Hi,
We have started evaluating effort on providing a UI in Identity Server
dashboard for consent management and came acrossr followings.
*GET /consents*
- Need to return user friendly "Service Name" and "Service Description"
- *purpose* object need *purposeId*.
- *piiCategory* object should contain *piiCategoryId* and
*piiCategoryName*. remove duplicated *piiCategory.*
- Sample response is suggested as below.
-
...
"purposes": [
{
"purpose": "string", *"purposeId": "string",*
"purposeCategory": [
"string"
],
"consentType": "string",
"piiCategory": [
{
"piiCategoryName": "string",
"piiCategoryId": "string",
"validity": "string"
}
],
...
-
Also I have observed that *piiCategory* is refered as *piiCategory* and
*piiCategories* in different API responses. Is it the intended naming?
Thanks!
-Ayesha
On Thu, Feb 1, 2018 at 6:27 PM, Darshana Gunawardana <[email protected]>
wrote:
> On Thu, Feb 1, 2018 at 6:18 PM, Omindu Rathnaweera <[email protected]>
> wrote:
>
>> Hi Darshana,
>>
>> On Thu, Feb 1, 2018 at 5:42 PM, Darshana Gunawardana <[email protected]>
>> wrote:
>>
>>>
>>> On Thu, Feb 1, 2018 at 5:13 PM, Isura Karunaratne <[email protected]>
>>> wrote:
>>>
>>>> Hi Darshana,
>>>>
>>>> On Thu, Feb 1, 2018 at 3:39 PM, Darshana Gunawardana <[email protected]
>>>> > wrote:
>>>>
>>>>> Hi Isura,
>>>>>
>>>>> How these concents are handled with state changes of related entities?
>>>>>
>>>>> For example,
>>>>> > user delete
>>>>> > sp delete
>>>>>
>>>>> This should be handled through a user operation event listener or
>>>> event handler.
>>>>
>>>
>>> Yes. So are we going to have relavent implementations with this feature?
>>>
>>
>> As the API is not specific to a product these scenarios should be handled
>> as a part of integrating the feature to the product. We will handle these
>> cases during the integration effort for product IS.
>>
>
> That makes sense.. +1 for the approach.
>
>>
>>
>>>
>>> Can there be any other cases similar to above?
>>>
>>
>> Apart from the above scenarios, user store removal and tenant
>> deactivation are 2 such cases. However, revoking consents for tenant
>> deactivation is something we have to think a bit more as we can reactivate
>> the tenants and once that it done, the consents will no longer be active.
>>
>>>
>>> Thanks,
>>>
>>>> Isura.
>>>>
>>>>>
>>>>> Thanks,
>>>>>
>>>>> On Wed, Jan 10, 2018 at 1:58 PM, Isura Karunaratne <[email protected]>
>>>>> wrote:
>>>>>
>>>>>> On Wed, Jan 10, 2018 at 12:44 PM, Godwin Shrimal <[email protected]>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Isuru,
>>>>>>>
>>>>>>> Please see below few suggestions.
>>>>>>>
>>>>>>> 1. API name of the Purpose Category (/pcategories) is not readable.
>>>>>>> Why don't we use it as */**purpose-categories* ?
>>>>>>> 2. What is /*category*/{purposeCategoryId} API ? It shows API name
>>>>>>> as /*category. *I think it should be renamed as below (According to
>>>>>>> the suggestion in #1)
>>>>>>> /*purpose-categories*/{purposeCategoryId}
>>>>>>>
>>>>>>> 3. Change API /piicategories as /*pii-categories* since pii and
>>>>>>> categories are two words.
>>>>>>> 4. Change API /piicategory/{piiCategoryId} as /*pii-categories*/{
>>>>>>> piiCategoryId}
>>>>>>>
>>>>>>
>>>>>> +1. Modified the definition according to the suggestions. [1]
>>>>>>
>>>>>> [1] https://app.swaggerhub.com/apis/consent/Approval-Consent/1.0.0
>>>>>>
>>>>>> Thanks
>>>>>> Isura.
