Today's legal call was about the contract between the Grantor and the AS - or is it the ASO? As I understand it, we're looking for language to describe the relationship between the grantor / resource owner and her agent that will be operating an authorization service on her behalf. The section on Agents starts at page 67: http://docplayer.net/4194796-Restatement-of-the-law-agency-restatement-third... The description of fiduciary duty seems to be quite clear. Page 72 deals with Principal's Consent. The key paragraphs are (my underline): - (1)(a)(ii) (ii) discloses all material facts that the agent knows, has reason to know, or should know would reasonably affect the principal's judgment unless the principal has manifested that such facts are already known by the principal *or that the principal does not wish to know them* - (1)(b) (b) the principal's consent concerns either a specific act or transaction, or acts or transactions of *a spe**cified type that could reasonably be expected to occur* in the ordinary course of the agency relationship. When Alice is informed about a particular transaction by the agent (in UMA this means that Alice is alerted to the specific RqP, Client, and Scopes) the situation is clear because Alice is more or less in the authorization loop. I would not use consent to describe this kind of transparency but IANAL. Under what circumstances can the Agent be less transparent? Regardless of our creativity in adding modifiers like "dynamic" to consent, the key points are underlined by me as - A positive statement by Alice that she doesn't want to be notified, or - A "specified type that could reasonably be expected to occur". I propose that the only way to get closure on this topic is by focusing on these two issues when Alice is signing a contract with an AS as a separate entity. The burden is on the ASO to adequately describe to Alice the specifications of the transactions that she will not be notified about and that are reasonably expected to occur. Alice would then use these descriptions in court in case of dispute. Adrian -- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/