Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
| Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
|
de:shibidp3consent_dsgvo_attribute_release [2019/01/21 16:18] Wolfgang Pempe |
de:shibidp3consent_dsgvo_attribute_release [2019/01/21 16:57] (aktuell) Wolfgang Pempe |
||
|---|---|---|---|
| Zeile 2: | Zeile 2: | ||
| **[[de:shibidp3consent_dsgvo|Zurück zur Hauptseite]]** | **[[de:shibidp3consent_dsgvo|Zurück zur Hauptseite]]** | ||
| - | **NB:** Die hier aufgelisteten Varianten beziehen sich auf die Szenarien aus der Präsentation [[https://www.dfn.de/fileadmin/3Beratung/Betriebstagungen/bt69/BT69_AAI_DS-AAI-Verfahren_Strobel_Moerike.pdf|"Datenschutzrechtliche Analyse das AAI-Verfahrens"]] von der [[https://www.dfn.de/veranstaltungen/bt/vortraege/69-betriebstagung-2509-bis-26092018/|69. DFN-Betriebstagung]]. | + | **Anmerkungen:** |
| + | * Die hier aufgelisteten Varianten beziehen sich auf die Lösungsmodelle aus der Präsentation [[https://www.dfn.de/fileadmin/3Beratung/Betriebstagungen/bt69/BT69_AAI_DS-AAI-Verfahren_Strobel_Moerike.pdf|"Datenschutzrechtliche Analyse das AAI-Verfahrens"]] von der [[https://www.dfn.de/veranstaltungen/bt/vortraege/69-betriebstagung-2509-bis-26092018/|69. DFN-Betriebstagung]]. | ||
| + | * Sollen zusätzlich zu Variante 1 weitere Lösungsmodelle implementiert werden, müssen spezifische Interceptor Flows definiert werden. Siehe hierzu auf der [[de:shibidp3consent_dsgvo|Hauptseite]]. | ||
| + | * Die u.g. Beispiele erfordern entsprechend angepasste Message Properties. Siehe hierzu auf der [[de:shibidp3consent_dsgvo|Hauptseite]]. | ||
| - | Variante 1*: | + | ===== Variante 1: Einwilligung ===== |
| + | **Freiwilligkeit, Art. 6 Abs. 1 lit. a** | ||
| <file xml ./views/intercept/attribute-release.vm> | <file xml ./views/intercept/attribute-release.vm> | ||
| Zeile 142: | Zeile 146: | ||
| <a href="javascript:window.print()">#springMessageText("idp.attribute-release.print_page", "Print Page")</a> | <a href="javascript:window.print()">#springMessageText("idp.attribute-release.print_page", "Print Page")</a> | ||
| <input type="submit" name="_eventId_proceed" value="#springMessageText("idp.attribute-release.accept", "Accept")"> | <input type="submit" name="_eventId_proceed" value="#springMessageText("idp.attribute-release.accept", "Accept")"> | ||
| + | </p> | ||
| + | </div> | ||
| + | </div> | ||
| + | </form> | ||
| + | </body> | ||
| + | </html> | ||
| + | </file> | ||
| + | |||
| + | ===== Variante 2: Notwendigkeit ===== | ||
| + | **Durchführung des Beschäftigungsverhältnisses, Art. 88 in Verbindung mit § 26 BDSG (neu)** | ||
| + | |||
| + | <file xml ./views/intercept/attribute-must.vm> | ||
| + | ## | ||
| + | ## Velocity Template for DisplayAttributeReleasePage view-state | ||
| + | ## | ||
| + | ## Velocity context will contain the following properties : | ||
| + | ## | ||
| + | ## attributeReleaseContext - context holding consentable attributes | ||
| + | ## attributeReleaseFlowDescriptor - attribute consent flow descriptor | ||
| + | ## attributeDisplayNameFunction - function to display attribute name | ||
| + | ## consentContext - context representing the state of a consent flow | ||
| + | ## encoder - HTMLEncoder class | ||
| + | ## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl) | ||
| + | ## flowExecutionUrl - form action location | ||
| + | ## flowRequestContext - Spring Web Flow RequestContext | ||
| + | ## profileRequestContext - OpenSAML profile request context | ||
| + | ## request - HttpServletRequest | ||
| + | ## response - HttpServletResponse | ||
| + | ## rpUIContext - context with SP UI information from the metadata | ||
| + | ## environment - Spring Environment object for property resolution | ||
| + | #set ($serviceName = $rpUIContext.serviceName) | ||
