to Enable Privacy-aware SOA L. Bussard European Microsoft - - PowerPoint PPT Presentation

to enable privacy aware soa
SMART_READER_LITE
LIVE PREVIEW

to Enable Privacy-aware SOA L. Bussard European Microsoft - - PowerPoint PPT Presentation

Apr 11, 2023 157 likes •397 views

Data Privacy Management (DPM09) September 24, 2009 Obligation Language and Framework to Enable Privacy-aware SOA L. Bussard European Microsoft Innovation Center (joint work with M. Ali and U. Pinsdorf) A research project funded by the

slide-1
SLIDE 1

1

Obligation Language and Framework to Enable Privacy-aware SOA

  • L. Bussard

European Microsoft Innovation Center (joint work with M. Ali and U. Pinsdorf)

A research project funded by the European Commission’s 7th Framework Programme

Data Privacy Management (DPM’09)

September 24, 2009

slide-2
SLIDE 2

2

Outlines

 PrimeLife  Privacy in Service Oriented Architectures  Shortcoming of State of the Art  Our Solution

 Specifying Obligations  Enforcing Obligations

 Future Work

slide-3
SLIDE 3

PrimeLife in a Nutshell

 Partners  Technical Goals

 Privacy policies and preferences  Anonymous credentials  User experience

 http://www.primelife.eu/

3

slide-4
SLIDE 4

Privacy in SOA

 Variety of technologies:

mash-ups, workflows,

  • rchestrations

 Multi-hop data sharing  Multiple trust domains  Data from multiple users

may be combined.

 Dynamic discovery and

binding

 Persons may consume

PII

4

PII ? Policy Pref.

slide-5
SLIDE 5

PII + SP’ 4) PII + SP 1) Policy User

(data subject)

Service

(data controller)

Policy’

General Scenario

2) Pref.

3) Can I share? (Matching) 5) store 6) Can I use for… ? 8) Can I share? 7) Obligations

Third Party

(downstream data controller)

5

slide-6
SLIDE 6

PII + SP’ 4) PII + SP 1) Policy User

(data subject)

Service

(data controller)

Policy’ 2) Pref.

3) Can I share? (Matching) 5) store 6) Can I use for… ? 8) Can I share? 7) Obligations

Third Party

(downstream data controller)

state of the art: APPEL + P3P + EPAL

P3P APPEL EPAL

Boolean

6

slide-7
SLIDE 7

PII + SP’ 4) PII + SP 1) Policy User

(data subject)

Service

(data controller)

Policy’ 2) Pref.

3) Can I share? (Matching) 5) store 6) Can I use for… ? 8) Can I share? 7) Obligations

Third Party

(downstream data controller)

state of the art: PRIME

PRIME-DHP

PRIME-AC

PRIME-obligations

7

slide-8
SLIDE 8

PII + SP’ 4) PII + SP 1) Policy User

(data subject)

Service

(data controller)

Policy’ 2) Pref.

3) Can I share? (Matching) 5) store 6) Can I use for… ? 8) Can I share? 7) Obligations

Third Party

(downstream data controller)

Shortcoming of state of the art

PRIME-DHP

PRIME-AC

PRIME-obligations

8

slide-9
SLIDE 9

Our Approach

 Policy Language

 Rights

 Data usage (purpose, etc.)  Data sharing (Access Control, etc.)

 Obligations

 Triggers + Actions  Examples: Retention, Notification, Log, etc.

 Policy Matching

 Similar language for policies, preferences, and sticky

policies

 Policy Enforcement

9

PII + SP’ 4) PII + SP 1) Policy User

(data subject)

Service

(data controller)

Policy’ 2) Pref .

3) Can I share? (Matching) 5) store 6) Can I use for… ? 8) Can I share? 7) Obligations

Third Party

(downstream data controller)

slide-10
SLIDE 10

Service User

Our Solution

10

Privacy Preferences Rights Obligations Privacy Policy Rights Obligations Sticky Policy Rights Obligations Policy Matching Engine 1 1 2 3

Legacy system Legacy system

4 4 Policy Enforcement Engine

slide-11
SLIDE 11

PII + SP’ 4) PII + SP 1) Policy User

(data subject)

Service

(data controller)

Policy’ 2) Pref.

