我的书签
添加书签
移除书签7.1. Consent API
Starting with Apache Unomi 1.3 (still in development), a new API for consent management is now available. This APIis designed to be able to store/retrieve/update visitor consents in order to comply with newprivacy regulations such as the GDPR.
7.1.1. Profiles with consents
Visitor profiles now contain a new Consent object that contains the following information:
a scope
a type identifier for the consent. This can be any key to reference a consent. Note that Unomi does not manage consentdefinitions, it only stores/retrieves consents for each profile based on this type
a status : GRANT, DENY or REVOKED
a status date (the date at which the status was updated)
a revocation date, in order to comply with GDPR this is usually set at two years
Here is an example of a Profile with a consent attached to it:
{"profileId": "8cbe380f-57bb-419d-97bf-24bf30178550","sessionId": "0d755f4e-154a-45c8-9169-e852e1d706d9","consents": {"example/newsletter": {"scope": "example","typeIdentifier": "newsletter","status": "GRANTED","statusDate": "2018-05-22T09:44:33Z","revokeDate": "2020-05-21T09:44:33Z"}}}
It is of course possible to have multiple consents defined for a single visitor profile.
7.1.2. Consent type definitions
Apache Unomi does not manage consent definitions, it leaves that to an external system (for example a CMS) so that itcan handle user-facing UIs to create, update, internationalize and present consent definitions to end users.
The only thing that is import to Apache Unomi to manage visitor consents is a globally unique key, that is called theconsent type.
7.1.3. Creating / update a visitor consent
A new built-in event type called "modifyConsent" can be sent to Apache Unomi to update a consent for the currentprofile.
Here is an example of such an event:
{"events": [{"scope": "example","eventType": "modifyConsent","source": {"itemType": "page","scope": "example","itemId": "anItemId"},"target": {"itemType": "anyType","scope": "example","itemId": "anyItemId"},"properties": {"consent": {"typeIdentifier": "newsletter","scope": "example","status": "GRANTED","statusDate": "2018-05-22T09:27:09.473Z","revokeDate": "2020-05-21T09:27:09.473Z"}}}]}
You could send it using the following curl request:
curl -H "Content-Type: application/json" -X POST -d '{"source":{"itemId":"homepage","itemType":"page","scope":"example"},"events":[{"scope":"example","eventType":"modifyConsent","source":{"itemType":"page","scope":"example","itemId":"anItemId"},"target":{"itemType":"anyType","scope":"example","itemId":"anyItemId"},"properties":{"consent":{"typeIdentifier":"newsletter","scope":"example","status":"GRANTED","statusDate":"2018-05-22T09:27:09.473Z","revokeDate":"2020-05-21T09:27:09.473Z"}}}]}' http://localhost:8181/context.json?sessionId=1234
7.1.4. How it works (internally)
Upon receiving this event, Apache Unomi will trigger the modifyAnyConsent rule that has the following definition:
{"metadata" : {"id": "modifyAnyConsent","name": "Modify any consent","description" : "Modify any consent and sets the consent in the profile","readOnly":true},"condition" : {"type": "modifyAnyConsentEventCondition","parameterValues": {}},"actions" : [{"type": "modifyConsentAction","parameterValues": {}}]}
As we can see this rule is pretty simple it will simply execute the modifyConsentAction that is implemented by theModifyConsentAction Java class
This class will update the current visitor profile to add/update/revoke any consents that are included in the event.== Developers
