Managing Versioned Consent
miaa Access has released following features:
Customise consent registration
Consents are maintained as a list of consent objects. As such you can accommodate any number of consent versions and consent types.
Each individual consent object contains the status, the timestamp of the latest status change (grant/revoke), the id of the environment in which the status was changed and the history of these changes.
You can further customise the contents of the consent object to include:
- the version number
- whether the version is a major or a minor update compared to the previous version
- the link to the actual policy text
- the language presented to the user
- the jurisdiction to which the policy applies.
Enforce user’s consent
Using miaa PolicyGate, you can ensure that whenever profile data is requested by an application, the data is returned if and only if the user provided their consent for that application. As such, read access to a user’s profile can be made subject to purpose-specific consent from that user, whenever it is accessed.
Offer true forget-me
Using miaa ProfileSync, you can offer a true forget-me flow. The flow will erase specific data in the user profile, keeping essential audit evidence. The forget-me request will also be pushed to connected applications to make sure they erase all profile data. A miaa HouseKeeper function shall delete the profile after a configurable expiration period.
The forget-me flow supports an optional user-confirmation cycle, by sending a confirmation request with a secure challenge & response, with the action ‘confirm forget me’ in the request token.