Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung Nächste ÜberarbeitungBeide Seiten der Revision | ||
de:shibidp3consent_dsgvo_attribute_release [2020/11/19 19:20] – [Shib IdP 4.x] Wolfgang Pempe | de:shibidp3consent_dsgvo_attribute_release [2021/05/03 14:59] – ↷ Links angepasst weil Seiten im Wiki verschoben wurden Silke Meyer | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
====== Beispiel für eine EU-DSGVO-konforme Konfiguration des User Consent Moduls - Attribute Release Templates ====== | ====== Beispiel für eine EU-DSGVO-konforme Konfiguration des User Consent Moduls - Attribute Release Templates ====== | ||
- | **[[de:shibidp3consent_dsgvo|Zurück zur Hauptseite]]** | + | **[[de:shibidp: |
**Anmerkungen: | **Anmerkungen: | ||
* Die hier aufgelisteten Varianten beziehen sich auf die Lösungsmodelle aus der Präsentation [[https:// | * Die hier aufgelisteten Varianten beziehen sich auf die Lösungsmodelle aus der Präsentation [[https:// | ||
- | * Sollen zusätzlich zu Variante 1 weitere Lösungsmodelle implementiert werden, müssen spezifische Interceptor Flows definiert werden. Siehe hierzu auf der [[de:shibidp3consent_dsgvo|Hauptseite]]. | + | * Sollen zusätzlich zu Variante 1 weitere Lösungsmodelle implementiert werden, müssen spezifische Interceptor Flows definiert werden. Siehe hierzu auf der [[de:shibidp: |
- | * Die u.g. Beispiele erfordern entsprechend angepasste Message Properties. Siehe hierzu auf der [[de:shibidp3consent_dsgvo|Hauptseite]]. | + | * Die u.g. Beispiele erfordern entsprechend angepasste Message Properties. Siehe hierzu auf der [[de:shibidp: |
===== Variante 1: Einwilligung ===== | ===== Variante 1: Einwilligung ===== | ||
**Freiwilligkeit, | **Freiwilligkeit, | ||
- | ==== Shib IdP 3.x ==== | ||
- | <file xml ./ | ||
- | ## | ||
- | ## Velocity Template for DisplayAttributeReleasePage view-state | ||
- | ## | ||
- | ## Velocity context will contain the following properties : | ||
- | ## | ||
- | ## attributeReleaseContext - context holding consentable attributes | ||
- | ## attributeReleaseFlowDescriptor - attribute consent flow descriptor | ||
- | ## attributeDisplayNameFunction - function to display attribute name | ||
- | ## consentContext - context representing the state of a consent flow | ||
- | ## encoder - HTMLEncoder class | ||
- | ## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl) | ||
- | ## flowExecutionUrl - form action location | ||
- | ## flowRequestContext - Spring Web Flow RequestContext | ||
- | ## profileRequestContext - OpenSAML profile request context | ||
- | ## request - HttpServletRequest | ||
- | ## response - HttpServletResponse | ||
- | ## rpUIContext - context with SP UI information from the metadata | ||
- | ## environment - Spring Environment object for property resolution | ||
- | #set ($serviceName = $rpUIContext.serviceName) | ||
- | #set ($serviceDescription = $rpUIContext.serviceDescription) | ||
- | #set ($informationURL = $rpUIContext.informationURL) | ||
- | #set ($privacyStatementURL = $rpUIContext.privacyStatementURL) | ||
- | #set ($rpOrganizationLogo = $rpUIContext.getLogo()) | ||
- | #set ($rpOrganizationName = $rpUIContext.organizationDisplayName) | ||
- | ## | ||
- | < | ||
- | < | ||
- | < | ||
- | <meta charset=" | ||
- | <meta name=" | ||
- | <link rel=" | ||
- | < | ||
- | </ | ||
- | < | ||
- | <form action=" | ||
- | <div class=" | ||
- | < | ||
- | <img src=" | ||
- | #if ($rpOrganizationLogo) | ||
