On Thu, Feb 1, 2018 at 7:21 PM, Ayesha Dissanayaka <[email protected]> wrote:
>
> Hi,
>
> We have started evaluating effort on providing a UI in Identity Server
> dashboard for consent management and came acrossr followings.
>
> *GET /consents*
>
> - Need to return user friendly "Service Name" and "Service Description"
> - *purpose* object need *purposeId*.
> - *piiCategory* object should contain *piiCategoryId* and
> *piiCategoryName*. remove duplicated *piiCategory.*
> - Sample response is suggested as below.
>
>
Will incorporate these changes.
>
> -
>
>
> ...
> "purposes": [
> {
> "purpose": "string", *"purposeId": "string",*
> "purposeCategory": [
> "string"
> ],
> "consentType": "string",
> "piiCategory": [
> {
> "piiCategoryName": "string",
> "piiCategoryId": "string",
> "validity": "string"
> }
> ],
> ...
>
> -
>
> Also I have observed that *piiCategory* is refered as *piiCategory* and
> *piiCategories* in different API responses. Is it the intended naming?
>
Since it is a list, it should be reffered as piiCategeries, but we
used *piiCategory in
consent receipt *to comply with the spec.
Thanks
Isura.
>
> Thanks!
> -Ayesha
>
>
> On Thu, Feb 1, 2018 at 6:27 PM, Darshana Gunawardana <[email protected]>
> wrote:
>
>> On Thu, Feb 1, 2018 at 6:18 PM, Omindu Rathnaweera <[email protected]>
>> wrote:
>>
>>> Hi Darshana,
>>>
>>> On Thu, Feb 1, 2018 at 5:42 PM, Darshana Gunawardana <[email protected]>
>>> wrote:
>>>
>>>>
>>>> On Thu, Feb 1, 2018 at 5:13 PM, Isura Karunaratne <[email protected]>
>>>> wrote:
>>>>
>>>>> Hi Darshana,
>>>>>
>>>>> On Thu, Feb 1, 2018 at 3:39 PM, Darshana Gunawardana <
>>>>> [email protected]> wrote:
>>>>>
>>>>>> Hi Isura,
>>>>>>
>>>>>> How these concents are handled with state changes of related entities?
>>>>>>
>>>>>> For example,
>>>>>> > user delete
>>>>>> > sp delete
>>>>>>
>>>>>> This should be handled through a user operation event listener or
>>>>> event handler.
>>>>>
>>>>
>>>> Yes. So are we going to have relavent implementations with this feature?
>>>>
>>>
>>> As the API is not specific to a product these scenarios should be
>>> handled as a part of integrating the feature to the product. We will
>>> handle these cases during the integration effort for product IS.
>>>
>>
>> That makes sense.. +1 for the approach.
>>
>>>
>>>
>>>>
>>>> Can there be any other cases similar to above?
>>>>
>>>
>>> Apart from the above scenarios, user store removal and tenant
>>> deactivation are 2 such cases. However, revoking consents for tenant
>>> deactivation is something we have to think a bit more as we can reactivate
>>> the tenants and once that it done, the consents will no longer be active.
>>>
>>>>
>>>> Thanks,
>>>>
>>>>> Isura.
>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> On Wed, Jan 10, 2018 at 1:58 PM, Isura Karunaratne <[email protected]>
>>>>>> wrote:
>>>>>>
>>>>>>> On Wed, Jan 10, 2018 at 12:44 PM, Godwin Shrimal <[email protected]>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi Isuru,
>>>>>>>>
>>>>>>>> Please see below few suggestions.
>>>>>>>>
>>>>>>>> 1. API name of the Purpose Category (/pcategories) is not readable.
>>>>>>>> Why don't we use it as */**purpose-categories* ?
