Pros and cons of various Consent storage methods

[Cantor, Scott]

> Can anyone speak to the pros and cons of each of the three methods for storing
> the consent records (client-storage, memcached, database)? What are people
> using and what experiences have you had?

I would think "real" use of consent means having a database, non-persistent consent doesn't really make much sense. Memcache doesn't seem relevant to this feature at all. That renders consent a non-starter to me, but that's for others to say. I won't put a database behind my IdP sooner than a day from my retirement.

The point of client-side is that it's possible to do terms-of-user style "blanket" approvals via the basic feature design that could be used as a per-device "remember my choice" sort of thing that is at least a form of consent but doesn't need a database. I was planning to do something like that at OSU for FERPA overrides but our registrar overruled me and we left it at nothing, we just block release. Not my call, but I think it would have worked reasonably.

Using it for "full" consent is more a toy and a way to test out the feature than a practical idea. It is a feat of technical engineering that I made it work with no impact on the code at all and I'm pleased that it did, but it isn't practical.

-- Scott