Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung Nächste ÜberarbeitungBeide Seiten der Revision | ||
de:shibidp3consent_dsgvo_attribute_release [2019/01/21 16:50] – Wolfgang Pempe | de:shibidp3consent_dsgvo_attribute_release [2021/05/03 14:59] – ↷ Links angepasst weil Seiten im Wiki verschoben wurden Silke Meyer | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
====== Beispiel für eine EU-DSGVO-konforme Konfiguration des User Consent Moduls - Attribute Release Templates ====== | ====== Beispiel für eine EU-DSGVO-konforme Konfiguration des User Consent Moduls - Attribute Release Templates ====== | ||
- | **[[de:shibidp3consent_dsgvo|Zurück zur Hauptseite]]** | + | **[[de:shibidp: |
**Anmerkungen: | **Anmerkungen: | ||
* Die hier aufgelisteten Varianten beziehen sich auf die Lösungsmodelle aus der Präsentation [[https:// | * Die hier aufgelisteten Varianten beziehen sich auf die Lösungsmodelle aus der Präsentation [[https:// | ||
- | * Sollen zusätzlich zu Variante 1 weitere Lösungsmodelle implementiert werden, müssen spezifische Interceptor Flows definiert werden. Siehe hierzu auf der [[de:shibidp3consent_dsgvo|Hauptseite]]. | + | * Sollen zusätzlich zu Variante 1 weitere Lösungsmodelle implementiert werden, müssen spezifische Interceptor Flows definiert werden. Siehe hierzu auf der [[de:shibidp: |
- | * Die u.g. Beispiele erfordern entsprechend angepasste Message Properties. Siehe hierzu auf der [[de:shibidp3consent_dsgvo|Hauptseite]]. | + | * Die u.g. Beispiele erfordern entsprechend angepasste Message Properties. Siehe hierzu auf der [[de:shibidp: |
- | ===== Variante 1: Einwilligung | + | ===== Variante 1: Einwilligung |
+ | **Freiwilligkeit, | ||
+ | ==== Shib IdP 4.0.x ==== | ||
<file xml ./ | <file xml ./ | ||
## | ## | ||
Zeile 18: | Zeile 20: | ||
## attributeReleaseFlowDescriptor - attribute consent flow descriptor | ## attributeReleaseFlowDescriptor - attribute consent flow descriptor | ||
## attributeDisplayNameFunction - function to display attribute name | ## attributeDisplayNameFunction - function to display attribute name | ||
+ | ## attributeDisplayDescriptionFunction - function to display attribute description | ||
## consentContext - context representing the state of a consent flow | ## consentContext - context representing the state of a consent flow | ||
## encoder - HTMLEncoder class | ## encoder - HTMLEncoder class | ||
Zeile 34: | Zeile 37: | ||
#set ($rpOrganizationLogo = $rpUIContext.getLogo()) | #set ($rpOrganizationLogo = $rpUIContext.getLogo()) | ||
#set ($rpOrganizationName = $rpUIContext.organizationDisplayName) | #set ($rpOrganizationName = $rpUIContext.organizationDisplayName) | ||
+ | #set ($replaceDollarWithNewline = true) | ||
## | ## | ||
< | < | ||
Zeile 45: | Zeile 49: | ||
< | < | ||
<form action=" | <form action=" | ||
+ | # | ||
<div class=" | <div class=" | ||
< | < | ||
Zeile 52: | Zeile 57: | ||
#end | #end | ||
</ | </ | ||
- | <br clear=" | + | |
#if ($serviceName) | #if ($serviceName) | ||
<p style=" | <p style=" | ||
Zeile 89: | Zeile 94: | ||
<td> | <td> | ||
#foreach ($value in $attribute.values) | #foreach ($value in $attribute.values) | ||
- | <strong> | + | |
+ | #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue()).replaceAll($encoder.encodeForHTML(' | ||
+ | #else | ||
+ | #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue())) | ||
+ | #end | ||
+ | #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) | ||
+ | <label for=" | ||
+ | #else | ||
+ | < | ||
+ | #end | ||
<br> | <br> | ||
#end | #end | ||
Zeile 121: | Zeile 135: | ||