>>>>>>>> 2. What is /*category*/{purposeCategoryId} API ? It shows API
>>>>>>>> name as /*category. *I think it should be renamed as below
>>>>>>>> (According to the suggestion in #1)
>>>>>>>> /*purpose-categories*/{purposeCategoryId}
>>>>>>>>
>>>>>>>> 3. Change API /piicategories as /*pii-categories* since pii and
>>>>>>>> categories are two words.
>>>>>>>> 4. Change API /piicategory/{piiCategoryId} as /*pii-categories*
>>>>>>>> /{piiCategoryId}
>>>>>>>>
>>>>>>>
>>>>>>> +1. Modified the definition according to the suggestions. [1]
>>>>>>>
>>>>>>> [1] https://app.swaggerhub.com/apis/consent/Approval-Consent/1.0.0
>>>>>>>
>>>>>>> Thanks
>>>>>>> Isura.
>>>>>>>
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>> Godwin
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Jan 10, 2018 at 1:54 PM, Isura Karunaratne <[email protected]>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Hi Malithi / all,
>>>>>>>>>
>>>>>>>>> The updated API definition can be found in [1].
>>>>>>>>>
>>>>>>>>> [1] https://app.swaggerhub.com/apis/consent/Approval-Consent/1.0.0
>>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>> Isura.
>>>>>>>>>
>>>>>>>>> On Tue, Jan 9, 2018 at 10:46 PM, Malithi Edirisinghe <
>>>>>>>>> [email protected]> wrote:
>>>>>>>>>
>>>>>>>>>> Hi All,
>>>>>>>>>>
>>>>>>>>>> Noted below under revoke API definition
>>>>>>>>>> /consents/user/{piiPrincipalId}/
>>>>>>>>>>
>>>>>>>>>> piiprincipalID seems to be a field of the consent object.
>>>>>>>>>> Shouldn't this be a defined over a filter from piiPrincipalId
>>>>>>>>>> attribute.
>>>>>>>>>>
>>>>>>>>>> Same applies to below I think.
>>>>>>>>>> /consents/service/{serviceId}/
>>>>>>>>>>
>>>>>>>>>> Moreover, add consents returns the consent receipt right. Or
>>>>>>>>>> receipt is an embedded resource of the consent ? Is there a specific
>>>>>>>>>> reason
>>>>>>>>>> to specifically mention the receipt as a separate resource when
>>>>>>>>>> retrieving
>>>>>>>>>> and revoking
>>>>>>>>>> /consents/receipt/{receiptId}
>>>>>>>>>>
>>>>>>>>>> Thanks,
>>>>>>>>>> Malithi
>>>>>>>>>>
>>>>>>>>>> On Tue, Jan 9, 2018 at 4:57 PM, Rushmin Fernando <
>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>
>>>>>>>>>>> IMO we are exposing the internal implementation here.
>>>>>>>>>>>
>>>>>>>>>>> The reason why we use PUT is, the record is being updated with
>>>>>>>>>>> the new state.
>>>>>>>>>>>
>>>>>>>>>>> But from the API users POV the consent is revoked and it doesn't
>>>>>>>>>>> exist anymore.
>>>>>>>>>>>
>>>>>>>>>>> So I believe that we should go with DELETE.
>>>>>>>>>>>
>>>>>>>>>>> [1] and [2] are some examples.
