/brokers have implemented consent and the lessons learned (technical, UI and UX) from that experience.

UPDATE (2/6/13): WAYF has released a white paper on their implementation of consent dialogues and consent management system (PDF)


Did you find this interesting? Don't miss any new posts. Sign up to automatically receive them now!

I will never share, rent, or sell your information to anyone. Cancel anytime.

This blog post first appeared on Anil John | Blog ( The opinions expressed here are my own and do not represent my employer’s view in any way.

By on |

Continue The Conversation ...

I would love to know your thoughts on this blog post. Please leave a comment below!

I am a digital security coach. I help technical leaders make digital services secure and trustworthy. Learn more »

Free Updates

I will never share, rent, or sell your information to anyone