User story
As a deployer, I want Edge Cookie creation gated by technical permissions that are established outside the core, so that the legal policy is mine to set and is not baked into Trusted Server.
Description
Replace the country-based allows_ec_creation check with a technical permission model that separates legal policy from the core. Each provider declares the permissions its data use requires, named by the IAB TCF Europe purpose set and used only as technical identifiers. No policy framework is implemented in the core. The core runs a provider only when every required permission is held. Whether a permission is held is established from the country a geo provider returns (keyed by ISO 3166-1) and from request signals. When no country is known, or the country and region match no rule, the deployer's configured default country applies. The model is source-agnostic, so a held permission can equally come from an interaction with the user that establishes a preference, or from data provided by another source. The EC Set-Cookie operation always requires store-on-device (purpose 1). A vendor-neutral provider requires nothing, so a default deployment needs no policy interaction at all.
Done when
- A technical permission model resolves held permissions, keyed by country or region. An unmatched request (no country, or no rule for the country and region) uses the deployer's configured default country. There must always be a default permission set, so startup fails when no default country is configured or it does not resolve to a known rule.
- A provider's required permissions are honored, and it runs only when all are held.
- The built-in HMAC provider declares store-on-device (purpose 1), and a neutral provider requires nothing.
consent::allows_ec_creation is removed, and its country-based gate tests are replaced by permission-model tests.- The permission vocabulary is the IAB TCF Europe purpose set used only as identifiers, with no policy framework in the core.
References
User story
As a deployer, I want Edge Cookie creation gated by technical permissions that are established outside the core, so that the legal policy is mine to set and is not baked into Trusted Server.
Description
Replace the country-based
allows_ec_creationcheck with a technical permission model that separates legal policy from the core. Each provider declares the permissions its data use requires, named by the IAB TCF Europe purpose set and used only as technical identifiers. No policy framework is implemented in the core. The core runs a provider only when every required permission is held. Whether a permission is held is established from the country a geo provider returns (keyed by ISO 3166-1) and from request signals. When no country is known, or the country and region match no rule, the deployer's configured default country applies. The model is source-agnostic, so a held permission can equally come from an interaction with the user that establishes a preference, or from data provided by another source. The EC Set-Cookie operation always requires store-on-device (purpose 1). A vendor-neutral provider requires nothing, so a default deployment needs no policy interaction at all.Done when
consent::allows_ec_creationis removed, and its country-based gate tests are replaced by permission-model tests.References