>>>>>>>>>>>
>>>>>>>>>>> [1] - https://developer.github.com/v3/oauth_authorizations/#revo
>>>>>>>>>>> ke-a-grant-for-an-application
>>>>>>>>>>>
>>>>>>>>>>> [2] - https://developers.facebook.com/docs/facebook-login/permis
>>>>>>>>>>> sions/requesting-and-revoking
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Tue, Jan 9, 2018 at 2:23 PM, Godwin Shrimal <[email protected]>
>>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Agree with Ruwan. Since we are updating an existing resource
>>>>>>>>>>>> here, +1 to use PUT.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks
>>>>>>>>>>>> Godwin
>>>>>>>>>>>>
>>>>>>>>>>>> On Tue, Jan 9, 2018 at 3:31 PM, Ruwan Abeykoon <[email protected]
>>>>>>>>>>>> > wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Tue, Jan 9, 2018 at 1:58 PM, Ishara Karunarathna <
>>>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> HI,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Tue, Jan 9, 2018 at 1:51 PM, Omindu Rathnaweera <
>>>>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hi Ishara/Ruwan/Godwin,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> The revoke operation is an UPDATE in a DB level (changes the
>>>>>>>>>>>>>>> state of the consent from APPROVED to REVOKED). We used a POST
>>>>>>>>>>>>>>> for consent
>>>>>>>>>>>>>>> revocation following the convention we have in oauth token
>>>>>>>>>>>>>>> revoke spec [1].
>>>>>>>>>>>>>>> Would it still make sense to have a DELETE for the revoke
>>>>>>>>>>>>>>> operation ?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> In this case you can't use DELETE operation since it does not
>>>>>>>>>>>>>> delete the resource. Here you can use POST to revoke endpoint.
>>>>>>>>>>>>>>
>>>>>>>>>>>>> +1
>>>>>>>>>>>>>
>>>>>>>>>>>>> We can not use
>>>>>>>>>>>>> POST /consents/{consentReceiptId}/revoke
>>>>>>>>>>>>>
>>>>>>>>>>>>> It should be
>>>>>>>>>>>>> PUT with delta.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>> -Ishara
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> [1] - https://tools.ietf.org/html/rfc7009
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Tue, Jan 9, 2018 at 1:44 PM, Godwin Shrimal <
>>>>>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Hi Ruwan,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> AFAIU this is not deleting the consent but revoking
>>>>>>>>>>>>>>>> (changing state as revoke). So it would be
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> POST /consents/{consentReceiptId}/revoke
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>>> Godwin
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Tue, Jan 9, 2018 at 3:05 PM, Ruwan Abeykoon <
>>>>>>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Hi all,
>>>>>>>>>>>>>>>>> If we follow the REST, it would be
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> DELETE /consents/{consentReceiptId}
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Cheers,
>>>>>>>>>>>>>>>>> Ruwan
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> On Tue, Jan 9, 2018 at 12:34 PM, Godwin Shrimal <
>>>>>>>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Thanks for the response Isura. I am not clear about the
>>>>>>>>>>>>>>>>>> filtering you mentioned above. Can you please explain it
>>>>>>>>>>>>>>>>>> using an example?
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> If you are planning to have an API to revoke the whole
>>>>>>>>>>>>>>>>>> consent at once. API should be as follows. Right?
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> /consents/{consentReceiptId}/revoke
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>>>>> Godwin
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> On Tue, Jan 9, 2018 at 1:52 PM, Isura Karunaratne <
>>>>>>>>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Hi Godwin,
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> On Tue, Jan 9, 2018 at 10:45 AM, Godwin Shrimal <
>>>>>>>>>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Hi Isuru,
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Can't we use consentId to remove the consent without
>>>>>>>>>>>>>>>>>>>> sending a request payload like below?
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> /consents/{consentid}/revoke
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> In real use-cases, we need to filter user consents based
>>>>>>>>>>>>>>>>>>> on following parameters and then needs to be revoked.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> - piiPrincipalId
>>>>>>>>>>>>>>>>>>> - piiCategory
>>>>>>>>>>>>>>>>>>> - tenantDomain
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> However, it will be better to have an API to revoke the
>>>>>>>>>>>>>>>>>>> whole consent at once. So, we will add a revoke API as
>>>>>>>>>>>>>>>>>>> follows,
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> /consents/revoke/{consentReceiptId}
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>>>>>> Isura.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>>>>>>> Godwin
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> On Mon, Jan 8, 2018 at 8:57 PM, Isura Karunaratne <
>>>>>>>>>>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Hi all,
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Consent Management is an import aspect for GDPR
>>>>>>>>>>>>>>>>>>>>> compliancy and it will be a major feature of IS 5.5.0.
