Scope & Limitations

Data sharing authorization feature covers the following components:

Consent Management

• Capture and record user authorization for each data-sharing request.

• Support fine-grained consent based on requestor type and data.

Data Sharing Flows

• Implement both SP to SP and Peer-to-Peer (SP to Person) data sharing flows.

• Validate and enforce the roles of Data Owner, Requestor, and Requestee.

Authentication & Security

• Leverage UAE Pass authentication for identity verification.

• Use encryption and HMAC for secure data transmission.

User Experience

• Provide users with visibility into requests and the ability to approve/decline.

• Display past sharing history and status of each request.

Integration

Integrate with external Service Providers (SPs) through secure APIs and channels.

Transaction history

• Maintain transaction history of all Data sharing transactions by a user.

Limitations

• As part of the UAE Pass Data Sharing Authorization feature, only Data in the form of Documents are supported. Data in the form of attributes or plain text is out of scope.

• In the case of SP-to-SP integration, UAE Pass is only responsible for integrating with each Data owner once. Integration with each Data Processer SP is the responsibility of the Data Owner SP

• Data authorization notification and approval functionality is only supported through the UAE Pass mobile App. The feature is not available in the UAE PASS portal.

• UAE Pass uses the mobile push notification mechanism to notify the user about any data sharing authorization request from the Data owner.

• Data Authorization feature is only available for UAE Pass users who have a SOP3 profile. It is not available for SOP1 and SOP2 profiles.

• Consent provided by the user using this feature is only limited to the Data Authorization request, SPs cannot use it for any other purpose.