Does user consent to specific data being shared?

[dj2]

During the sign-up algorithm the user consents to creating an account. Does this consent form show what data is being shared (name, email, etc) or is it a general consent?

Does the user get notified what data will be shared?

[samuelgoto]

During the sign-up algorithm the user consents to creating an account. Does this consent form show what data is being shared (name, email, etc) or is it a general consent?

The spec leaves that open for each user agent to form an opinion on how to transparently explain that to a user.

I personally like the analogy of the "TLS certificate inspector" that chromium has, which gives a "high level explanation" but also has the ability for the user to see the entirety of the data, but again, I think each user agent should be left to decide how to serve their users better.

Does the user get notified what data will be shared?

[cbiesinger]

We now show the specific data being shared in the permissions prompt and w3c-fedid/custom-requests#4 will let RPs customize this, so I think we can close this.