- | <img src=" | ||
- | #end | ||
- | </ | ||
- | < | ||
- | #if ($serviceName) | ||
- | <p style=" | ||
- | # | ||
- | <span class=" | ||
- | #if ($rpOrganizationName) | ||
- | # | ||
- | #end | ||
- | </p> | ||
- | #end | ||
- | #if ($serviceDescription) | ||
- | <p style=" | ||
- | # | ||
- | <span class=" | ||
- | <br> | ||
- | </p> | ||
- | #end | ||
- | #if ($informationURL) | ||
- | <p style=" | ||
- | <a href=" | ||
- | </p> | ||
- | #end | ||
- | <div id=" | ||
- | < | ||
- | < | ||
- | <tr> | ||
- | <th colspan=" | ||
- | # | ||
- | </th> | ||
- | </tr> | ||
- | </ | ||
- | < | ||
- | #foreach ($attribute in $attributeReleaseContext.getConsentableAttributes().values()) | ||
- | <tr> | ||
- | < | ||
- | <td> | ||
- | #foreach ($value in $attribute.values) | ||
- | < | ||
- | <br> | ||
- | #end | ||
- | </td> | ||
- | <td style=" | ||
- | #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) | ||
- | #set ($inputType = " | ||
- | #else | ||
- | #set ($inputType = " | ||
- | #end | ||
- | <input id=" | ||
- | </td> | ||
- | </tr> | ||
- | #end | ||
- | <tr> | ||
- | <td colspan=" | ||
- | </tr> | ||
- | </ | ||
- | </ | ||
- | </ | ||
- | #if ($privacyStatementURL) | ||
- | <p style=" | ||
- | <a href=" | ||
- | </p> | ||
- | #end | ||
- | <div style=" | ||
- | #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed) | ||
- | <div id=" | ||
- | # | ||
- | #end | ||
- | #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed) | ||
- | <p> | ||
- | <input id=" | ||
- | # | ||
- | </p> | ||
- | #end | ||
- | #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed) | ||
- | <p> | ||
- | <input id=" | ||
- | # | ||
- | </p> | ||
- | #end | ||
- | #if ($attributeReleaseFlowDescriptor.globalConsentAllowed) | ||
- | <p> | ||
- | <input id=" | ||
- | # | ||
- | </p> | ||
- | #end | ||
- | #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed) | ||
- | # | ||
- | </ | ||
- | #end | ||
- | <p style=" | ||
- | <input type=" | ||
- | <a href=" | ||
- | <input type=" | ||
- | </p> | ||
- | </ | ||
- | </ | ||
- | </ | ||
- | </ | ||
- | </ | ||
- | </ | ||
- | ==== Shib IdP 4.x ==== | + | ==== Shib IdP 4.0.x ==== |
<file xml ./ | <file xml ./ | ||
## | ## | ||
Zeile 313: | Zeile 169: | ||
===== Variante 2: Notwendigkeit ===== | ===== Variante 2: Notwendigkeit ===== | ||
**Durchführung des Beschäftigungsverhältnisses, | **Durchführung des Beschäftigungsverhältnisses, | ||
- | ==== Shib IdP 3.x ==== | ||
- | <file xml ./ | ||
- | ## | ||
- | ## Velocity Template for DisplayAttributeReleasePage view-state | ||
- | ## | ||
- | ## Velocity context will contain the following properties : | ||
- | ## | ||
- | ## attributeReleaseContext - context holding consentable attributes | ||
- | ## attributeReleaseFlowDescriptor - attribute consent flow descriptor | ||
- | ## attributeDisplayNameFunction - function to display attribute name | ||
- | ## consentContext - context representing the state of a consent flow | ||
- | ## encoder - HTMLEncoder class | ||
- | ## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl) | ||
- | ## flowExecutionUrl - form action location | ||
- | ## flowRequestContext - Spring Web Flow RequestContext | ||
- | ## profileRequestContext - OpenSAML profile request context | ||
- | ## request - HttpServletRequest | ||
- | ## response - HttpServletResponse | ||
- | ## rpUIContext - context with SP UI information from the metadata | ||
