Currently with idp.consent.storageRecordLifetime the consent lifetime is set at creation time. This leads to a situation where consent is asked again even if you are using the service daily and nothing with your released attributes has changed.
An additional property that controls updating this best-before date for a consent record would be useful. When it is set the best-before date on a consent record is updated on every login to extend the lifetime as if the consent record was created at that point in time. This would change the behaviour to no new consent being asked if the service is actively used.
With this new setting the upgrade path to using consent storage record lifetimes should be easy: just setting a record lifetime and enabling the (new) setting that refreshes the lifetime every time the user logs in to said service.
Due to the nature of the laws about storing information about users and all that the actual data would also have to be gone from the (sql) storage in a somewhat timely manner. Somewhat timely can be long (days or even weeks) as long as it is defined somehow. AFAIK there is no contract on that detail of implementation of a storage service.
Currently with idp.consent.storageRecordLifetime the consent lifetime is set at creation time. This leads to a situation where consent is asked again even if you are using the service daily and nothing with your released attributes has changed.
An additional property that controls updating this best-before date for a consent record would be useful. When it is set the best-before date on a consent record is updated on every login to extend the lifetime as if the consent record was created at that point in time. This would change the behaviour to no new consent being asked if the service is actively used.
With this new setting the upgrade path to using consent storage record lifetimes should be easy: just setting a record lifetime and enabling the (new) setting that refreshes the lifetime every time the user logs in to said service.
Due to the nature of the laws about storing information about users and all that the actual data would also have to be gone from the (sql) storage in a somewhat timely manner. Somewhat timely can be long (days or even weeks) as long as it is defined somehow. AFAIK there is no contract on that detail of implementation of a storage service.