>>>>>>>>>>>>>>>>>>>>> Following is the API
>>>>>>>>>>>>>>>>>>>>> definitions of consent management APIs for IS 5.5.0 [1].
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> The API is designed to support following operations
>>>>>>>>>>>>>>>>>>>>> and the consent receipt structure is defined based on the
>>>>>>>>>>>>>>>>>>>>> consent
>>>>>>>>>>>>>>>>>>>>> receipt specification [2].
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> - Add Consent
>>>>>>>>>>>>>>>>>>>>> - Search/List consents
>>>>>>>>>>>>>>>>>>>>> - Get Consent
>>>>>>>>>>>>>>>>>>>>> - Revoke Consent
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> *These APIs will be secured through generic
>>>>>>>>>>>>>>>>>>>>> Authentication and Authorization valve described in [3].*
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Following is a sample ConsentReceipt based on the
>>>>>>>>>>>>>>>>>>>>> specification. According to the spec, the receipt is
>>>>>>>>>>>>>>>>>>>>> generated with one or
>>>>>>>>>>>>>>>>>>>>> more piiCategory. (Personally Identifiable Information
>>>>>>>>>>>>>>>>>>>>> Category). In
>>>>>>>>>>>>>>>>>>>>> Identity Server perspective, one piiCategory may contain
>>>>>>>>>>>>>>>>>>>>> one or more user
>>>>>>>>>>>>>>>>>>>>> attributes. So, we have to implement a way to map
>>>>>>>>>>>>>>>>>>>>> attributes to
>>>>>>>>>>>>>>>>>>>>> piiCategory. (Through a rest API)
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> {
>>>>>>>>>>>>>>>>>>>>> "version": "KI-CR-v1.1.0",
>>>>>>>>>>>>>>>>>>>>> "jurisdiction": "DW",
>>>>>>>>>>>>>>>>>>>>> "consentTimestamp": 1510592400,
>>>>>>>>>>>>>>>>>>>>> "collectionMethod": "Web Subscription Form with opt-in
>>>>>>>>>>>>>>>>>>>>> for marketing",
>>>>>>>>>>>>>>>>>>>>> "consentReceiptID":
>>>>>>>>>>>>>>>>>>>>> "c1befd3e-b7e5-4ea6-8688-e9a565aade21",
>>>>>>>>>>>>>>>>>>>>> "publicKey":
>>>>>>>>>>>>>>>>>>>>> "04:a3:1d:40:53:f0:4b:f1:f9:1b:b2:3a:83:a9:d1:\r\n40:02:cc:
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> 31:b6:4a:77:bf:5e:a0:db:4f:ea:d2:07:\r\nc4:23:57:6f:83:2c:3d:3e:
>>>>>>>>>>>>>>>>>>>>> 8d:e7:02:71:60:54:01:\r\nf4:6a:fb:a2:1e:8b:42:53:33:78:68:d9:7d:
>>>>>>>>>>>>>>>>>>>>> 5e:b2:\r\ncc:0b:f8:a1:bf",
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "language": "en",
>>>>>>>>>>>>>>>>>>>>> "piiPrincipalId": "Bowden Jeffries",
>>>>>>>>>>>>>>>>>>>>> "piiControllers": [
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> {
>>>>>>>>>>>>>>>>>>>>> "piiController": "Ankh-Morpork Times",
>>>>>>>>>>>>>>>>>>>>> "contact": "William De Worde",
>>>>>>>>>>>>>>>>>>>>> "address": {
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "streetAddress": "Gleam Street",
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "addressCountry": "DW"
>>>>>>>>>>>>>>>>>>>>> },
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "email": "[email protected]",
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "phone": "(555) 555-DISC (3429)"
>>>>>>>>>>>>>>>>>>>>> }
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> ],
>>>>>>>>>>>>>>>>>>>>> "policyUrl":
>>>>>>>>>>>>>>>>>>>>> "https://times.ankh-morpork.xzy/privacy_2017";,
>>>>>>>>>>>>>>>>>>>>> "services": [
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> {
>>>>>>>>>>>>>>>>>>>>> "service": "Digital Subscription and News Alerts",
>>>>>>>>>>>>>>>>>>>>> "purposes": [
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> {
>>>>>>>>>>>>>>>>>>>>> "purpose": "To provide contracted services",
>>>>>>>>>>>>>>>>>>>>> "purposeCategory": [
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "2 - Contracted Service"
