====== Beispiel für eine EU-DSGVO-konforme Konfiguration des User Consent Moduls - Attribute Release Templates ====== **[[de:shibidp:config-consent-dsgvo_shib-idp_4.0.x|Zurück zur Hauptseite]]** **Anmerkungen:** * Die hier aufgelisteten Varianten beziehen sich auf die Lösungsmodelle aus der Präsentation [[https://download.aai.dfn.de/praesentationen/betriebstagungen/69/BT69_AAI_DS-AAI-Verfahren_Strobel_Moerike.pdf|"Datenschutzrechtliche Analyse das AAI-Verfahrens"]] von der 69. DFN-Betriebstagung. * Sollen zusätzlich zu Variante 1 weitere Lösungsmodelle implementiert werden, müssen spezifische Interceptor Flows definiert werden. Siehe hierzu auf der [[de:shibidp:config-consent-dsgvo_shib-idp_4.0.x|Hauptseite]]. * Die u.g. Beispiele erfordern entsprechend angepasste Message Properties. Siehe hierzu auf der [[de:shibidp:config-consent-dsgvo_shib-idp_4.0.x|Hauptseite]]. ===== Variante 1: Einwilligung ===== **Freiwilligkeit, Art. 6 Abs. 1 lit. a** ==== Shib IdP 4.0.x ==== ## ## Velocity Template for DisplayAttributeReleasePage view-state ## ## Velocity context will contain the following properties : ## ## attributeReleaseContext - context holding consentable attributes ## attributeReleaseFlowDescriptor - attribute consent flow descriptor ## attributeDisplayNameFunction - function to display attribute name ## attributeDisplayDescriptionFunction - function to display attribute description ## consentContext - context representing the state of a consent flow ## encoder - HTMLEncoder class ## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl) ## flowExecutionUrl - form action location ## flowRequestContext - Spring Web Flow RequestContext ## profileRequestContext - OpenSAML profile request context ## request - HttpServletRequest ## response - HttpServletResponse ## rpUIContext - context with SP UI information from the metadata ## environment - Spring Environment object for property resolution #set ($serviceName = $rpUIContext.serviceName) #set ($serviceDescription = $rpUIContext.serviceDescription) #set ($informationURL = $rpUIContext.informationURL) #set ($privacyStatementURL = $rpUIContext.privacyStatementURL) #set ($rpOrganizationLogo = $rpUIContext.getLogo()) #set ($rpOrganizationName = $rpUIContext.organizationDisplayName) #set ($replaceDollarWithNewline = true) ## #springMessageText("idp.attribute-release.title", "Information Release") #parse("csrf/csrf.vm") #if ($rpOrganizationLogo) #end #if ($serviceName) #springMessageText("idp.attribute-release.serviceNameLabel", "You are about to access the service:") $serviceName #if ($rpOrganizationName) #springMessageText("idp.attribute-release.of", "of") $encoder.encodeForHTML($rpOrganizationName) #end #end #if ($serviceDescription) #springMessageText("idp.attribute-release.serviceDescriptionLabel", "Description as provided by this service:") $encoder.encodeForHTML($serviceDescription) #end #if ($informationURL) #springMessageText("idp.attribute-release.informationURLLabel", "Additional information about the service") #end #springMessageText("idp.attribute-release.attributesHeader", "Information to be Provided to Service") #foreach ($attribute in $attributeReleaseContext.getConsentableAttributes().values()) $encoder.encodeForHTML($attributeDisplayNameFunction.apply($attribute)) #foreach ($value in $attribute.values) #if ($replaceDollarWithNewline) #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue()).replaceAll($encoder.encodeForHTML('$'),"")) #else #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue())) #end #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) $encodedValue #else $encodedValue #end #end #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) #set ($inputType = "checkbox") #else #set ($inputType = "hidden") #end #end #springMessageText("idp.attribute-release.name_ids", "Furthermore, a transient or persistent Id will be released") #if ($privacyStatementURL) #springMessageText("idp.attribute-release.privacyStatementURLLabel", "Data privacy information of the service") #end #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed) #springMessageText("idp.attribute-release.consentMethod", "Select an information release consent duration:") #end #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed) #springMessageText("idp.attribute-release.doNotRememberConsent", "Ask me again at next login") #end #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed) #springMessageText("idp.attribute-release.rememberConsent", "Ask me again if information