IAM Team, I recently had to do a presentation/demo to a customer on GDPR support in WSO2 IS. Following are the usability problems I've come across in the latest version. Would like to get your feedback on this.
1. In all the webinars we've done on GDPR, we talk about IS as a consent repository that can do consent management of applications through Restful APIs. However, when looking at the APIs it looks like we can't really do application wise consent management and it is global consent management model we have. What am I missing here? 2. Consent purpose descriptions are not shown to the user, when (s)he needs to provide consent to share user claims to the application. It looks like the user has to provide a *"bundled"* consent. This *violates* basic GDPR consent design guideline of *"unbundled consent"*. 3. The consent purpose descriptions do not support internationalization. This *violates* another one of the basic GDPR consent design guideline of *"informed consent".* Ideally we should be using the same design we've implemented for challenge question internationalization. 4. When a user does self sign-up, we are collecting consent for all consent purposes and PII categories. It looks like user cannot sign-up without providing consent for at least one consent purpose or PII category. For example, even if first_name is optional and I don't fill the value for first_name, I need to provide consent to store first_name which doesn't make any sense. Thanks & Regards, Johann. -- *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | WSO2 Inc. (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) [email protected] [image: Signature.jpg]
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