>>>>>>
>>>>>>>
>>>>>>> Thanks
>>>>>>> Godwin
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Jan 10, 2018 at 1:54 PM, Isura Karunaratne <[email protected]>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi Malithi / all,
>>>>>>>>
>>>>>>>> The updated API definition can be found in [1].
>>>>>>>>
>>>>>>>> [1] https://app.swaggerhub.com/apis/consent/Approval-Consent/1.0.0
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>> Isura.
>>>>>>>>
>>>>>>>> On Tue, Jan 9, 2018 at 10:46 PM, Malithi Edirisinghe <
>>>>>>>> [email protected]> wrote:
>>>>>>>>
>>>>>>>>> Hi All,
>>>>>>>>>
>>>>>>>>> Noted below under revoke API definition
>>>>>>>>> /consents/user/{piiPrincipalId}/
>>>>>>>>>
>>>>>>>>> piiprincipalID seems to be a field of the consent object.
>>>>>>>>> Shouldn't this be a defined over a filter from piiPrincipalId
>>>>>>>>> attribute.
>>>>>>>>>
>>>>>>>>> Same applies to below I think.
>>>>>>>>> /consents/service/{serviceId}/
>>>>>>>>>
>>>>>>>>> Moreover, add consents returns the consent receipt right. Or
>>>>>>>>> receipt is an embedded resource of the consent ? Is there a specific
>>>>>>>>> reason
>>>>>>>>> to specifically mention the receipt as a separate resource when
>>>>>>>>> retrieving
>>>>>>>>> and revoking
>>>>>>>>> /consents/receipt/{receiptId}
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Malithi
>>>>>>>>>
>>>>>>>>> On Tue, Jan 9, 2018 at 4:57 PM, Rushmin Fernando <[email protected]
>>>>>>>>> > wrote:
>>>>>>>>>
>>>>>>>>>> IMO we are exposing the internal implementation here.
>>>>>>>>>>
>>>>>>>>>> The reason why we use PUT is, the record is being updated with
>>>>>>>>>> the new state.
>>>>>>>>>>
>>>>>>>>>> But from the API users POV the consent is revoked and it doesn't
>>>>>>>>>> exist anymore.
>>>>>>>>>>
>>>>>>>>>> So I believe that we should go with DELETE.
>>>>>>>>>>
>>>>>>>>>> [1] and [2] are some examples.
>>>>>>>>>>
>>>>>>>>>> [1] - https://developer.github.com/v3/oauth_authorizations/#
>>>>>>>>>> revoke-a-grant-for-an-application
>>>>>>>>>>
>>>>>>>>>> [2] - https://developers.facebook.com/docs/facebook-login/
>>>>>>>>>> permissions/requesting-and-revoking
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Tue, Jan 9, 2018 at 2:23 PM, Godwin Shrimal <[email protected]>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>>> Agree with Ruwan. Since we are updating an existing resource
>>>>>>>>>>> here, +1 to use PUT.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Thanks
>>>>>>>>>>> Godwin
>>>>>>>>>>>
>>>>>>>>>>> On Tue, Jan 9, 2018 at 3:31 PM, Ruwan Abeykoon <[email protected]>
>>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Tue, Jan 9, 2018 at 1:58 PM, Ishara Karunarathna <
>>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> HI,
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Tue, Jan 9, 2018 at 1:51 PM, Omindu Rathnaweera <
>>>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hi Ishara/Ruwan/Godwin,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> The revoke operation is an UPDATE in a DB level (changes the
>>>>>>>>>>>>>> state of the consent from APPROVED to REVOKED). We used a POST
>>>>>>>>>>>>>> for consent
>>>>>>>>>>>>>> revocation following the convention we have in oauth token
>>>>>>>>>>>>>> revoke spec [1].
>>>>>>>>>>>>>> Would it still make sense to have a DELETE for the revoke
>>>>>>>>>>>>>> operation ?
>>>>>>>>>>>>>>
>>>>>>>>>>>>> In this case you can't use DELETE operation since it does not
>>>>>>>>>>>>> delete the resource. Here you can use POST to revoke endpoint.
