Archived 2023.08.11. Content moved to Guidance on Profile Scope.
Question
How should the profile scope be represented in Consent and Authorisation screens? The profile scope isn't addressed in any of the CX Standards or Guidelines. Should it be dependent on the common.customer...
scopes?
For example, if openid
, profile
, and bank:accounts.basic:read
are requested, the Accredited Data Recipient (ADR) has access to Personally Identifiable Information (PII) for the user. If the profile scope is not displayed, the user may be unaware that PII is available to the ADR.
Answer
See DB216 for full details of this discussion.
Comments
0 comments
Please sign in to leave a comment.