TRS policy property (ISSUE 2, ISSUE 22, ISSUE 23)

For the discussion that @mschunte2 staged:

I see a need for multiple policy attributes. For instance, reference to 
a resource's (a) cookie policy, (b) privacy statement, (c) security 
policy, e.g., a responsible disclosure policy, (d) terms and conditions, 
or (e) a DNT policy as required by AB370. There is no straight forward 
way to distinguish at the moment whereas for consent this information 
should be easily available. I propose to add metadata such that UI's can 
use these hooks when providing information to the user, when needed.

There are multiple ways of dealing with this need. I propose three 
alternatives:

A: extending the policy attribute to an array of strings. For example:

"policy": ["https://webresource.com/cookies", 
"https://webresource.com/privacy", "https://webresource.com/security", 
"https://webresource.com/terms_and_conditions"]

B: instead of having one policy property, extending to multiple policy 
properties. For example:

"cookies_policy": "https://webresource.com/cookies"
"privacy_policy": "https://webresource.com/privacy"
"security_policy": "https://webresource.com/security"
"terms_and_conditions": "https://webresource.com/terms_and_conditions"

C: extending the policy attribute to an array of key-values. For 
example:

"policy": [("cookie_policy", "https://webresource.com/cookies") , 
("privacy_policy", "https://webresource.com/privacy"), 
("responsible_disclosure_policy", "https://webresource.com/security"), 
("terms_and_conditions", 
"https://webresource.com/terms_and_conditions")]



Option C is my preferred proposal, since the array of key/values is easy 
to extend.

Regards,
Rob

Received on Sunday, 26 March 2017 11:07:12 UTC