# Consent Record Schema
### Supported Usecases
The schemas are designed to support a variety of use cases and be extensible enough to allow external dependencies for extensible support.
Example Usecases:
1. Data Collection:
1. Purpose Key: DATA\_COLLECTION
2. Agreement Kind: CONSENT\_V1
3. DataRef: Optional
2. Product License
1. Agreement Kind: TOS\_V1
2. Purpose Key: LEGAL\_COMPLIANCE
3. Data Distribution
1. Agreement Kind: LICENSE\_V1
2. Purpose Key: ATTRIBUTION\_ANALYTICS, MODE\_TRANING
4. TOS or Policy:
1. Agreement Kind: CONSENT\_V1
2. Purpose Key: TOS\_V1
3. Terms Ref: ipfs link
### Agreement
An agreement is something two parties decide upon, it could be in any format, from a text file to a pdf or even an image, the agreement must clearly define the terms which both parties agreed on.
### Data Schema Consent
| Field Name | Description | Required |
| -------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------- |
| Schema Version | | Not Required Explicity, Implicit Contract Versioning |
| Agreement Id | ID/Ref of Agreement onchain | Required |
| Consent Signature | Signed by supplier of consent, more on this later | Required |
| Supplier DID | The DID of the person providing consent | Required |
| [Data Ref](/permission-protocol/v1-protocol/data-access-patterns.md#dataref-driven-access-pattern) | This could be anything from a url, to a hash, to an internal ID of the collected Data if any data is collected | Optional, Can be used if any data is being shared |
| disclosed | This flag tells if the data ref is disclosed openly or if It is encrypted or authorization is required | Optional, only needed with dataref, default false, encrypted by default |
| validityEnd | This signifies the validity period of the consent, this can either be 0 showing no expiry or a timestamp of expiry date | Required by default 0 |
| revocationRef | This is refrence to an external record of revocation. This could be a sperate contract or schema housing revocation data. | Optional (Revocation eligibility is governed by agreement schema) |
### Data Schema Agreement
Each Agreement has a id or hash of it.
| Field Name | Description | Required |
| -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Agreement Kind | Legal/Operational Frame
e.g CONSENT\_V1, LICENSE\_V1 etc
| Required |
| Purpose Key | How the data will be used
E.g: EMAIL\_MARKETING, ATTRIBUTION\_ANALYTICS, MODEL\_TRAINING, ADS\_PERSONALIZATION
| Optional, if there is an external defined agreement and single field can't define the purpose then this field can be omited for greater terms in terms ref
But this has high priority
|
| Terms Ref | This could be a terms url, or an ipfs id where terms can be viewed or hash if terms provided offchain
starts with: http, ipfs, 0x
| Optional, Not required if the purpose and other fields are enough for the legal uses |
| Terms Hash | This would be hash of the terms so terms ref can be verified incase it is external web2 url | In case of IPFS terms this is not required, otherwise if terms are present this must exists |
| conditionsRef | A hash of conditions that should bet met for rewarding consent | Optional, in case of permission this is a hash of platform-verification |
| Counter Party DID | The DID of the party to whom consent is being provided to | Required |
| Revocation Eligibility | This field tells if consent once given can be revoked or not, while governing few mechanisms for revocation | Required |
| `revokeGracePeriodSeconds` | This field governs when the consent can be revoked if it is revokable | Optional (Required if revocation is set for eligibility) |
### Consent Signature
This will be end product signature which will be derived by the supplier using the following fields
* Agreement Data
* kind, purpose, termsref, conditionsref, counterpartydid
* Payout Amount
* Validity end
### Agreement Kind (max: 32 chars)
It is the single, versioned key that states the legal/operational frame (e.g., "this record is a consent" vs "this record is a license").
e.g
* CONSENT\_V1 (consent for data collection/access/tracking)
* LICENSE\_V1 (useage rights on collected/drived data)
* DATA\_SHARING\_CONTRACT\_V1 (contract governing disclosure/transfer)
* MODEL\_TRAINING\_LICENSE\_V1 (rights to use data for model training)
* USAGE\_RIGHTS\_V1 (generic usage rights without transfer)
* TOS\_V1 (terms of service acceptance)
* DPA\_V1 (data processing agreement, B2B controller–processor)
### Purpose Key (Multi) (max: 32 chars)
It’s the controlled vocabulary key (or keys) stating the intended use(s) of the data.
* MODEL\_TRAINING (data will be used for model training)
* REWARD\_FULFILLMENT ()
* LEGAL\_COMPLIANCE
* AD\_PERSONALIZATION
* PRODUCT\_ANALYTICS
* ATTRIBUTION\_ANALYTICS
* EMAIL\_MARKETING
* THIRD\_PARTY\_DISCLOSURE
* RECOMMENDATIONS
* PERSONALIZATION
* DATA\_COLLECTION
### Data Ref
The purpose of data ref for Permission is to have a record of data that is used in processing.\
This could be hash of the data which is collected, or a url which points to the data which will be shared, \
or points to the web page where this data can be managed.
### ConditionsRef
This will be a hash value, which use is upto the implementer. Its primary focus is to tell the conditions which should be met for the supplier before they are eligible for gaining the payout.
{% hint style="info" %}
For Permission:\
Condition Ref ⇒ 'platform\_verified' ⇒ hash
Once it is signed by the platform DID, a user can perform withdraws through the governing withdraw contract
{% endhint %}
{% hint style="info" %}
ConditionsRef is an extra field which doesn't directly affect consent hence, it can be used by others as required
{% endhint %}
### Revocation Eligibility
Revocation eligibility is an enumeration with the following values:
1. **Unrevokable**: Consent cannot be revoked once given.
2. **Instantly Revokable**: Consent can be revoked immediately by the user.
3. **RevokableAfterGracePeriod**: Consent can be revoked only after a specified grace period has elapsed. For this type, there will be an additional field called `revokeGracePeriodSeconds` that dictates the duration of the grace period before revocation can occur.
## Questions:
Who can add to revocation ref?
Only supplier can add the revocation ref.
When can the consent be revokable?
Supplier can only revoke consent if the agreement supports it, it could either be instantly revokable or revokable after certain grace period depending on the agreement.
If i am supplying user's data to some other party who doesn't have DID, how do i take consent then?
You will take consent with purpose key THIRD\_PARTY\_DISCLOSURE
How url is stored in smart contract
Url is stored as string in the ref states, global uri can be implemented later for saving gas
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.permission.ai/permission-protocol/v1-protocol/consent-record-schema.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.