Session Abstract

Consent and Notification services are being deployed at several campuses. These services can operate across protocols and applications and present some new opportunities for privacy, compliance and transparency, but need to be deployed with care for both user and institutional experiences. This session will discuss the technical and policy issues that have emerged from several actual deployments of institutional consent. The focus will be on the use of CAR to provide cross-protocol and meaningful consent but will also cover native Shib consent and other options.

Deployment issues include technical issues such as availability and load balancing, plumbing multiple protocols into the service, and gathering the informed content that makes for meaningful consent decisions. We will also cover serving OAuth and OIDC both through the MitreId and Shib OIDC plugins. CAR presents numerous policy decisions as well. These include: to which communities and which sites should consent be provided; setting institutional policies on release; setting user defaults: and leveraging the institutional policy store for compliance questions, particularly for data feeds to external sources.

The session will include at least two speakers: Rob Carter (Duke) and Keith Wessel (Illinois) A third speaker may be added.