User consent flow is a feature introduced by Bosch IoT Rollouts to help customers roll out software updates to their managed devices in compliance with the European Directive on contracts for the supply of digital content and digital services. The requirements of the Directive apply to all devices sold from January 1st, 2021 onward.

Some highlights of the directive are that a trader, i.e., in our scenario, the one who sells a device to an end user of the device (consumer), is obliged to ensure that the consumer is informed of and supplied with updates, including security updates, that are necessary to keep the digital content or digital service in conformity with their contract. The consumer must be informed of upcoming modifications in a clear and comprehensible manner. Furthermore, the consumer must be informed of the update's availability and the consequences of not installing it.

In particular, the end user of a device must be asked to confirm each software update, and the person responsible for obtaining that confirmation is the one who sells the device.

Thus, the update can be rolled out only after the end user has explicitly agreed to its installation.

The given consent does not have to be persisted or auditable; however, the update process must ensure that the consent has been requested.

As Bosch IoT Rollouts is not an end-user-facing service, it is not responsible for ensuring that its customers comply with the requirements described above. However, by introducing the user consent flow feature, Bosch IoT Rollouts enables its customers to become compliant in a timely and efficient manner.

There are important things to consider before activating this feature, which are described below on this page.

Overview

By default, when a distribution set is assigned to a target, Bosch IoT Rollouts exposes the artifacts or binaries to the respective targets via APIs. The devices then download these artifacts and flash themselves to complete the update.

However, when the user consent flow feature is enabled for a particular tenant, Bosch IoT Rollouts introduces an interim step that requests the device's end user consent for a pending software update. Only after such consent is granted can the devices proceed to download the artifacts and complete the update.

The feature can be enabled or disabled at any time via both the Bosch IoT Rollouts UI and the Management API at tenant level.

Once enabled, the feature offers two scenarios:

  • Confirmation required at the assignment/rollout level
  • Auto-confirmation at target level

Confirmation required

After the user consent flow feature is enabled at the tenant level, a confirmation-required option is required for every assignment of a distribution set to a target (manual or automatic) and for every rollout campaign at the rollout group level. This option is activated by default, meaning that confirmation of the end user of each device (target) will be awaited before proceeding with the download/install process. Until such confirmation is received, the action will stay in a WAIT_FOR_CONFIRMATION state (see Flow).

The confirmation required option is applicable per assignment (manual and automatic) and per rollout group. Therefore, it should be explicitly activated/deactivated for each assignment and/or rollout group.

See how the process looks in:

Auto-confirmation

In contrast to confirmation required for every update, it is possible to confirm all future updates at the target level automatically.

Enabling auto-confirmation means the user gives consent to all future updates for the specific target and does not have to confirm each one separately.

Learn how to enable and disable the auto-confirmation feature:

Flow

Once the user consent flow feature is enabled for the tenant, a new state (WAIT_FOR_CONFIRMATION) is introduced in the action state machine.

Read more about it at Action state machine.


Even if the user consent flow feature is enabled for the tenant, the required confirmation can be explicitly deactivated for an assignment or rollout group

In that case, the action state machine treats the user's consent as granted and transitions directly from the wait-for-confirmation state to the running state. 

Things to consider before enabling the feature

You can enable and enforce the user consent flow feature on your tenant with just a couple of clicks, but before you do that, please consider the following changes that in such a case will affect any future updates: 

  • As the payload will change, the device needs to be aware of what to expect. 
  • Your devices need to be ready to respond to such a new consent-requesting logic.
  • Depending on which API you are using, refer to the corresponding pages to see the new messages, states, etc.:
  • Normally, when an assignment or rollout is started via the DDI API, the payload includes a deployment base link to indicate to a device (when polling) that there is a pending action (update). If the user consent flow feature is activated, instead of a deployment base, the payload exposes a confirmation base. 
  • On the other hand, when the DMF API is used and the user consent flow feature is activated, Bosch IoT Rollouts sends an additional message to the device to initialize a confirmation task. The message topic is CONFIRM, which signals the wait-for-confirmation state. The device responds via the UPDATE_ACTION_STATUS message with either CONFIRMED or DENIED.