Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GDPR compliance #1551

Open
samip5 opened this issue Oct 6, 2021 · 13 comments
Open

GDPR compliance #1551

samip5 opened this issue Oct 6, 2021 · 13 comments
Labels
enhancement/confirmed Enhancements that will be implemented in the future enhancement New feature or request
Milestone
Future release

Comments

@samip5
Copy link
Contributor

samip5 commented Oct 6, 2021

Describe your question/
Trying to figure out what are the requirements for GDPR complience, as an user needs to be presented/prompted for explicit concent to process their information.

Relevant infos
Public Matrix server, which is going to use Authentik as the user database/registry

This should probably also need an way to mark the user to have given their consent (and when), but they also need a way to withdraw it, even if that means deleting their account as a result.
@samip5 samip5 added the question Further information is requested label Oct 6, 2021
@samip5 samip5 closed this as completed Oct 6, 2021
@samip5 samip5 reopened this Oct 6, 2021
@olmari
Copy link

olmari commented Oct 6, 2021
edited
Loading

Our Matrix-server in question Privacy policy statement will contain (when done 100%) all the relevant info already, hence the traditional tickbox "I have read and accept the privacy policy statement" or to that effect is very enough regarding GDPR-part, shoiuld such be possible to do in Authentik registration flow. The "When", datetime field when accepted (successfully), again same adjacent Q.

@samip5
Copy link
Contributor Author

samip5 commented Oct 7, 2021

Which there currently doesn't seem to be support for. @olmari

BeryJu added a commit that referenced this issue Nov 16, 2021
@BeryJu
events: add gdpr_compliance option
f4db09c 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1551
@stale
Copy link

stale bot commented Dec 6, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the status/wontfix This will not be worked on label Dec 6, 2021
@samip5
Copy link
Contributor Author

samip5 commented Dec 6, 2021

...

@stale stale bot removed the status/wontfix This will not be worked on label Dec 6, 2021
@BeryJu
Copy link
Member

BeryJu commented Jan 24, 2022

The main thing needed for this is a way for users to request all their data, maybe with Admin approval, the rest should mostly be doable with flows and custom stages, no?

@samip5
Copy link
Contributor Author

samip5 commented Jan 24, 2022

Correct, but I think the back channel log-out is also needed for this to invalidate users logins to Synapse for example?

@BeryJu
Copy link
Member

BeryJu commented Jan 24, 2022

does synapse support back-channel logout? If it does that would greatly help with implementing it since I have found very few things that support it

@samip5
Copy link
Contributor Author

samip5 commented Jan 24, 2022

does synapse support back-channel logout? If it does that would greatly help with implementing it since I have found very few things that support it

Apperantly not, matrix-org/synapse#11326

@BeryJu
Copy link
Member

BeryJu commented Jan 24, 2022

tbf authentik currently supports neither front-channel nor back-channel for OIDC, mostly because very few applications and libraries support it, so I haven't found a good reference implementation that I can test against/with (also I'm lazy)

@samip5
Copy link
Contributor Author

samip5 commented Jan 24, 2022
edited
Loading

So when does the OIDC authenicated sessions expire currently?

@stale
Copy link

stale bot commented Mar 25, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the status/wontfix This will not be worked on label Mar 25, 2022
@samip5
Copy link
Contributor Author

samip5 commented Mar 25, 2022
edited
Loading

So when does the OIDC authenicated sessions expire currently?

@BeryJu You're yet to answer the question?

@stale stale bot removed the status/wontfix This will not be worked on label Mar 25, 2022
@BeryJu BeryJu added enhancement New feature or request enhancement/confirmed Enhancements that will be implemented in the future and removed question Further information is requested labels Jun 15, 2023
@BeryJu BeryJu added this to the Future release milestone Jun 15, 2023
@BeryJu
Copy link
Member

BeryJu commented Jun 15, 2023

Needs functionality to export all of a users data (available for admins)

@BeryJu BeryJu mentioned this issue Jan 7, 2024
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement/confirmed Enhancements that will be implemented in the future enhancement New feature or request
Projects
None yet
Milestone
Future release
Development

No branches or pull requests
3 participants
@samip5 @BeryJu @olmari