Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
de:shibidp3consent_dsgvo_attribute_release [2019/01/21 16:18] – Wolfgang Pempe | de:shibidp:config-consent-dsgvo-attribute-release [2022/05/02 14:51] (aktuell) – Wolfgang Pempe | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
====== Beispiel für eine EU-DSGVO-konforme Konfiguration des User Consent Moduls - Attribute Release Templates ====== | ====== Beispiel für eine EU-DSGVO-konforme Konfiguration des User Consent Moduls - Attribute Release Templates ====== | ||
- | **[[de:shibidp3consent_dsgvo|Zurück zur Hauptseite]]** | + | **[[de:shibidp: |
- | **NB:** Die hier aufgelisteten Varianten beziehen sich auf die Szenarien | + | **Anmerkungen:** |
+ | | ||
+ | * Sollen zusätzlich zu Variante 1 weitere Lösungsmodelle implementiert werden, müssen spezifische Interceptor Flows definiert werden. Siehe hierzu auf der [[de: | ||
+ | * Die u.g. Beispiele erfordern entsprechend angepasste Message Properties. Siehe hierzu auf der [[de: | ||
- | Variante 1*: | + | ===== Variante 1: Einwilligung ===== |
+ | **Freiwilligkeit, | ||
+ | ==== Shib IdP 4.0.x ==== | ||
<file xml ./ | <file xml ./ | ||
## | ## | ||
Zeile 15: | Zeile 20: | ||
## attributeReleaseFlowDescriptor - attribute consent flow descriptor | ## attributeReleaseFlowDescriptor - attribute consent flow descriptor | ||
## attributeDisplayNameFunction - function to display attribute name | ## attributeDisplayNameFunction - function to display attribute name | ||
+ | ## attributeDisplayDescriptionFunction - function to display attribute description | ||
## consentContext - context representing the state of a consent flow | ## consentContext - context representing the state of a consent flow | ||
## encoder - HTMLEncoder class | ## encoder - HTMLEncoder class | ||
Zeile 31: | Zeile 37: | ||
#set ($rpOrganizationLogo = $rpUIContext.getLogo()) | #set ($rpOrganizationLogo = $rpUIContext.getLogo()) | ||
#set ($rpOrganizationName = $rpUIContext.organizationDisplayName) | #set ($rpOrganizationName = $rpUIContext.organizationDisplayName) | ||
+ | #set ($replaceDollarWithNewline = true) | ||
## | ## | ||
< | < | ||
Zeile 42: | Zeile 49: | ||
< | < | ||
<form action=" | <form action=" | ||
+ | # | ||
<div class=" | <div class=" | ||
< | < | ||
Zeile 49: | Zeile 57: | ||
#end | #end | ||
</ | </ | ||
- | <br clear=" | + | |
#if ($serviceName) | #if ($serviceName) | ||
<p style=" | <p style=" | ||
Zeile 86: | Zeile 94: | ||
<td> | <td> | ||
#foreach ($value in $attribute.values) | #foreach ($value in $attribute.values) | ||
- | <strong> | + | |
+ | #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue()).replaceAll($encoder.encodeForHTML(' | ||
+ | #else | ||
+ | #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue())) | ||
+ | #end | ||
+ | #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) | ||
+ | <label for=" | ||
+ | #else | ||
+ | < | ||
+ | #end | ||
<br> | <br> | ||
#end | #end | ||
Zeile 118: | Zeile 135: | ||
#if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed) | #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed) | ||
<p> | <p> | ||
- | <input id=" | + | <input id=" |
- | # | + | |
</p> | </p> | ||
#end | #end | ||
#if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed) | #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed) | ||
<p> | <p> | ||
- | <input id=" | + | <input id=" |
- | # | + | |
</p> | </p> | ||
#end | #end | ||
Zeile 131: | Zeile 148: | ||
<p> | <p> | ||
<input id=" | <input id=" | ||
- | # | + | |
</p> | </p> | ||
#end | #end | ||
Zeile 139: | Zeile 156: | ||
#end | #end | ||
<p style=" | <p style=" | ||
- | | + | |
<a href=" | <a href=" | ||
- | | + | |
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | ===== Variante 2: Notwendigkeit ===== | ||
+ | **Durchführung des Beschäftigungsverhältnisses, | ||
+ | |||
+ | ==== Shib IdP 4.0.x ==== | ||
+ | <file xml ./ | ||
+ | ## | ||
+ | ## Velocity Template for DisplayAttributeReleasePage view-state | ||