>>>>>>>>>>>>>>>>>>>>> ],
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "consentType": "EXPLICIT",
>>>>>>>>>>>>>>>>>>>>> "piiCategory": [
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "1 - Biographical",
>>>>>>>>>>>>>>>>>>>>> "2 - Contact",
>>>>>>>>>>>>>>>>>>>>> "4 - Communications/Social",
>>>>>>>>>>>>>>>>>>>>> "7 - Financial"
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> ],
>>>>>>>>>>>>>>>>>>>>> "primaryPurpose": true,
>>>>>>>>>>>>>>>>>>>>> "termination": "Subscription end date + 1 year",
>>>>>>>>>>>>>>>>>>>>> "thirdPartyDisclosure": true,
>>>>>>>>>>>>>>>>>>>>> "thirdPartyName": "The Ankh-morpork Deadbeat
>>>>>>>>>>>>>>>>>>>>> Debt Collectors
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Society" },
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> {
>>>>>>>>>>>>>>>>>>>>> "purpose": "To personalize service experience",
>>>>>>>>>>>>>>>>>>>>> "purposeCategory": [
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "5 - Personalize Experience"
>>>>>>>>>>>>>>>>>>>>> ],
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "consentType": "EXPLICIT",
>>>>>>>>>>>>>>>>>>>>> "piiCategory": [
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "1 - Biographical",
>>>>>>>>>>>>>>>>>>>>> "2 - Contact",
>>>>>>>>>>>>>>>>>>>>> "4 - Communications/Social"
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> ],
>>>>>>>>>>>>>>>>>>>>> "primaryPurpose": false,
>>>>>>>>>>>>>>>>>>>>> "termination": "Subscription end date + 1 year",
>>>>>>>>>>>>>>>>>>>>> "thirdPartyDisclosure": false
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> }, {
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "purpose": "To market services",
>>>>>>>>>>>>>>>>>>>>> "purposeCategory": [
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "6 - Marketing"
>>>>>>>>>>>>>>>>>>>>> ],
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "consentType": "EXPLICIT",
>>>>>>>>>>>>>>>>>>>>> "piiCategory": [
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "2 - Contact"
>>>>>>>>>>>>>>>>>>>>> ],
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "primaryPurpose": false,
>>>>>>>>>>>>>>>>>>>>> "termination": "Subscription end date + 1 year",
>>>>>>>>>>>>>>>>>>>>> "thirdPartyDisclosure": false,
>>>>>>>>>>>>>>>>>>>>> "thirdPartyName": "DiscWorld Octarine Programmatic Ad
>>>>>>>>>>>>>>>>>>>>> Agency"
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> }, {
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "purpose": "Complying with legal obligations",
>>>>>>>>>>>>>>>>>>>>> "purposeCategory": [
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "12 - Legally Required Data Retention",
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "13 - Required by Law Enforcement or Government"
>>>>>>>>>>>>>>>>>>>>> ],
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "consentType": "N/A",
>>>>>>>>>>>>>>>>>>>>> "piiCategory": [
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "1 - Biographical",
>>>>>>>>>>>>>>>>>>>>> "2 - Contact",
>>>>>>>>>>>>>>>>>>>>> "4 - Communications/Social",
>>>>>>>>>>>>>>>>>>>>> "7 - Financial"
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> ],
>>>>>>>>>>>>>>>>>>>>> "primaryPurpose": false,
>>>>>>>>>>>>>>>>>>>>> "termination": "N/A",
>>>>>>>>>>>>>>>>>>>>> "thirdPartyDisclosure": true,
>>>>>>>>>>>>>>>>>>>>> "thirdPartyName": "Requesting legal authority"
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> } ]
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> } ],
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "sensitive": true,