- | ## environment - Spring Environment object for property resolution | ||
- | #set ($serviceName = $rpUIContext.serviceName) | ||
- | #set ($serviceDescription = $rpUIContext.serviceDescription) | ||
- | #set ($informationURL = $rpUIContext.informationURL) | ||
- | #set ($privacyStatementURL = $rpUIContext.privacyStatementURL) | ||
- | #set ($rpOrganizationLogo = $rpUIContext.getLogo()) | ||
- | #set ($rpOrganizationName = $rpUIContext.organizationDisplayName) | ||
- | ## | ||
- | < | ||
- | < | ||
- | < | ||
- | <meta charset=" | ||
- | <meta name=" | ||
- | <link rel=" | ||
- | < | ||
- | </ | ||
- | < | ||
- | <form action=" | ||
- | <div class=" | ||
- | < | ||
- | <img src=" | ||
- | #if ($rpOrganizationLogo) | ||
- | <img src=" | ||
- | #end | ||
- | </ | ||
- | < | ||
- | #if ($serviceName) | ||
- | <p style=" | ||
- | # | ||
- | <span class=" | ||
- | #if ($rpOrganizationName) | ||
- | # | ||
- | #end | ||
- | </p> | ||
- | #end | ||
- | #if ($serviceDescription) | ||
- | <p style=" | ||
- | # | ||
- | <span class=" | ||
- | <br> | ||
- | </p> | ||
- | #end | ||
- | #if ($informationURL) | ||
- | <p style=" | ||
- | <a href=" | ||
- | </p> | ||
- | #end | ||
- | <div id=" | ||
- | < | ||
- | < | ||
- | <tr> | ||
- | <th colspan=" | ||
- | # | ||
- | </th> | ||
- | </tr> | ||
- | </ | ||
- | < | ||
- | #foreach ($attribute in $attributeReleaseContext.getConsentableAttributes().values()) | ||
- | <tr> | ||
- | < | ||
- | <td> | ||
- | #foreach ($value in $attribute.values) | ||
- | < | ||
- | <br> | ||
- | #end | ||
- | </td> | ||
- | <td style=" | ||
- | #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) | ||
- | #set ($inputType = " | ||
- | #else | ||
- | #set ($inputType = " | ||
- | #end | ||
- | <input id=" | ||
- | </td> | ||
- | </tr> | ||
- | #end | ||
- | <tr> | ||
- | <td colspan=" | ||
- | </tr> | ||
- | </ | ||
- | </ | ||
- | </ | ||
- | #if ($privacyStatementURL) | ||
- | <p style=" | ||
- | <a href=" | ||
- | </p> | ||
- | #end | ||
- | <p> | ||
- | <input id=" | ||
- | # | ||
- | </p> | ||
- | <p> | ||
- | <input id=" | ||
- | # | ||
- | </p> | ||
- | |||
- | <div style=" | ||
- | < | ||
- | # | ||
- | </ | ||
- | </ | ||
- | <p style=" | ||
- | <input type=" | ||
- | </p> | ||
- | </ | ||
- | </ | ||
- | </ | ||
- | </ | ||
- | </ | ||
- | </ | ||
- | ==== Shib IdP 4.x ==== | + | ==== Shib IdP 4.0.x ==== |
<file xml ./ | <file xml ./ | ||
## | ## | ||
Zeile 563: | Zeile 290: | ||
<div id=" | <div id=" | ||
<p> | <p> | ||
- | <input id=" | + | <input id=" |
<label for=" | <label for=" | ||
</p> | </p> | ||
| | ||
<p> | <p> | ||
- | <input id=" | + | <input id=" |
<label for=" | <label for=" | ||
</p> | </p> | ||
Zeile 589: | Zeile 316: | ||
===== Variante 3: " | ===== Variante 3: " | ||
**Kein Zwang, aber Interesse der Einrichtung an Nutzung des Dienstes, Art. 6 Abs. 1 lit. e (in Verbindung mit spezieller Erlaubnisnorm) oder lit. f. Widerspruchsrecht nach Art. 21 Abs. 1** | **Kein Zwang, aber Interesse der Einrichtung an Nutzung des Dienstes, Art. 6 Abs. 1 lit. e (in Verbindung mit spezieller Erlaubnisnorm) oder lit. f. Widerspruchsrecht nach Art. 21 Abs. 1** | ||
- | ==== Shib IdP 3.x ==== | ||
- | <file xml ./ | ||
- | ## | ||
- | ## Velocity Template for DisplayAttributeReleasePage view-state | ||
- | ## | ||
- | ## Velocity context will contain the following properties : | ||
- | ## | ||
- | ## attributeReleaseContext - context holding consentable attributes | ||