+ | ## | ||
+ | ## Velocity context will contain the following properties : | ||
+ | ## | ||
+ | ## attributeReleaseContext - context holding consentable attributes | ||
+ | ## attributeReleaseFlowDescriptor - attribute consent flow descriptor | ||
+ | ## attributeDisplayNameFunction - function to display attribute name | ||
+ | ## attributeDisplayDescriptionFunction - function to display attribute description | ||
+ | ## consentContext - context representing the state of a consent flow | ||
+ | ## encoder - HTMLEncoder class | ||
+ | ## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl) | ||
+ | ## flowExecutionUrl - form action location | ||
+ | ## flowRequestContext - Spring Web Flow RequestContext | ||
+ | ## profileRequestContext - OpenSAML profile request context | ||
+ | ## request - HttpServletRequest | ||
+ | ## response - HttpServletResponse | ||
+ | ## rpUIContext - context with SP UI information from the metadata | ||
+ | ## environment - Spring Environment object for property resolution | ||
+ | #set ($serviceName = $rpUIContext.serviceName) | ||
+ | #set ($serviceDescription = $rpUIContext.serviceDescription) | ||
+ | #set ($informationURL = $rpUIContext.informationURL) | ||
+ | #set ($privacyStatementURL = $rpUIContext.privacyStatementURL) | ||
+ | #set ($rpOrganizationLogo = $rpUIContext.getLogo()) | ||
+ | #set ($rpOrganizationName = $rpUIContext.organizationDisplayName) | ||
+ | #set ($replaceDollarWithNewline = true) | ||
+ | ## | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | <meta charset=" | ||
+ | <meta name=" | ||
+ | <link rel=" | ||
+ | < | ||
+ | </ | ||
+ | < | ||
+ | <form action=" | ||
+ | # | ||
+ | <div class=" | ||
+ | < | ||
+ | <img src=" | ||
+ | #if ($rpOrganizationLogo) | ||
+ | <img src=" | ||
+ | #end | ||
+ | </ | ||
+ | < | ||
+ | #if ($serviceName) | ||
+ | <p style=" | ||
+ | # | ||
+ | <span class=" | ||
+ | #if ($rpOrganizationName) | ||
+ | # | ||
+ | #end | ||
+ | </ | ||
+ | #end | ||
+ | #if ($serviceDescription) | ||
+ | <p style=" | ||
+ | # | ||
+ | <span class=" | ||
+ | < | ||
+ | </ | ||
+ | #end | ||
+ | #if ($informationURL) | ||
+ | <p style=" | ||
+ | <a href=" | ||
+ | </ | ||
+ | #end | ||
+ | <div id=" | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | <th colspan=" | ||
+ | # | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | < | ||
+ | #foreach ($attribute in $attributeReleaseContext.getConsentableAttributes().values()) | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | #foreach ($value in $attribute.values) | ||
+ | #if ($replaceDollarWithNewline) | ||
+ | #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue()).replaceAll($encoder.encodeForHTML(' | ||
+ | #else | ||
+ | #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue())) | ||
+ | #end | ||
+ | #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) | ||
+ | <label for=" | ||
+ | #else | ||
+ | < | ||
+ | #end | ||
+ | < | ||
+ | #end | ||
+ | </ | ||
+ | <td style=" | ||
+ | #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) | ||
+ | #set ($inputType = " | ||
+ | #else | ||
+ | #set ($inputType = " | ||
+ | #end | ||
+ | <input id=" | ||
+ | </ | ||
+ | </ | ||
+ | #end | ||
+ | < | ||
+ | <td colspan=" | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | #if ($privacyStatementURL) | ||
+ | <p style=" | ||
+ | <a href=" | ||
+ | </ | ||
+ | #end | ||
+ | <div id=" | ||
+ | <p> | ||
+ | <input id=" | ||
+ | <label for=" | ||
+ | </ | ||
+ | |||
+ | <p> | ||
+ | <input id=" | ||
+ | <label for=" | ||
+ | </ | ||
+ | |||
+ | <div style=" | ||
+ | < | ||
+ | # | ||
+ | </ | ||
+ | </ | ||
+ | <p style=" | ||
+ | <input type=" | ||
</p> | </p> | ||
</ | </ | ||
Zeile 149: | Zeile 313: | ||
</ | </ | ||
</ | </ | ||
+ | |||
+ | ===== Variante 3: " | ||
+ | **Kein Zwang, aber Interesse der Einrichtung an Nutzung des Dienstes, Art. 6 Abs. 1 lit. e (in Verbindung mit spezieller Erlaubnisnorm) oder lit. f. Widerspruchsrecht nach Art. 21 Abs. 1** | ||
