[Openid-specs-ab] Issue #1459: How is User Consent provided (openid/connect)
David Chadwick
issues-reply at bitbucket.org
Thu Mar 10 17:19:37 UTC 2022
New issue 1459: How is User Consent provided
https://bitbucket.org/openid/connect/issues/1459/how-is-user-consent-provided
David Chadwick:
The user may interact with the credential issuing eco-system via the wallet and give consent to the wallet to accept a credential with certain attributes from the issuer, or the user may interact with the issuer’s web site via a browser and give consent to the issuer for it to load a credential into her wallet. Both modes should be supported, and the swimlane\(s\) should show the interactions between the user and the credential issuer, either directly or via the wallet.
Furthermore, how does the user know that the credential that has been loaded into the wallet contains exactly the attributes that she consented to? Should we place requirements on the wallet to check this, or to ask the user for a second consent?
More information about the Openid-specs-ab
mailing list