>>>>>>>>>>>>>>>>>>>>> "spiCat": [
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "1 - Biographical",
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> "7 - Financial"
>>>>>>>>>>>>>>>>>>>>> ]
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> }
>>>>>>>>>>>>>>>>>>>>> *One of the concerns we have is, whether the PII
>>>>>>>>>>>>>>>>>>>>> controller values should be treated per SP, Tenant or
>>>>>>>>>>>>>>>>>>>>> Globally?*
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> PII controller definition is as follows,
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> *PII Controller*
>>>>>>>>>>>>>>>>>>>>>> *Name of the first PII(Personally Identifiable
>>>>>>>>>>>>>>>>>>>>>> Information) Controller who collects the data. This
>>>>>>>>>>>>>>>>>>>>>> entity is accountable
>>>>>>>>>>>>>>>>>>>>>> for compliance with the management of PII. The PII
>>>>>>>>>>>>>>>>>>>>>> Controller determines
>>>>>>>>>>>>>>>>>>>>>> the purpose(s) and type(s) of PII processing. There may
>>>>>>>>>>>>>>>>>>>>>> be more than one
>>>>>>>>>>>>>>>>>>>>>> PII Controller for the same set(s) of operations
>>>>>>>>>>>>>>>>>>>>>> performed on the PII, in
>>>>>>>>>>>>>>>>>>>>>> which case the different PII Controllers SHOULD be
>>>>>>>>>>>>>>>>>>>>>> listed. For Sensitive
>>>>>>>>>>>>>>>>>>>>>> PII, the PII Controller MUST be specified with legally
>>>>>>>>>>>>>>>>>>>>>> required explicit
>>>>>>>>>>>>>>>>>>>>>> notice to the PII Principal. This field MUST contain a
>>>>>>>>>>>>>>>>>>>>>> non-empty string.*
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Your inputs are highly appreciated.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>>>>>>>> Isura.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> [1] https://app.swaggerhub.com/api
>>>>>>>>>>>>>>>>>>>>> s/consent/Approval-Consent/1.0.0
>>>>>>>>>>>>>>>>>>>>> [2] https://kantarainitiative.
>>>>>>>>>>>>>>>>>>>>> org/confluence/download/attach
>>>>>>>>>>>>>>>>>>>>> ments/76447870/Consent%20Recei
>>>>>>>>>>>>>>>>>>>>> pt%20Specification%201_1_0%20D
>>>>>>>>>>>>>>>>>>>>> RAFT%207%20clean.docx?version=
>>>>>>>>>>>>>>>>>>>>> 2&modificationDate=1511391031000&api=v2
>>>>>>>>>>>>>>>>>>>>> [3] "[Architecture] Authentication and Authorization
>>>>>>>>>>>>>>>>>>>>> for Rest APIs in Carbon Products"
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> *Isura Dilhara Karunaratne*
>>>>>>>>>>>>>>>>>>>>> Associate Technical Lead | WSO2
>>>>>>>>>>>>>>>>>>>>> Email: [email protected]
>>>>>>>>>>>>>>>>>>>>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>>>>>>>>>>>>>>>>>>>>> Blog : http://isurad.blogspot.com/
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>>>> *Godwin Amila Shrimal*
>>>>>>>>>>>>>>>>>>>> Associate Technical Lead
>>>>>>>>>>>>>>>>>>>> WSO2 Inc.; http://wso2.com
>>>>>>>>>>>>>>>>>>>> lean.enterprise.middleware
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> mobile: *+94772264165*
>>>>>>>>>>>>>>>>>>>> linkedin:
>>>>>>>>>>>>>>>>>>>> *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>>>>>>>>>>>>>>>>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>>>>>>>>>>>>>>>>>>> twitter: https://twitter.com/godwinamila
>>>>>>>>>>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> *Isura Dilhara Karunaratne*
>>>>>>>>>>>>>>>>>>> Associate Technical Lead | WSO2
>>>>>>>>>>>>>>>>>>> Email: [email protected]
>>>>>>>>>>>>>>>>>>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>>>>>>>>>>>>>>>>>>> Blog : http://isurad.blogspot.com/
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>> *Godwin Amila Shrimal*
>>>>>>>>>>>>>>>>>> Associate Technical Lead