>>>>>>>>>>>>>
>>>>>>>>>>>> +1
>>>>>>>>>>>>
>>>>>>>>>>>> We can not use
>>>>>>>>>>>> POST /consents/{consentReceiptId}/revoke
>>>>>>>>>>>>
>>>>>>>>>>>> It should be
>>>>>>>>>>>> PUT with delta.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> -Ishara
>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> [1] - https://tools.ietf.org/html/rfc7009
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Tue, Jan 9, 2018 at 1:44 PM, Godwin Shrimal <
>>>>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hi Ruwan,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> AFAIU this is not deleting the consent but revoking
>>>>>>>>>>>>>>> (changing state as revoke). So it would be
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> POST /consents/{consentReceiptId}/revoke
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>> Godwin
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Tue, Jan 9, 2018 at 3:05 PM, Ruwan Abeykoon <
>>>>>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Hi all,
>>>>>>>>>>>>>>>> If we follow the REST, it would be
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> DELETE /consents/{consentReceiptId}
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Cheers,
>>>>>>>>>>>>>>>> Ruwan
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Tue, Jan 9, 2018 at 12:34 PM, Godwin Shrimal <
>>>>>>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Thanks for the response Isura. I am not clear about the
>>>>>>>>>>>>>>>>> filtering you mentioned above. Can you please explain it
>>>>>>>>>>>>>>>>> using an example?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> If you are planning to have an API to revoke the whole
>>>>>>>>>>>>>>>>> consent at once. API should be as follows. Right?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> /consents/{consentReceiptId}/revoke
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>>>> Godwin
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> On Tue, Jan 9, 2018 at 1:52 PM, Isura Karunaratne <
>>>>>>>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Hi Godwin,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> On Tue, Jan 9, 2018 at 10:45 AM, Godwin Shrimal <
>>>>>>>>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Hi Isuru,
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Can't we use consentId to remove the consent without
>>>>>>>>>>>>>>>>>>> sending a request payload like below?
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> /consents/{consentid}/revoke
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> In real use-cases, we need to filter user consents based
>>>>>>>>>>>>>>>>>> on following parameters and then needs to be revoked.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> - piiPrincipalId
>>>>>>>>>>>>>>>>>> - piiCategory
>>>>>>>>>>>>>>>>>> - tenantDomain
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> However, it will be better to have an API to revoke the
>>>>>>>>>>>>>>>>>> whole consent at once. So, we will add a revoke API as
>>>>>>>>>>>>>>>>>> follows,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> /consents/revoke/{consentReceiptId}
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>>>>> Isura.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>>>>>> Godwin
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> On Mon, Jan 8, 2018 at 8:57 PM, Isura Karunaratne <
>>>>>>>>>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Hi all,
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Consent Management is an import aspect for GDPR
>>>>>>>>>>>>>>>>>>>> compliancy and it will be a major feature of IS 5.5.0.
>>>>>>>>>>>>>>>>>>>> Following is the API
>>>>>>>>>>>>>>>>>>>> definitions of consent management APIs for IS 5.5.0 [1].
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> The API is designed to support following operations and
>>>>>>>>>>>>>>>>>>>> the consent receipt structure is defined based on the
>>>>>>>>>>>>>>>>>>>> consent
>>>>>>>>>>>>>>>>>>>> receipt specification [2].
