User Consent in the Age of Attributes - Part 2

In a previous blog post on user consent, I had created a mock-up of a consent UI as a thought exercise.  But I’ve always been on the lookout for what has been shown to work effectively in an operational setting. In this blog post, I wanted to highlight the consent dialog that is in production use by the WAYF federation hub

As I mentioned in my previous blog post, WAYF made the decision to implement a centralized consent service that does not store PII. David Simonsen, with the WAYF Secretariat, has a video highlighting their “informed consent” capability (think opt-in + adequate notice) that they have put in place and the rationale behind it.

A UI mockup of their consent dialog is:

What I really appreciate about this is that the simplicity of the UI is a result of several years of discussion and development with both usability and privacy experts, fine tuned with operational feedback from IDPs, SPs and end users.

I would be interested in how other federation hubs/brokers have implemented consent and the lessons learned (technical, UI and UX) from that experience.

UPDATE (2/6/13): WAYF has released a white paper on their implementation of consent dialogues and consent management system (PDF)

RELATED INFO

• How WAYF implements informed consent for attribute release without storing PII
• White paper on consent dialogues and management system implemented by WAYF (PDF)
• User Consent in the Age of Attributes
• WAYF - Consent
• Fair Information Practice Principles (FIPPs)