changes") #end #if ($attributeReleaseFlowDescriptor.globalConsentAllowed) #springMessageText("idp.attribute-release.globalConsent", "Do not ask me again") #end #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed) #springMessageText("idp.attribute-release.consentMethodRevoke", "This setting can be revoked at any time with the checkbox on the login page.") #end #springMessageText("idp.attribute-release.print_page", "Print Page") ===== Variante 2: Notwendigkeit ===== **Durchführung des Beschäftigungsverhältnisses, Art. 88 in Verbindung mit § 26 BDSG (neu)** ==== Shib IdP 4.0.x ==== ## ## Velocity Template for DisplayAttributeReleasePage view-state ## ## Velocity context will contain the following properties : ## ## attributeReleaseContext - context holding consentable attributes ## attributeReleaseFlowDescriptor - attribute consent flow descriptor ## attributeDisplayNameFunction - function to display attribute name ## attributeDisplayDescriptionFunction - function to display attribute description ## consentContext - context representing the state of a consent flow ## encoder - HTMLEncoder class ## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl) ## flowExecutionUrl - form action location ## flowRequestContext - Spring Web Flow RequestContext ## profileRequestContext - OpenSAML profile request context ## request - HttpServletRequest ## response - HttpServletResponse ## rpUIContext - context with SP UI information from the metadata ## environment - Spring Environment object for property resolution #set ($serviceName = $rpUIContext.serviceName) #set ($serviceDescription = $rpUIContext.serviceDescription) #set ($informationURL = $rpUIContext.informationURL) #set ($privacyStatementURL = $rpUIContext.privacyStatementURL) #set ($rpOrganizationLogo = $rpUIContext.getLogo()) #set ($rpOrganizationName = $rpUIContext.organizationDisplayName) #set ($replaceDollarWithNewline = true) ## #springMessageText("idp.attribute-release.title", "Information Release") #parse("csrf/csrf.vm") #if ($rpOrganizationLogo) #end #if ($serviceName) #springMessageText("idp.attribute-release.serviceNameLabel", "You are about to access the service:") $serviceName #if ($rpOrganizationName) #springMessageText("idp.attribute-release.of", "of") $encoder.encodeForHTML($rpOrganizationName) #end #end #if ($serviceDescription) #springMessageText("idp.attribute-release.serviceDescriptionLabel", "Description as provided by this service:") $encoder.encodeForHTML($serviceDescription) #end #if ($informationURL) #springMessageText("idp.attribute-release.informationURLLabel", "Additional information about the service") #end #springMessageText("idp.attribute-release.attributesHeader", "Information to be Provided to Service") #foreach ($attribute in $attributeReleaseContext.getConsentableAttributes().values()) $encoder.encodeForHTML($attributeDisplayNameFunction.apply($attribute)) #foreach ($value in $attribute.values) #if ($replaceDollarWithNewline) #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue()).replaceAll($encoder.encodeForHTML('$'),"")) #else #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue())) #end #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) $encodedValue #else $encodedValue #end #end #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) #set ($inputType = "checkbox") #else #set ($inputType = "hidden") #end #end #springMessageText("idp.attribute-release.name_ids", "Furthermore, a transient or persistent Id will be released") #if ($privacyStatementURL) #springMessageText("idp.attribute-release.privacyStatementURLLabel", "Data privacy information of the service") #end #springMessageText("idp.attribute-must.doNotRememberConsent", "Ask me again at next login") #springMessageText("idp.attribute-must.rememberConsent", "Ask me again if information changes") #springMessageText("idp.attribute-must.information", "Honestly, you have no choice...") ===== Variante 3: "Nützliche Dienste" ===== **Kein Zwang, aber Interesse der Einrichtung an Nutzung des Dienstes, Art. 6 Abs. 1 lit. e (in Verbindung mit spezieller Erlaubnisnorm) oder lit. f. Widerspruchsrecht nach Art. 21 Abs. 1** ==== Shib IdP 4.0.x ==== ## ## Velocity Template for DisplayAttributeReleasePage view-state ## ## Velocity context will contain the following properties : ## ## attributeReleaseContext - context holding consentable attributes ## attributeReleaseFlowDescriptor - attribute consent flow descriptor ## attributeDisplayNameFunction - function to display attribute name ## attributeDisplayDescriptionFunction - function to display attribute description ## consentContext - context representing the state of a consent flow ## encoder - HTMLEncoder class ## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl) ## flowExecutionUrl - form action location ## flowRequestContext - Spring Web Flow RequestContext ## profileRequestContext - OpenSAML profile request context ## request - HttpServletRequest ## response - HttpServletResponse ## rpUIContext - context with SP UI information from the metadata ## environment - Spring Environment object for property resolution #set ($serviceName = $rpUIContext.serviceName) #set ($serviceDescription = $rpUIContext.serviceDescription) #set ($informationURL = $rpUIContext.informationURL) #set ($privacyStatementURL = $rpUIContext.privacyStatementURL) #set ($rpOrganizationLogo = $rpUIContext.getLogo()) #set ($rpOrganizationName = $rpUIContext.organizationDisplayName) #set ($replaceDollarWithNewline = true) ## #springMessageText("idp.attribute-release.title", "Information Release") #parse("csrf/csrf.vm") #if ($rpOrganizationLogo) #end #if ($serviceName) #springMessageText("idp.attribute-release.serviceNameLabel", "You are about to access the service:") $serviceName #if ($rpOrganizationName) #springMessageText("idp.attribute-release.of", "of") $encoder.encodeForHTML($rpOrganizationName) #end #end #if ($serviceDescription) #springMessageText("idp.attribute-release.serviceDescriptionLabel", "Description as provided by this service:") $encoder.encodeForHTML($serviceDescription) #end #if ($informationURL) #springMessageText("idp.attribute-release.informationURLLabel", "Additional information about the service") #end #springMessageText("idp.attribute-release.attributesHeader", "Information to be Provided to Service") #foreach ($attribute in $attributeReleaseContext.getConsentableAttributes().values()) $encoder.encodeForHTML($attributeDisplayNameFunction.apply($attribute)) #foreach ($value in $attribute.values) #if ($replaceDollarWithNewline) #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue()).replaceAll($encoder.encodeForHTML('$'),"")) #else #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue())) #end #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) $encodedValue #else $encodedValue #end #end #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) #set ($inputType = "checkbox") #else #set ($inputType = "hidden") #end #end #springMessageText("idp.attribute-release.name_ids", "Furthermore, a transient or persistent Id will be released") #if ($privacyStatementURL) #springMessageText("idp.attribute-release.privacyStatementURLLabel", "Data privacy information of the service") #end #springMessageText("idp.attribute-info.doNotRememberConsent", "Ask me again at next login") #springMessageText("idp.attribute-info.rememberConsent", "Ask me again if information changes") #springMessageText("idp.attribute-info.information", "Honestly, you have no choice...") {{tag>idp4 fixme}}
#springMessageText("idp.attribute-release.serviceNameLabel", "You are about to access the service:") $serviceName #if ($rpOrganizationName) #springMessageText("idp.attribute-release.of", "of") $encoder.encodeForHTML($rpOrganizationName) #end
#springMessageText("idp.attribute-release.serviceDescriptionLabel", "Description as provided by this service:") $encoder.encodeForHTML($serviceDescription)
#springMessageText("idp.attribute-release.informationURLLabel", "Additional information about the service")
#springMessageText("idp.attribute-release.privacyStatementURLLabel", "Data privacy information of the service")
#springMessageText("idp.attribute-release.doNotRememberConsent", "Ask me again at next login")
#springMessageText("idp.attribute-release.rememberConsent", "Ask me again if information changes")
#springMessageText("idp.attribute-release.globalConsent", "Do not ask me again")
#springMessageText("idp.attribute-release.print_page", "Print Page")
#springMessageText("idp.attribute-must.doNotRememberConsent", "Ask me again at next login")
#springMessageText("idp.attribute-must.rememberConsent", "Ask me again if information changes")
#springMessageText("idp.attribute-must.information", "Honestly, you have no choice...")
#springMessageText("idp.attribute-info.doNotRememberConsent", "Ask me again at next login")
#springMessageText("idp.attribute-info.rememberConsent", "Ask me again if information changes")
#springMessageText("idp.attribute-info.information", "Honestly, you have no choice...")