>>>>>>>>>>>>>>>>>> WSO2 Inc.; http://wso2.com
>>>>>>>>>>>>>>>>>> lean.enterprise.middleware
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> mobile: *+94772264165*
>>>>>>>>>>>>>>>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>>>>>>>>>>>>>>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>>>>>>>>>>>>>>>>> twitter: https://twitter.com/godwinamila
>>>>>>>>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>>>>> Dev mailing list
>>>>>>>>>>>>>>>>>> [email protected]
>>>>>>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> *Ruwan Abeykoon*
>>>>>>>>>>>>>>>>> *Associate Director/Architect**,*
>>>>>>>>>>>>>>>>> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> *
>>>>>>>>>>>>>>>>> *lean.enterprise.middleware.*
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>> *Godwin Amila Shrimal*
>>>>>>>>>>>>>>>> Associate Technical Lead
>>>>>>>>>>>>>>>> WSO2 Inc.; http://wso2.com
>>>>>>>>>>>>>>>> lean.enterprise.middleware
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> mobile: *+94772264165*
>>>>>>>>>>>>>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>>>>>>>>>>>>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>>>>>>>>>>>>>>> twitter: https://twitter.com/godwinamila
>>>>>>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>>> Dev mailing list
>>>>>>>>>>>>>>>> [email protected]
>>>>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>> Omindu Rathnaweera
>>>>>>>>>>>>>>> Senior Software Engineer, WSO2 Inc.
>>>>>>>>>>>>>>> Mobile: +94 771 197 211 <+94%2077%20119%207211>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>> Dev mailing list
>>>>>>>>>>>>>>> [email protected]
>>>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> Ishara Karunarathna
>>>>>>>>>>>>>> Technical Lead
>>>>>>>>>>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> email: [email protected], blog: isharaaruna.blogspot.com,
>>>>>>>>>>>>>> mobile: +94717996791 <+94%2071%20799%206791>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>> Architecture mailing list
>>>>>>>>>>>>>> [email protected]
>>>>>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>>
>>>>>>>>>>>>> *Ruwan Abeykoon*
>>>>>>>>>>>>> *Associate Director/Architect**,*
>>>>>>>>>>>>> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> *
>>>>>>>>>>>>> *lean.enterprise.middleware.*
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>> Architecture mailing list
>>>>>>>>>>>>> [email protected]
>>>>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> *Godwin Amila Shrimal*
>>>>>>>>>>>> Associate Technical Lead
>>>>>>>>>>>> WSO2 Inc.; http://wso2.com
>>>>>>>>>>>> lean.enterprise.middleware
>>>>>>>>>>>>
>>>>>>>>>>>> mobile: *+94772264165*
>>>>>>>>>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>>>>>>>>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>>>>>>>>>>> twitter: https://twitter.com/godwinamila
>>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>>
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> Architecture mailing list
>>>>>>>>>>>> [email protected]
>>>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> *Best Regards*
>>>>>>>>>>>
>>>>>>>>>>> *Rushmin Fernando*
>>>>>>>>>>> *Technical Lead*
>>>>>>>>>>>
>>>>>>>>>>> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware
>>>>>>>>>>>
>>>>>>>>>>> mobile : +94775615183
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> Dev mailing list
>>>>>>>>>>> [email protected]
>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>>
>>>>>>>>>> *Malithi Edirisinghe*
>>>>>>>>>> Associate Technical Lead
>>>>>>>>>> WSO2 Inc.