| + | #set ($serviceDescription = $rpUIContext.serviceDescription) | ||
| + | #set ($informationURL = $rpUIContext.informationURL) | ||
| + | #set ($privacyStatementURL = $rpUIContext.privacyStatementURL) | ||
| + | #set ($rpOrganizationLogo = $rpUIContext.getLogo()) | ||
| + | #set ($rpOrganizationName = $rpUIContext.organizationDisplayName) | ||
| + | ## | ||
| + | <!DOCTYPE html> | ||
| + | <html> | ||
| + | <head> | ||
| + | <meta charset="UTF-8"> | ||
| + | <meta name="viewport" content="width=device-width,initial-scale=1.0"> | ||
| + | <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/consent.css"> | ||
| + | <title>#springMessageText("idp.attribute-release.title", "Information Release")</title> | ||
| + | </head> | ||
| + | <body> | ||
| + | <form action="$flowExecutionUrl" method="post" style="padding:10px" > | ||
| + | <div class="box"> | ||
| + | <header> | ||
| + | <img src="$request.getContextPath()#springMessage("idp.logo")" alt="#springMessageText("idp.logo.alt-text", "logo")" class="federation_logo"> | ||
| + | #if ($rpOrganizationLogo) | ||
| + | <img src="$encoder.encodeForHTMLAttribute($rpOrganizationLogo)" alt="logo for $encoder.encodeForHTMLAttribute($serviceName)" class="organization_logo"> | ||
| + | #end | ||
| + | </header> | ||
| + | <br clear="all"/> | ||
| + | #if ($serviceName) | ||
| + | <p style="margin-top: 10px;"> | ||
| + | #springMessageText("idp.attribute-release.serviceNameLabel", "You are about to access the service:")<br> | ||
| + | <span class="service_name">$serviceName</span> | ||
| + | #if ($rpOrganizationName) | ||
| + | #springMessageText("idp.attribute-release.of", "of") <span class="organization_name">$encoder.encodeForHTML($rpOrganizationName)</span> | ||
| + | #end | ||
| + | </p> | ||
| + | #end | ||
| + | #if ($serviceDescription) | ||
| + | <p style="margin-top: 10px;"> | ||
| + | #springMessageText("idp.attribute-release.serviceDescriptionLabel", "Description as provided by this service:")<br> | ||
| + | <span class="service_description">$encoder.encodeForHTML($serviceDescription)</span> | ||
| + | <br> | ||
| + | </p> | ||
| + | #end | ||
| + | #if ($informationURL) | ||
| + | <p style="margin-top: 10px;"> | ||
| + | <a href="$informationURL">#springMessageText("idp.attribute-release.informationURLLabel", "Additional information about the service")</a> | ||
| + | </p> | ||
| + | #end | ||
| + | <div id="attributeRelease"> | ||
| + | <table> | ||
| + | <thead> | ||
| + | <tr> | ||
| + | <th colspan="3"> | ||
| + | #springMessageText("idp.attribute-release.attributesHeader", "Information to be Provided to Service") | ||
| + | </th> | ||
| + | </tr> | ||
| + | </thead> | ||
| + | <tbody> | ||
| + | #foreach ($attribute in $attributeReleaseContext.getConsentableAttributes().values()) | ||
| + | <tr> | ||
| + | <td>$encoder.encodeForHTML($attributeDisplayNameFunction.apply($attribute))</td> | ||
| + | <td> | ||
| + | #foreach ($value in $attribute.values) | ||
| + | <strong>$encoder.encodeForHTML($value.getDisplayValue())</strong> | ||
| + | <br> | ||
| + | #end | ||
| + | </td> | ||
| + | <td style="vertical-align: top"> | ||
| + | #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) | ||
| + | #set ($inputType = "checkbox") | ||
| + | #else | ||
| + | #set ($inputType = "hidden") | ||
| + | #end | ||
| + | <input id="$attribute.id" type="$inputType" name="_shib_idp_consentIds" value="$encoder.encodeForHTML($attribute.id)" checked> | ||
| + | </td> | ||
| + | </tr> | ||
| + | #end | ||
| + | <tr> | ||
| + | <td colspan="3">#springMessageText("idp.attribute-release.name_ids", "Furthermore, a transient or persistent Id will be released")</td> | ||
| + | </tr> | ||
| + | </tbody> | ||
| + | </table> | ||
| + | </div> | ||
| + | #if ($privacyStatementURL) | ||
| + | <p style="margin-top: 10px;"> | ||