+ | |||
+ | ==== Shib IdP 4.0.x ==== | ||
+ | <file xml ./ | ||
+ | ## | ||
+ | ## Velocity Template for DisplayAttributeReleasePage view-state | ||
+ | ## | ||
+ | ## Velocity context will contain the following properties : | ||
+ | ## | ||
+ | ## attributeReleaseContext - context holding consentable attributes | ||
+ | ## attributeReleaseFlowDescriptor - attribute consent flow descriptor | ||
+ | ## attributeDisplayNameFunction - function to display attribute name | ||
+ | ## attributeDisplayDescriptionFunction - function to display attribute description | ||
+ | ## consentContext - context representing the state of a consent flow | ||
+ | ## encoder - HTMLEncoder class | ||
+ | ## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl) | ||
+ | ## flowExecutionUrl - form action location | ||
+ | ## flowRequestContext - Spring Web Flow RequestContext | ||
+ | ## profileRequestContext - OpenSAML profile request context | ||
+ | ## request - HttpServletRequest | ||
+ | ## response - HttpServletResponse | ||
+ | ## rpUIContext - context with SP UI information from the metadata | ||
+ | ## environment - Spring Environment object for property resolution | ||
+ | #set ($serviceName = $rpUIContext.serviceName) | ||
+ | #set ($serviceDescription = $rpUIContext.serviceDescription) | ||
+ | #set ($informationURL = $rpUIContext.informationURL) | ||
+ | #set ($privacyStatementURL = $rpUIContext.privacyStatementURL) | ||
+ | #set ($rpOrganizationLogo = $rpUIContext.getLogo()) | ||
+ | #set ($rpOrganizationName = $rpUIContext.organizationDisplayName) | ||
+ | #set ($replaceDollarWithNewline = true) | ||
+ | ## | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | <meta charset=" | ||
+ | <meta name=" | ||
+ | <link rel=" | ||
+ | < | ||
+ | </ | ||
+ | < | ||
+ | <form action=" | ||
+ | # | ||
+ | <div class=" | ||
+ | < | ||
+ | <img src=" | ||
+ | #if ($rpOrganizationLogo) | ||
+ | <img src=" | ||
+ | #end | ||
+ | </ | ||
+ | < | ||
+ | #if ($serviceName) | ||
+ | <p style=" | ||
+ | # | ||
+ | <span class=" | ||
+ | #if ($rpOrganizationName) | ||
+ | # | ||
+ | #end | ||
+ | </p> | ||
+ | #end | ||
+ | #if ($serviceDescription) | ||
+ | <p style=" | ||
+ | # | ||
+ | <span class=" | ||
+ | <br> | ||
+ | </p> | ||
+ | #end | ||
+ | #if ($informationURL) | ||
+ | <p style=" | ||
+ | <a href=" | ||
+ | </p> | ||
+ | #end | ||
+ | <div id=" | ||
+ | < | ||
+ | < | ||
+ | <tr> | ||
+ | <th colspan=" | ||
+ | # | ||
+ | </th> | ||
+ | </tr> | ||
+ | </ | ||
+ | < | ||
+ | #foreach ($attribute in $attributeReleaseContext.getConsentableAttributes().values()) | ||
+ | <tr> | ||
+ | < | ||
+ | <td> | ||
+ | #foreach ($value in $attribute.values) | ||
+ | #if ($replaceDollarWithNewline) | ||
+ | #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue()).replaceAll($encoder.encodeForHTML(' | ||
+ | #else | ||
+ | #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue())) | ||
+ | #end | ||
+ | #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) | ||
+ | <label for=" | ||
+ | #else | ||
+ | < | ||
+ | #end | ||
+ | <br> | ||
+ | #end | ||
+ | </td> | ||
+ | <td style=" | ||
+ | #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) | ||
+ | #set ($inputType = " | ||
+ | #else | ||
+ | #set ($inputType = " | ||
+ | #end | ||
+ | <input id=" | ||
+ | </td> | ||
+ | </tr> | ||
+ | #end | ||
+ | <tr> | ||
+ | <td colspan=" | ||
+ | </tr> | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | #if ($privacyStatementURL) | ||
+ | <p style=" | ||
+ | <a href=" | ||
+ | </p> | ||
+ | #end | ||
+ | <div id=" | ||
+ | <p> | ||
+ | <input id=" | ||
+ | <label for=" | ||
+ | </p> | ||
+ | | ||
+ | <p> | ||
+ | <input id=" | ||
+ | <label for=" | ||
+ | </p> | ||
+ | | ||
+ | <div style=" | ||
+ | < | ||
+ | # | ||
+ | </ | ||
+ | </ | ||
+ | <p style=" | ||
+ | <input type=" | ||
+ | </p> | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | {{tag> |