Consent Validator

Overview

The Consent Validator is a core component of the IUDX-Novo Central Directory Services and implements the Consent (C) interface.

It provides comprehensive consent management functionality for the platform, enabling the compliant exchange of personal data belonging to a Data Principal. The Consent Validator ensures that data access is governed by explicit, auditable, and verifiable consent.

The Consent Validator stores consent artefacts that authorize the use of personal data for a specific purpose, resource, and Data Principal.

It exposes APIs that enable authorized users to:

Create consent artefacts
Update existing consent artefacts
Delete or revoke consent artefacts
View consent artefacts and associated audit logs

These APIs support the full lifecycle management of consent, from creation and validation to revocation and auditing.

Platform Users

The Consent Validator APIs are used by:

Data Providers
Data Consumers
Delegates acting on behalf of either party

This ensures that all stakeholders involved in personal data exchange can participate in consent workflows in a controlled and traceable manner.

Integration with Data Provider Systems

The Consent Validator is a customized integration module that must be integrated with each Data Provider’s existing identity, registry, or backend data systems.

Key characteristics of this integration include:

Verification of the existence of personal data for a given Data Principal
Validation of provider-specific identifiers before accepting a consent artefact
Use of provider-exposed APIs for data availability checks

Example: Jan Aadhaar Integration

For example, when Jan Aadhaar acts as a Data Provider:

A provider-specific identifier (such as a member ID) is used to validate the Data Principal
The Consent Validator expects Jan Aadhaar to expose an API that can confirm the existence of personal data for the given identifier
Only after successful validation is a consent artefact accepted and recorded

Customization and Variability

Different Data Providers may:

Use different identifiers for Data Principals
Employ distinct validation mechanisms
Expose provider-specific integration APIs

As a result, each Consent Validator integration requires a customized implementation tailored to the Data Provider’s systems and data models.

Additional Details

Further details on the consent mechanism, validation workflows, and integration patterns are provided in the Appendix.

PreviousCompute Credit Management NextData Explorer

Last updated 4 hours ago

Good afternoon