Questions about https://app.gitbook.com/o/pxmRWOPoaU8fUAbbcrus/s/oEAfhW9JLP3tJ6mPyxtF/~/changes/64/9-workflows merge request

1. “registration process will know which Agreement IDs are eligible for registration” - how does this come to be?

2. If and how are we validating the “External ID”? Is ID-BB involved in any manner?

Lal answered the questions: Agreement ID needs to be known for each data agreement that’s valid for the registration process. The application developer needs to know this essentially.

Data source: Population registry. They don’t really “care” what the application does, as long as the application can prove that a consent exists. The data source cold make a data agreement template available here.

Signatures: Other parties should never trust the Consent BB, but they should always verify the Signature that is provided with a Consent Record.

@Ain Aaviksoo will make some amendments about assumption of trust when verifying consent.

Other open questions

• The Consent BB should authenticate the application itself! Maybe make a note about this. We will make a note next to Consent BB column about RBCA.

• What should happen from the registration process once the consent is stored (?). We’ll note that the consent process has been concluded and the registration process may continue its process assuming that consent has been obtained.