| + | <a href="$privacyStatementURL">#springMessageText("idp.attribute-release.privacyStatementURLLabel", "Data privacy information of the service")</a> | ||
| + | </p> | ||
| + | #end | ||
| + | <p> | ||
| + | <input id="_shib_idp_doNotRememberConsent" type="radio" name="_shib_idp_consentOptions" value="_shib_idp_doNotRememberConsent"> | ||
| + | #springMessageText("idp.attribute-must.doNotRememberConsent", "Ask me again at next login") | ||
| + | </p> | ||
| + | <p> | ||
| + | <input id="_shib_idp_rememberConsent" type="radio" name="_shib_idp_consentOptions" value="_shib_idp_rememberConsent" checked> | ||
| + | #springMessageText("idp.attribute-must.rememberConsent", "Ask me again if information changes") | ||
| + | </p> | ||
| + | |||
| + | <div style="float:left;"> | ||
| + | <p><b> | ||
| + | #springMessageText("idp.attribute-must.information", "Honestly, you have no choice...") | ||
| + | </b></p> | ||
| + | </div> | ||
| + | <p style="text-align: center;"> | ||
| + | <input type="submit" name="_eventId_proceed" value="#springMessageText("idp.attribute-must.accept", "OK")"> | ||
| + | </p> | ||
| + | </div> | ||
| + | </div> | ||
| + | </form> | ||
| + | </body> | ||
| + | </html> | ||
| + | </file> | ||
| + | |||
| + | ===== Variante 3: "Nützliche Dienste" ===== | ||
| + | **Kein Zwang, aber Interesse der Einrichtung an Nutzung des Dienstes, Art. 6 Abs. 1 lit. e (in Verbindung mit spezieller Erlaubnisnorm) oder lit. f. Widerspruchsrecht nach Art. 21 Abs. 1** | ||
| + | |||
| + | <file xml ./views/intercept/attribute-info.vm> | ||
| + | ## | ||
| + | ## Velocity Template for DisplayAttributeReleasePage view-state | ||
| + | ## | ||
| + | ## Velocity context will contain the following properties : | ||
| + | ## | ||
| + | ## attributeReleaseContext - context holding consentable attributes | ||
| + | ## attributeReleaseFlowDescriptor - attribute consent flow descriptor | ||
| + | ## attributeDisplayNameFunction - function to display attribute name | ||
| + | ## consentContext - context representing the state of a consent flow | ||
| + | ## encoder - HTMLEncoder class | ||
| + | ## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl) | ||
| + | ## flowExecutionUrl - form action location | ||
| + | ## flowRequestContext - Spring Web Flow RequestContext | ||
| + | ## profileRequestContext - OpenSAML profile request context | ||
| + | ## request - HttpServletRequest | ||
| + | ## response - HttpServletResponse | ||
| + | ## rpUIContext - context with SP UI information from the metadata | ||
| + | ## environment - Spring Environment object for property resolution | ||
| + | #set ($serviceName = $rpUIContext.serviceName) | ||
| + | #set ($serviceDescription = $rpUIContext.serviceDescription) | ||
| + | #set ($informationURL = $rpUIContext.informationURL) | ||
| + | #set ($privacyStatementURL = $rpUIContext.privacyStatementURL) | ||
| + | #set ($rpOrganizationLogo = $rpUIContext.getLogo()) | ||
| + | #set ($rpOrganizationName = $rpUIContext.organizationDisplayName) | ||
| + | ## | ||
| + | <!DOCTYPE html> | ||
| + | <html> | ||
| + | <head> | ||
| + | <meta charset="UTF-8"> | ||
| + | <meta name="viewport" content="width=device-width,initial-scale=1.0"> | ||
| + | <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/consent.css"> | ||
| + | <title>#springMessageText("idp.attribute-release.title", "Information Release")</title> | ||
| + | </head> | ||
| + | <body> | ||
| + | <form action="$flowExecutionUrl" method="post" style="padding:10px" > | ||
| + | <div class="box"> | ||
| + | <header> | ||
| + | <img src="$request.getContextPath()#springMessage("idp.logo")" alt="#springMessageText("idp.logo.alt-text", "logo")" class="federation_logo"> | ||
| + | #if ($rpOrganizationLogo) | ||
| + | <img src="$encoder.encodeForHTMLAttribute($rpOrganizationLogo)" alt="logo for $encoder.encodeForHTMLAttribute($serviceName)" class="organization_logo"> | ||
