Abstract
A consent management system wherein the client could provide consent to other clients to an Authorization Server and this consent can be passed to other clients in the form of JWT authorization tokens. For example, a client could provide consent to a list of clients enabling them to read its data at a Web Server, and the Authorization server would sve this data and provide this to other clients packaged inside a JWT token, which when used by those clients at the Web Application servers, would allow them to access the data of the clients mentioned in the JWT token. This makes the consent protocol a push model and can be done at the time of data generation, versus a pul model, where a client would need to request permission at the time it wishes to read the data. This mechanism has advantages that the client providing consent need not be available at the time when the data is actually being read by other clients, and has benefits in the some fields like Healthcare, where a patient could grant consent to read his data by a wildcard entry of email identifiers, and doctors could access the patients data at any time, till the time the consent has been granted.