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> - Add Consent
>>>>>>>>>>>>>>>>>>>> - Search/List consents
>>>>>>>>>>>>>>>>>>>> - Get Consent
>>>>>>>>>>>>>>>>>>>> - Revoke Consent
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> *These APIs will be secured through generic
>>>>>>>>>>>>>>>>>>>> Authentication and Authorization valve described in [3].*
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Following is a sample ConsentReceipt based on the
>>>>>>>>>>>>>>>>>>>> specification. According to the spec, the receipt is
>>>>>>>>>>>>>>>>>>>> generated with one or
>>>>>>>>>>>>>>>>>>>> more piiCategory. (Personally Identifiable Information
>>>>>>>>>>>>>>>>>>>> Category). In
>>>>>>>>>>>>>>>>>>>> Identity Server perspective, one piiCategory may contain
>>>>>>>>>>>>>>>>>>>> one or more user
>>>>>>>>>>>>>>>>>>>> attributes. So, we have to implement a way to map
>>>>>>>>>>>>>>>>>>>> attributes to
>>>>>>>>>>>>>>>>>>>> piiCategory. (Through a rest API)
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> {
>>>>>>>>>>>>>>>>>>>> "version": "KI-CR-v1.1.0",
>>>>>>>>>>>>>>>>>>>> "jurisdiction": "DW",
>>>>>>>>>>>>>>>>>>>> "consentTimestamp": 1510592400,
>>>>>>>>>>>>>>>>>>>> "collectionMethod": "Web Subscription Form with opt-in
>>>>>>>>>>>>>>>>>>>> for marketing",
>>>>>>>>>>>>>>>>>>>> "consentReceiptID":
>>>>>>>>>>>>>>>>>>>> "c1befd3e-b7e5-4ea6-8688-e9a565aade21",
>>>>>>>>>>>>>>>>>>>> "publicKey":
>>>>>>>>>>>>>>>>>>>> "04:a3:1d:40:53:f0:4b:f1:f9:1b:b2:3a:83:a9:d1:\r\n40:02:cc:
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> 31:b6:4a:77:bf:5e:a0:db:4f:ea:d2:07:\r\nc4:23:57:6f:83:2c:3d:3e:
>>>>>>>>>>>>>>>>>>>> 8d:e7:02:71:60:54:01:\r\nf4:6a:fb:a2:1e:8b:42:53:33:78:68:d9:7d:
>>>>>>>>>>>>>>>>>>>> 5e:b2:\r\ncc:0b:f8:a1:bf",
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "language": "en",
>>>>>>>>>>>>>>>>>>>> "piiPrincipalId": "Bowden Jeffries",
>>>>>>>>>>>>>>>>>>>> "piiControllers": [
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> {
>>>>>>>>>>>>>>>>>>>> "piiController": "Ankh-Morpork Times",
>>>>>>>>>>>>>>>>>>>> "contact": "William De Worde",
>>>>>>>>>>>>>>>>>>>> "address": {
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "streetAddress": "Gleam Street",
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "addressCountry": "DW"
>>>>>>>>>>>>>>>>>>>> },
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "email": "[email protected]",
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "phone": "(555) 555-DISC (3429)"
>>>>>>>>>>>>>>>>>>>> }
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> ],
>>>>>>>>>>>>>>>>>>>> "policyUrl":
>>>>>>>>>>>>>>>>>>>> "https://times.ankh-morpork.xzy/privacy_2017";,
>>>>>>>>>>>>>>>>>>>> "services": [
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> {
>>>>>>>>>>>>>>>>>>>> "service": "Digital Subscription and News Alerts",
>>>>>>>>>>>>>>>>>>>> "purposes": [
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> {
>>>>>>>>>>>>>>>>>>>> "purpose": "To provide contracted services",
>>>>>>>>>>>>>>>>>>>> "purposeCategory": [
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "2 - Contracted Service"
>>>>>>>>>>>>>>>>>>>> ],
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "consentType": "EXPLICIT",
>>>>>>>>>>>>>>>>>>>> "piiCategory": [
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "1 - Biographical",
>>>>>>>>>>>>>>>>>>>> "2 - Contact",
>>>>>>>>>>>>>>>>>>>> "4 - Communications/Social",
>>>>>>>>>>>>>>>>>>>> "7 - Financial"
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> ],
>>>>>>>>>>>>>>>>>>>> "primaryPurpose": true,
>>>>>>>>>>>>>>>>>>>> "termination": "Subscription end date + 1 year",
>>>>>>>>>>>>>>>>>>>> "thirdPartyDisclosure": true,
>>>>>>>>>>>>>>>>>>>> "thirdPartyName": "The Ankh-morpork Deadbeat
>>>>>>>>>>>>>>>>>>>> Debt Collectors
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Society" },
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> {
>>>>>>>>>>>>>>>>>>>> "purpose": "To personalize service experience",
>>>>>>>>>>>>>>>>>>>> "purposeCategory": [
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "5 - Personalize Experience"
>>>>>>>>>>>>>>>>>>>> ],
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "consentType": "EXPLICIT",
>>>>>>>>>>>>>>>>>>>> "piiCategory": [
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "1 - Biographical",