- | ## attributeReleaseFlowDescriptor - attribute consent flow descriptor | ||
- | ## attributeDisplayNameFunction - function to display attribute name | ||
- | ## consentContext - context representing the state of a consent flow | ||
- | ## encoder - HTMLEncoder class | ||
- | ## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl) | ||
- | ## flowExecutionUrl - form action location | ||
- | ## flowRequestContext - Spring Web Flow RequestContext | ||
- | ## profileRequestContext - OpenSAML profile request context | ||
- | ## request - HttpServletRequest | ||
- | ## response - HttpServletResponse | ||
- | ## rpUIContext - context with SP UI information from the metadata | ||
- | ## environment - Spring Environment object for property resolution | ||
- | #set ($serviceName = $rpUIContext.serviceName) | ||
- | #set ($serviceDescription = $rpUIContext.serviceDescription) | ||
- | #set ($informationURL = $rpUIContext.informationURL) | ||
- | #set ($privacyStatementURL = $rpUIContext.privacyStatementURL) | ||
- | #set ($rpOrganizationLogo = $rpUIContext.getLogo()) | ||
- | #set ($rpOrganizationName = $rpUIContext.organizationDisplayName) | ||
- | ## | ||
- | < | ||
- | < | ||
- | < | ||
- | <meta charset=" | ||
- | <meta name=" | ||
- | <link rel=" | ||
- | < | ||
- | </ | ||
- | < | ||
- | <form action=" | ||
- | <div class=" | ||
- | < | ||
- | <img src=" | ||
- | #if ($rpOrganizationLogo) | ||
- | <img src=" | ||
- | #end | ||
- | </ | ||
- | < | ||
- | #if ($serviceName) | ||
- | <p style=" | ||
- | # | ||
- | <span class=" | ||
- | #if ($rpOrganizationName) | ||
- | # | ||
- | #end | ||
- | </p> | ||
- | #end | ||
- | #if ($serviceDescription) | ||
- | <p style=" | ||
- | # | ||
- | <span class=" | ||
- | <br> | ||
- | </p> | ||
- | #end | ||
- | #if ($informationURL) | ||
- | <p style=" | ||
- | <a href=" | ||
- | </p> | ||
- | #end | ||
- | <div id=" | ||
- | < | ||
- | < | ||
- | <tr> | ||
- | <th colspan=" | ||
- | # | ||
- | </th> | ||
- | </tr> | ||
- | </ | ||
- | < | ||
- | #foreach ($attribute in $attributeReleaseContext.getConsentableAttributes().values()) | ||
- | <tr> | ||
- | < | ||
- | <td> | ||
- | #foreach ($value in $attribute.values) | ||
- | < | ||
- | <br> | ||
- | #end | ||
- | </td> | ||
- | <td style=" | ||
- | #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) | ||
- | #set ($inputType = " | ||
- | #else | ||
- | #set ($inputType = " | ||
- | #end | ||
- | <input id=" | ||
- | </td> | ||
- | </tr> | ||
- | #end | ||
- | <tr> | ||
- | <td colspan=" | ||
- | </tr> | ||
- | </ | ||
- | </ | ||
- | </ | ||
- | #if ($privacyStatementURL) | ||
- | <p style=" | ||
- | <a href=" | ||
- | </p> | ||
- | #end | ||
- | <p> | ||
- | <input id=" | ||
- | # | ||
- | </p> | ||
- | <p> | ||
- | <input id=" | ||
- | # | ||
- | </p> | ||
- | |||
- | <div style=" | ||
- | < | ||
- | # | ||
- | </ | ||
- | </ | ||
- | <p style=" | ||
- | <input type=" | ||
- | </p> | ||
- | </ | ||
- | </ | ||
- | </ | ||
- | </ | ||
- | </ | ||
- | </ | ||
- | ==== Shib IdP 4.x ==== | + | ==== Shib IdP 4.0.x ==== |
<file xml ./ | <file xml ./ | ||
## | ## | ||
Zeile 839: | Zeile 437: | ||
<div id=" | <div id=" | ||
<p> | <p> | ||
- | <input id=" | + | <input id=" |
<label for=" | <label for=" | ||
</p> | </p> | ||
| | ||
<p> | <p> | ||
- | <input id=" | + | <input id=" |
<label for=" | <label for=" | ||
</p> | </p> | ||
Zeile 863: | Zeile 461: | ||
</ | </ | ||
- | {{tag> | + | {{tag> |
- | {{tag> | + |