>>>>>>>>>>
>>>>>>>>>> Mobile : +94 (0) 718176807
>>>>>>>>>> [email protected]
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Dev mailing list
>>>>>>>>>> [email protected]
>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> *Isura Dilhara Karunaratne*
>>>>>>>>> Associate Technical Lead | WSO2
>>>>>>>>> Email: [email protected]
>>>>>>>>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>>>>>>>>> Blog : http://isurad.blogspot.com/
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Architecture mailing list
>>>>>>>>> [email protected]
>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> *Godwin Amila Shrimal*
>>>>>>>> Associate Technical Lead
>>>>>>>> WSO2 Inc.; http://wso2.com
>>>>>>>> lean.enterprise.middleware
>>>>>>>>
>>>>>>>> mobile: *+94772264165*
>>>>>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>>>>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>>>>>>> twitter: https://twitter.com/godwinamila
>>>>>>>> <http://wso2.com/signature>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Architecture mailing list
>>>>>>>> [email protected]
>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> *Isura Dilhara Karunaratne*
>>>>>>> Associate Technical Lead | WSO2
>>>>>>> Email: [email protected]
>>>>>>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>>>>>>> Blog : http://isurad.blogspot.com/
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Dev mailing list
>>>>>>> [email protected]
>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>
>>>>>> --
>>>>>> Regards,
>>>>>>
>>>>>>
>>>>>> *Darshana Gunawardana*Technical Lead
>>>>>> WSO2 Inc.; http://wso2.com
>>>>>>
>>>>>> *E-mail: [email protected] <[email protected]>*
>>>>>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
>>>>>> Middleware
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> *Isura Dilhara Karunaratne*
>>>>> Associate Technical Lead | WSO2
>>>>> Email: [email protected]
>>>>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>>>>> Blog : http://isurad.blogspot.com/
>>>>>
>>>>>
>>>>>
>>>>> --
>>>> Regards,
>>>>
>>>>
>>>> *Darshana Gunawardana*Technical Lead
>>>> WSO2 Inc.; http://wso2.com
>>>>
>>>> *E-mail: [email protected] <[email protected]>*
>>>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
>>>> Middleware
>>>>
>>>> _______________________________________________
>>>> Architecture mailing list
>>>> [email protected]
>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>
>>>>
>>> Regards,
>>> Omindu.
>>>
>>>
>>> --
>>> Omindu Rathnaweera
>>> Senior Software Engineer, WSO2 Inc.
>>> Mobile: +94 771 197 211 <+94%2077%20119%207211>
>>>
>> --
>> Regards,
>>
>>
>> *Darshana Gunawardana*Technical Lead
>> WSO2 Inc.; http://wso2.com
>>
>> *E-mail: [email protected] <[email protected]>*
>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise .
>> Middleware
>>
>> _______________________________________________
>> Dev mailing list
>> [email protected]
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Ayesha Dissanayaka*
> Senior Software Engineer,
> WSO2, Inc : http://wso2.com
> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg>
> 20, Palm grove Avenue, Colombo 3
> E-Mail: [email protected] <[email protected]>
>
> _______________________________________________
> Architecture mailing list
> [email protected]
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
--
*Isura Dilhara Karunaratne*
Associate Technical Lead | WSO2
Email: [email protected]
Mob : +94 772 254 810 <+94%2077%20225%204810>
Blog : http://isurad.blogspot.com/
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