>>>>>>>>>>>>>>>>>>>> "2 - Contact",
>>>>>>>>>>>>>>>>>>>> "4 - Communications/Social"
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> ],
>>>>>>>>>>>>>>>>>>>> "primaryPurpose": false,
>>>>>>>>>>>>>>>>>>>> "termination": "Subscription end date + 1 year",
>>>>>>>>>>>>>>>>>>>> "thirdPartyDisclosure": false
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> }, {
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "purpose": "To market services",
>>>>>>>>>>>>>>>>>>>> "purposeCategory": [
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "6 - Marketing"
>>>>>>>>>>>>>>>>>>>> ],
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "consentType": "EXPLICIT",
>>>>>>>>>>>>>>>>>>>> "piiCategory": [
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "2 - Contact"
>>>>>>>>>>>>>>>>>>>> ],
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "primaryPurpose": false,
>>>>>>>>>>>>>>>>>>>> "termination": "Subscription end date + 1 year",
>>>>>>>>>>>>>>>>>>>> "thirdPartyDisclosure": false,
>>>>>>>>>>>>>>>>>>>> "thirdPartyName": "DiscWorld Octarine Programmatic Ad
>>>>>>>>>>>>>>>>>>>> Agency"
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> }, {
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "purpose": "Complying with legal obligations",
>>>>>>>>>>>>>>>>>>>> "purposeCategory": [
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "12 - Legally Required Data Retention",
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "13 - Required by Law Enforcement or Government"
>>>>>>>>>>>>>>>>>>>> ],
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "consentType": "N/A",
>>>>>>>>>>>>>>>>>>>> "piiCategory": [
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "1 - Biographical",
>>>>>>>>>>>>>>>>>>>> "2 - Contact",
>>>>>>>>>>>>>>>>>>>> "4 - Communications/Social",
>>>>>>>>>>>>>>>>>>>> "7 - Financial"
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> ],
>>>>>>>>>>>>>>>>>>>> "primaryPurpose": false,
>>>>>>>>>>>>>>>>>>>> "termination": "N/A",
>>>>>>>>>>>>>>>>>>>> "thirdPartyDisclosure": true,
>>>>>>>>>>>>>>>>>>>> "thirdPartyName": "Requesting legal authority"
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> } ]
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> } ],
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "sensitive": true,
>>>>>>>>>>>>>>>>>>>> "spiCat": [
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "1 - Biographical",
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> "7 - Financial"
>>>>>>>>>>>>>>>>>>>> ]
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> }
>>>>>>>>>>>>>>>>>>>> *One of the concerns we have is, whether the PII
>>>>>>>>>>>>>>>>>>>> controller values should be treated per SP, Tenant or
>>>>>>>>>>>>>>>>>>>> Globally?*
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> PII controller definition is as follows,
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> *PII Controller*
>>>>>>>>>>>>>>>>>>>>> *Name of the first PII(Personally Identifiable
>>>>>>>>>>>>>>>>>>>>> Information) Controller who collects the data. This
>>>>>>>>>>>>>>>>>>>>> entity is accountable
>>>>>>>>>>>>>>>>>>>>> for compliance with the management of PII. The PII
>>>>>>>>>>>>>>>>>>>>> Controller determines
>>>>>>>>>>>>>>>>>>>>> the purpose(s) and type(s) of PII processing. There may
>>>>>>>>>>>>>>>>>>>>> be more than one
>>>>>>>>>>>>>>>>>>>>> PII Controller for the same set(s) of operations
>>>>>>>>>>>>>>>>>>>>> performed on the PII, in
>>>>>>>>>>>>>>>>>>>>> which case the different PII Controllers SHOULD be
>>>>>>>>>>>>>>>>>>>>> listed. For Sensitive
>>>>>>>>>>>>>>>>>>>>> PII, the PII Controller MUST be specified with legally
>>>>>>>>>>>>>>>>>>>>> required explicit
>>>>>>>>>>>>>>>>>>>>> notice to the PII Principal. This field MUST contain a
>>>>>>>>>>>>>>>>>>>>> non-empty string.*
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Your inputs are highly appreciated.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>>>>>>> Isura.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> [1] https://app.swaggerhub.com/
>>>>>>>>>>>>>>>>>>>> apis/consent/Approval-Consent/1.0.0
>>>>>>>>>>>>>>>>>>>> [2] https://kantarainitiative.org/confluence/download/
>>>>>>>>>>>>>>>>>>>> attachments/76447870/Consent%
>>>>>>>>>>>>>>>>>>>> 20Receipt%20Specification%201_
>>>>>>>>>>>>>>>>>>>> 1_0%20DRAFT%207%20clean.docx?