#if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed) | #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed) | ||
<p> | <p> | ||
- | <input id=" | + | <input id=" |
- | # | + | |
</p> | </p> | ||
#end | #end | ||
#if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed) | #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed) | ||
<p> | <p> | ||
- | <input id=" | + | <input id=" |
- | # | + | |
</p> | </p> | ||
#end | #end | ||
Zeile 134: | Zeile 148: | ||
<p> | <p> | ||
<input id=" | <input id=" | ||
- | # | + | |
</p> | </p> | ||
#end | #end | ||
Zeile 142: | Zeile 156: | ||
#end | #end | ||
<p style=" | <p style=" | ||
- | | + | |
<a href=" | <a href=" | ||
- | | + | |
</p> | </p> | ||
</ | </ | ||
Zeile 150: | Zeile 164: | ||
</ | </ | ||
</ | </ | ||
- | </ | + | </ |
</ | </ | ||
- | ===== Variante 2: Notwendigkeit | + | ===== Variante 2: Notwendigkeit |
+ | **Durchführung des Beschäftigungsverhältnisses, | ||
+ | ==== Shib IdP 4.0.x ==== | ||
<file xml ./ | <file xml ./ | ||
## | ## | ||
Zeile 164: | Zeile 180: | ||
## attributeReleaseFlowDescriptor - attribute consent flow descriptor | ## attributeReleaseFlowDescriptor - attribute consent flow descriptor | ||
## attributeDisplayNameFunction - function to display attribute name | ## attributeDisplayNameFunction - function to display attribute name | ||
+ | ## attributeDisplayDescriptionFunction - function to display attribute description | ||
## consentContext - context representing the state of a consent flow | ## consentContext - context representing the state of a consent flow | ||
## encoder - HTMLEncoder class | ## encoder - HTMLEncoder class | ||
Zeile 180: | Zeile 197: | ||
#set ($rpOrganizationLogo = $rpUIContext.getLogo()) | #set ($rpOrganizationLogo = $rpUIContext.getLogo()) | ||
#set ($rpOrganizationName = $rpUIContext.organizationDisplayName) | #set ($rpOrganizationName = $rpUIContext.organizationDisplayName) | ||
+ | #set ($replaceDollarWithNewline = true) | ||
## | ## | ||
< | < | ||
Zeile 191: | Zeile 209: | ||
< | < | ||
<form action=" | <form action=" | ||
+ | # | ||
<div class=" | <div class=" | ||
< | < | ||
Zeile 235: | Zeile 254: | ||
<td> | <td> | ||
#foreach ($value in $attribute.values) | #foreach ($value in $attribute.values) | ||
- | <strong> | + | |
+ | #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue()).replaceAll($encoder.encodeForHTML(' | ||
+ | #else | ||
+ | #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue())) | ||
+ | #end | ||
+ | #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) | ||
+ | <label for=" | ||
+ | #else | ||
+ | < | ||
+ | #end | ||
<br> | <br> | ||
#end | #end | ||
Zeile 260: | Zeile 288: | ||
</p> | </p> | ||
#end | #end | ||
- | <p> | + | <div id=" |
- | <input id=" | + | |
- | # | + | |
- | </ | + | < |
- | <p> | + | </ |
- | <input id=" | + | |
- | # | + | |
+ | <input id=" | ||
+ | < | ||
+ | </ | ||
+ | |||
+ | <div style=" | ||
+ | < | ||
+ | # | ||
+ | </ | ||
+ | </ | ||
+ | <p style=" | ||
+ | <input type=" | ||
</p> | </p> | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
- | | + | ===== Variante 3: " |
- | < | + | **Kein Zwang, aber Interesse der Einrichtung an Nutzung des Dienstes, Art. 6 Abs. 1 lit. e (in Verbindung mit spezieller Erlaubnisnorm) oder lit. f. Widerspruchsrecht nach Art. 21 Abs. 1** |
- | | + | |
- | </b></p> | + | ==== Shib IdP 4.0.x ==== |
+ | <file xml ./ | ||
+ | ## | ||
+ | ## Velocity Template for DisplayAttributeReleasePage view-state | ||
+ | ## | ||
+ | ## Velocity context will contain the following properties : | ||
+ | ## | ||
+ | ## attributeReleaseContext - context holding consentable attributes | ||
