define consent and permission; explain split roles regarding consent #290
Description
Responsibility for consent was discussed at the June 16 call.
We should explicitly define what we mean by consent (as there is a very wide range of opinions or expectations about it) and explicitly define browser/user agent permission.
There may be general support for a split role, where the verifier provides all the necessary explanation in context, a permission prompt by the browser confirms that the user is willing to continue to the wallet, and then the wallet confirms with the user release of the information back to the verifier. (Some call the last dialog "consent"; some believe the user is burdened by having to provide "consent" 3 times; some believe that for "consent" to be informed that the in-context explanation is necessary.)
There remain different opinions on what information should be communicated to the wallet for the confirmation; some believe that a privacy policy link is sufficient, some believe that a privacy policy link is known to be unhelpful and uninformative and does not provide the relevant informed context.