3) Can I share? (Matching) 5) store 6) Can I use for… ? 8) Can I share? 7) Obligations

Third Party

(downstream data controller)

Applying our solution

11

Privacy Preferences Rights Obligations Privacy Policy Rights Obligations Sticky Policy Rights Obligations Policy Matching Engine 1 1 2 3

Extern al syste m Extern al syste m

4 4 Policy Enforcement Engine Privacy Pref. Sticky Policy Rights Obligations Privacy Policy of third party Rights Obligations New Sticky Policy Rights Obligations Policy Matching Engine 5 5 6 7

Externa l system Externa l system

8 8 Policy Enforcement Engine

slide-12
SLIDE 12

Service User

Our Solution

12

Privacy Preferences Rights Obligations Privacy Policy Rights Obligations Sticky Policy Rights Obligations Policy Matching Engine 1 1 2 3

Legacy system Legacy system

4 4 Policy Enforcement Engine

slide-13
SLIDE 13

Obligation

 We define obligation as:

“Promise made by a SUBJECT to be fulfilled through some ACTION under defined TIMELINES and CONDITIONS”

 Example:

 X Says X will DELETE U’s Data within 6 Months

13

slide-14
SLIDE 14

Obligation Requirements

Independence from Transport / Storage

Independence from policy language

Independence from data storage

Independence from communication protocols

Extensibility

Support for common obligations

Support for domain specific obligations

Abstraction

Support for abstraction of actions

Support for preventive obligations

Support for abstraction of triggers

Deployments

Support for distributed deployment

Support for different trust models

Auditability

Transparency of data handling

Matching

14

slide-15
SLIDE 15

Obligation Structure

15 Subject Action Object (Parameter

  • f Action)

Trigger/ Condition Policy Issuer

Obligation Rule

X Says X will DELETE U’s Data within 6 Months

Subject

The entity liable to fulfill obligation (i.e. the subject of the obligation not the data subject)

Action

The activity (or sequence of activities) executed to fulfill obligation

Conditions (Temporal constraints, generic conditions etc)

Constraints on the obligation rule

Triggers

Inward event to trigger execution of obligation rule

Outward Events

Outward notification events

slide-16
SLIDE 16

Obligation Classification

 Trigger-related

 Conditional vs. Mandatory  Repeating vs. Non-Repeating

 Action-related

 Proactive vs. Preventive  Observable vs. Non-observable

 Subject-related

 Collective vs. Individual  Self Obligation vs. Third Party Obligations

16

slide-17
SLIDE 17

EE

Proposed Framework Architecture

17

Event Engine Obligation Engine

Actions Systems Plug-in Plug-in Trigger Plug-in System Plug-in Plug-in Plug-in Plug-in Plug-in

Policy Repository Legacy Systems (e.g. DataBase) Scheduler Obligation Framework Policy Extractor

Protocols Plug-in Plug-in

Obligation Parser Obligation PII event action PII, Obligation Obligation Schedule Register

slide-18
SLIDE 18

Setting plug-ins

18

Actions Systems Notify SQL- Server Delete Log

Exchan ge

Trigger Systems time SQL- Server read delete … Sched uler

… Scheduler Legacy Systems

X Says X will DELETE U’s Data within 6 Months

slide-19
SLIDE 19

Setting plug-ins

19

Actions Systems Notify SQL- Server Delete Log

Exchan ge

… Legacy Systems

Trigger Systems time SQL- Server read delete … Sched uler

… Scheduler

X Says X will NOTIFY user U when read U’s Data

slide-20
SLIDE 20

Plug-ins in action

20

Actions Systems Notify SQL- Server Delete Log

Exchan ge

… Legacy Systems

Triggers Systems time SQL- Server read delete … Sched uler

… Scheduler Event Engine Obligation Engine Policy Repository PII Read Send e-mail

slide-21
SLIDE 21

Results

 A language to describe obligations

 Definition of Triggers  Definition of Actions

 Implementation of an enforcement framework  Mechanisms to extend language and

enforcement with domain specific obligations

21

slide-22
SLIDE 22

Ongoing and Future work

 Matching obligations

 Semantics of actions and triggers  Policy is-less-permissive-than Preference ?

(to appear: PrimeLife document H5.3.2)

 Integration with policy languages

 XACML-based data handling

(to appear: PrimeLife H5.3.2)

 SecPAL for Privacy

(September’09 MSR report: MSR-TR-2009-128)

 Matching behavior (traces) and policies  Checking enforceability of policies

22

slide-23
SLIDE 23

Questions?

23

Laurent Bussard European Microsoft Innovation Center lbussard@microsoft.com

http://research.microsoft.com/en-us/people/lbussard/

?