Rendering of agreements should be on a separate screen, shown after authN, before consent and before active attribute value selection. Note that consent skip checking must be modified to also check if new agreements are to be shown. UI spec at the bottom part of: https://balsamiq.cloud/sjvkm7s/pl9yeyv/r9723
This screen should be shown always when:
at least one of the mandatory documents configured for the endpoint is not accepted in the latest version
at least one of the optional documents configured for the endpoint is not accepted in the latest version, and either was accepted previously in older revision, or was never seen by this user. I.e. for optional documents we ignore revision change for those users who previously said no to this agreement.
The agreement items should be filtered: those which contain documents accepted (not filling the above rules) should be skipped and should not be present on UI.
User should be only allowed to proceed after accepting all agreement items which contain mandatory documents.
Information about policy agreement must be stored in an attribute in root group. Use single system attribute. Values should hold information as follows:
policy document id
policy document revision
acceptance status: accepted or notAccepted (only possible for optional)
timestamp when decision was recorded