>>>>>>>>>>>>>>>>>>>> version=2&modificationDate=1511391031000&api=v2
>>>>>>>>>>>>>>>>>>>> [3] "[Architecture] Authentication and Authorization
>>>>>>>>>>>>>>>>>>>> for Rest APIs in Carbon Products"
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> *Isura Dilhara Karunaratne*
>>>>>>>>>>>>>>>>>>>> Associate Technical Lead | WSO2
>>>>>>>>>>>>>>>>>>>> Email: [email protected]
>>>>>>>>>>>>>>>>>>>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>>>>>>>>>>>>>>>>>>>> Blog : http://isurad.blogspot.com/
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>>> *Godwin Amila Shrimal*
>>>>>>>>>>>>>>>>>>> Associate Technical Lead
>>>>>>>>>>>>>>>>>>> WSO2 Inc.; http://wso2.com
>>>>>>>>>>>>>>>>>>> lean.enterprise.middleware
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> mobile: *+94772264165*
>>>>>>>>>>>>>>>>>>> linkedin:
>>>>>>>>>>>>>>>>>>> *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>>>>>>>>>>>>>>>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>>>>>>>>>>>>>>>>>> twitter: https://twitter.com/godwinamila
>>>>>>>>>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> *Isura Dilhara Karunaratne*
>>>>>>>>>>>>>>>>>> Associate Technical Lead | WSO2
>>>>>>>>>>>>>>>>>> Email: [email protected]
>>>>>>>>>>>>>>>>>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>>>>>>>>>>>>>>>>>> Blog : http://isurad.blogspot.com/
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>> *Godwin Amila Shrimal*
>>>>>>>>>>>>>>>>> Associate Technical Lead
>>>>>>>>>>>>>>>>> WSO2 Inc.; http://wso2.com
>>>>>>>>>>>>>>>>> lean.enterprise.middleware
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> mobile: *+94772264165*
>>>>>>>>>>>>>>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>>>>>>>>>>>>>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>>>>>>>>>>>>>>>> twitter: https://twitter.com/godwinamila
>>>>>>>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>>>> Dev mailing list
>>>>>>>>>>>>>>>>> [email protected]
>>>>>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> *Ruwan Abeykoon*
>>>>>>>>>>>>>>>> *Associate Director/Architect**,*
>>>>>>>>>>>>>>>> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> *
>>>>>>>>>>>>>>>> *lean.enterprise.middleware.*
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>> *Godwin Amila Shrimal*
>>>>>>>>>>>>>>> Associate Technical Lead
>>>>>>>>>>>>>>> WSO2 Inc.; http://wso2.com
>>>>>>>>>>>>>>> lean.enterprise.middleware
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> mobile: *+94772264165*
>>>>>>>>>>>>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>>>>>>>>>>>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>>>>>>>>>>>>>> twitter: https://twitter.com/godwinamila
>>>>>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>> Dev mailing list
>>>>>>>>>>>>>>> [email protected]
>>>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> Omindu Rathnaweera
>>>>>>>>>>>>>> Senior Software Engineer, WSO2 Inc.