+ | ## attributeReleaseFlowDescriptor - attribute consent flow descriptor | ||
+ | ## attributeDisplayNameFunction - function to display attribute name | ||
+ | ## attributeDisplayDescriptionFunction - function to display attribute description | ||
+ | ## consentContext - context representing the state of a consent flow | ||
+ | ## encoder - HTMLEncoder class | ||
+ | ## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl) | ||
+ | ## flowExecutionUrl - form action location | ||
+ | ## flowRequestContext - Spring Web Flow RequestContext | ||
+ | ## profileRequestContext - OpenSAML profile request context | ||
+ | ## request - HttpServletRequest | ||
+ | ## response - HttpServletResponse | ||
+ | ## rpUIContext - context with SP UI information from the metadata | ||
+ | ## environment - Spring Environment object for property resolution | ||
+ | #set ($serviceName = $rpUIContext.serviceName) | ||
+ | #set ($serviceDescription = $rpUIContext.serviceDescription) | ||
+ | #set ($informationURL = $rpUIContext.informationURL) | ||
+ | #set ($privacyStatementURL = $rpUIContext.privacyStatementURL) | ||
+ | #set ($rpOrganizationLogo = $rpUIContext.getLogo()) | ||
+ | #set ($rpOrganizationName = $rpUIContext.organizationDisplayName) | ||
+ | #set ($replaceDollarWithNewline = true) | ||
+ | ## | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | <meta charset=" | ||
+ | <meta name=" | ||
+ | <link rel=" | ||
+ | < | ||
+ | </ | ||
+ | < | ||
+ | <form action=" | ||
+ | # | ||
+ | | ||
+ | < | ||
+ | <img src=" | ||
+ | #if ($rpOrganizationLogo) | ||
+ | <img src=" | ||
+ | #end | ||
+ | </ | ||
+ | < | ||
+ | #if ($serviceName) | ||
+ | <p style=" | ||
+ | # | ||
+ | <span class=" | ||
+ | #if ($rpOrganizationName) | ||
+ | # | ||
+ | #end | ||
+ | </p> | ||
+ | #end | ||
+ | #if ($serviceDescription) | ||
+ | | ||
+ | # | ||
+ | <span class=" | ||
+ | < | ||
+ | </ | ||
+ | #end | ||
+ | #if ($informationURL) | ||
+ | <p style=" | ||
+ | <a href=" | ||
+ | </ | ||
+ | #end | ||
+ | <div id=" | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | <th colspan=" | ||
+ | # | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | < | ||
+ | #foreach ($attribute in $attributeReleaseContext.getConsentableAttributes().values()) | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | #foreach ($value in $attribute.values) | ||
+ | #if ($replaceDollarWithNewline) | ||
+ | #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue()).replaceAll($encoder.encodeForHTML(' | ||
+ | #else | ||
+ | #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue())) | ||
+ | #end | ||
+ | #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) | ||
+ | <label for="$attribute.id">< | ||
+ | #else | ||
+ | < | ||
+ | #end | ||
+ | < | ||
+ | #end | ||
+ | </ | ||
+ | <td style=" | ||
+ | #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) | ||
+ | #set ($inputType = " | ||
+ | #else | ||
+ | #set ($inputType = " | ||
+ | #end | ||
+ | <input id=" | ||
+ | | ||
+ | | ||
+ | #end | ||
+ | < | ||
+ | <td colspan=" | ||
+ | </ | ||
+ | </ | ||
+ | </table> | ||
</ | </ | ||
+ | #if ($privacyStatementURL) | ||
+ | <p style=" | ||
+ | <a href=" | ||
+ | </p> | ||
+ | #end | ||
+ | <div id=" | ||
+ | <p> | ||
+ | <input id=" | ||
+ | <label for=" | ||
+ | </p> | ||
+ | | ||
+ | <p> | ||
+ | <input id=" | ||
+ | <label for=" | ||
+ | </p> | ||
+ | | ||
+ | <div style=" | ||
+ | < | ||
+ | # | ||
+ | </ | ||
+ | </ | ||
<p style=" | <p style=" | ||
- | <input type=" | + | <input type=" |
</p> | </p> | ||
</ | </ | ||
Zeile 281: | Zeile 458: | ||
</ | </ | ||
</ | </ | ||
+ | </ | ||
</ | </ | ||
+ | |||
+ | {{tag> |