| + | #end | ||
| + | </header> | ||
| + | <br clear="all"/> | ||
| + | #if ($serviceName) | ||
| + | <p style="margin-top: 10px;"> | ||
| + | #springMessageText("idp.attribute-release.serviceNameLabel", "You are about to access the service:")<br> | ||
| + | <span class="service_name">$serviceName</span> | ||
| + | #if ($rpOrganizationName) | ||
| + | #springMessageText("idp.attribute-release.of", "of") <span class="organization_name">$encoder.encodeForHTML($rpOrganizationName)</span> | ||
| + | #end | ||
| + | </p> | ||
| + | #end | ||
| + | #if ($serviceDescription) | ||
| + | <p style="margin-top: 10px;"> | ||
| + | #springMessageText("idp.attribute-release.serviceDescriptionLabel", "Description as provided by this service:")<br> | ||
| + | <span class="service_description">$encoder.encodeForHTML($serviceDescription)</span> | ||
| + | <br> | ||
| + | </p> | ||
| + | #end | ||
| + | #if ($informationURL) | ||
| + | <p style="margin-top: 10px;"> | ||
| + | <a href="$informationURL">#springMessageText("idp.attribute-release.informationURLLabel", "Additional information about the service")</a> | ||
| + | </p> | ||
| + | #end | ||
| + | <div id="attributeRelease"> | ||
| + | <table> | ||
| + | <thead> | ||
| + | <tr> | ||
| + | <th colspan="3"> | ||
| + | #springMessageText("idp.attribute-release.attributesHeader", "Information to be Provided to Service") | ||
| + | </th> | ||
| + | </tr> | ||
| + | </thead> | ||
| + | <tbody> | ||
| + | #foreach ($attribute in $attributeReleaseContext.getConsentableAttributes().values()) | ||
| + | <tr> | ||
| + | <td>$encoder.encodeForHTML($attributeDisplayNameFunction.apply($attribute))</td> | ||
| + | <td> | ||
| + | #foreach ($value in $attribute.values) | ||
| + | <strong>$encoder.encodeForHTML($value.getDisplayValue())</strong> | ||
| + | <br> | ||
| + | #end | ||
| + | </td> | ||
| + | <td style="vertical-align: top"> | ||
| + | #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) | ||
| + | #set ($inputType = "checkbox") | ||
| + | #else | ||
| + | #set ($inputType = "hidden") | ||
| + | #end | ||
| + | <input id="$attribute.id" type="$inputType" name="_shib_idp_consentIds" value="$encoder.encodeForHTML($attribute.id)" checked> | ||
| + | </td> | ||
| + | </tr> | ||
| + | #end | ||
| + | <tr> | ||
| + | <td colspan="3">#springMessageText("idp.attribute-release.name_ids", "Furthermore, a transient or persistent Id will be released")</td> | ||
| + | </tr> | ||
| + | </tbody> | ||
| + | </table> | ||
| + | </div> | ||
| + | #if ($privacyStatementURL) | ||
| + | <p style="margin-top: 10px;"> | ||
| + | <a href="$privacyStatementURL">#springMessageText("idp.attribute-release.privacyStatementURLLabel", "Data privacy information of the service")</a> | ||
| + | </p> | ||
| + | #end | ||
| + | <p> | ||
| + | <input id="_shib_idp_doNotRememberConsent" type="radio" name="_shib_idp_consentOptions" value="_shib_idp_doNotRememberConsent"> | ||
| + | #springMessageText("idp.attribute-info.doNotRememberConsent", "Ask me again at next login") | ||
| + | </p> | ||
| + | <p> | ||
| + | <input id="_shib_idp_rememberConsent" type="radio" name="_shib_idp_consentOptions" value="_shib_idp_rememberConsent" checked> | ||
| + | #springMessageText("idp.attribute-info.rememberConsent", "Ask me again if information changes") | ||
| + | </p> | ||
| + | |||
| + | <div style="float:left;"> | ||
| + | <p><b> | ||
| + | #springMessageText("idp.attribute-info.information", "Honestly, you have no choice...") | ||
| + | </b></p> | ||
| + | </div> | ||
| + | <p style="text-align: center;"> | ||
| + | <input type="submit" name="_eventId_proceed" value="#springMessageText("idp.attribute-info.accept", "OK")"> | ||
| </p> | </p> | ||
| </div> | </div> | ||
- Zuletzt geändert: vor 9 Monaten