>>>>>>>>>>>>>> Mobile: +94 771 197 211 <+94%2077%20119%207211>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>> Dev mailing list
>>>>>>>>>>>>>> [email protected]
>>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Ishara Karunarathna
>>>>>>>>>>>>> Technical Lead
>>>>>>>>>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com
>>>>>>>>>>>>>
>>>>>>>>>>>>> email: [email protected], blog: isharaaruna.blogspot.com,
>>>>>>>>>>>>> mobile: +94717996791 <+94%2071%20799%206791>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>> Architecture mailing list
>>>>>>>>>>>>> [email protected]
>>>>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>>
>>>>>>>>>>>> *Ruwan Abeykoon*
>>>>>>>>>>>> *Associate Director/Architect**,*
>>>>>>>>>>>> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> *
>>>>>>>>>>>> *lean.enterprise.middleware.*
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> Architecture mailing list
>>>>>>>>>>>> [email protected]
>>>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> *Godwin Amila Shrimal*
>>>>>>>>>>> Associate Technical Lead
>>>>>>>>>>> WSO2 Inc.; http://wso2.com
>>>>>>>>>>> lean.enterprise.middleware
>>>>>>>>>>>
>>>>>>>>>>> mobile: *+94772264165*
>>>>>>>>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>>>>>>>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>>>>>>>>>> twitter: https://twitter.com/godwinamila
>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> Architecture mailing list
>>>>>>>>>>> [email protected]
>>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> *Best Regards*
>>>>>>>>>>
>>>>>>>>>> *Rushmin Fernando*
>>>>>>>>>> *Technical Lead*
>>>>>>>>>>
>>>>>>>>>> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware
>>>>>>>>>>
>>>>>>>>>> mobile : +94775615183
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Dev mailing list
>>>>>>>>>> [email protected]
>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> *Malithi Edirisinghe*
>>>>>>>>> Associate Technical Lead
>>>>>>>>> WSO2 Inc.
>>>>>>>>>
>>>>>>>>> Mobile : +94 (0) 718176807
>>>>>>>>> [email protected]
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Dev mailing list
>>>>>>>>> [email protected]
>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>> *Isura Dilhara Karunaratne*
>>>>>>>> Associate Technical Lead | WSO2
>>>>>>>> Email: [email protected]
>>>>>>>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>>>>>>>> Blog : http://isurad.blogspot.com/
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Architecture mailing list
>>>>>>>> [email protected]
>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> *Godwin Amila Shrimal*
>>>>>>> Associate Technical Lead
>>>>>>> WSO2 Inc.; http://wso2.com
>>>>>>> lean.enterprise.middleware
>>>>>>>
>>>>>>> mobile: *+94772264165*
>>>>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>>>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>>>>>> twitter: https://twitter.com/godwinamila
>>>>>>> <http://wso2.com/signature>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Architecture mailing list
>>>>>>> [email protected]
>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> *Isura Dilhara Karunaratne*
>>>>>> Associate Technical Lead | WSO2
>>>>>> Email: [email protected]
>>>>>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>>>>>> Blog : http://isurad.blogspot.com/
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Dev mailing list
>>>>>> [email protected]
>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>
>>>>> --
>>>>> Regards,
>>>>>
>>>>>
>>>>> *Darshana Gunawardana*Technical Lead
>>>>> WSO2 Inc.; http://wso2.com
>>>>>
>>>>> *E-mail: [email protected] <[email protected]>*
>>>>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
>>>>> Middleware
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> *Isura Dilhara Karunaratne*
>>>> Associate Technical Lead | WSO2
>>>> Email: [email protected]
>>>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>>>> Blog : http://isurad.blogspot.com/
>>>>
>>>>
>>>>
>>>> --
>>> Regards,
>>>
>>>
>>> *Darshana Gunawardana*Technical Lead
>>> WSO2 Inc.; http://wso2.com
>>>
>>> *E-mail: [email protected] <[email protected]>*
>>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
>>> Middleware
>>>
>>> _______________________________________________
>>> Architecture mailing list
>>> [email protected]
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>> Regards,
>> Omindu.
>>
>>
>> --
>> Omindu Rathnaweera
>> Senior Software Engineer, WSO2 Inc.
>> Mobile: +94 771 197 211 <+94%2077%20119%207211>
>>
> --
> Regards,
>
>
> *Darshana Gunawardana*Technical Lead
> WSO2 Inc.; http://wso2.com
>
> *E-mail: [email protected] <[email protected]>*
> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
> Middleware
>
> _______________________________________________
> Dev mailing list
> [email protected]
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
*Ayesha Dissanayaka*
Senior Software Engineer,
WSO2, Inc : http://wso2.com
<http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg>
20, Palm grove Avenue, Colombo 3
E-Mail: [email protected] <[email protected]>
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
