HP Labs completed the development of the EnCoRe Service Framework for the management of dynamic consent and privacy within and across organisations [5]. This framework provides a general, reference implementation of EnCoRe technical capabilities, fully consistent and compliant with the third EnCoRe Technical Architecture [1].
The HP Labs Service Framework supports four general use cases that apply to all case studies explored in EnCoRe:
· A data subject (end-user) submits his/her personal data to an organization along with the expression of their consent preferences;
· An entity within the organisation trying to access personal data and being constrained (in so doing) by related data subjects’ consent preferences and policies. The organization uses EnCoRe to explicitly enforce (privacy) preferences and policies;
· The disclosure of personal data to a third party, along with associated consent preferences, via the sticky policy mechanism;
· A data subject subsequently changes their mind and modifies/revokes their consent. Changes are automatically propagated to all the involved parties;
More details about these use cases are available [1].
A fully working prototype has been built by HP Labs, to fully illustrate the capabilities of the EnCoRe Service Framework and the four general use cases.
Specifically, the Service Framework implements the following key EnCoRe Architectural capabilities [1]: module for the configuration of supported Privacy Preferences and Policies; the Consent/Revocation Provisioning module; the Data Registry module; the Privacy-aware Access Control module; the Obligation Management module; Internal and External Workflow Management modules; the Sticky Policy Management module; instantiation of types of Privacy Preferences, various Access Control and Obligation Policies.
The various components of the Service Framework have been implemented to run as self-standing, secure and distributed services within an organisation. The goal is to ensure that early adopters of the EnCoRe toolkits can use this framework to explore its privacy management capabilities and deploy an extended version of it within their IT operational environments.
The implementation uses state-of-the-art technologies based on the Java framework. It uses the REST [6] methodology and approach for a quick and flexible development of service interfaces and the exchange of information between the involved services. The EnCoRe components are implemented as self-standing RESTful services [7]. These service components can be distributed across different IT systems based on needs. Their implementation supports state-of-the art security, including encryption of data and secure SSL communication. The representation of information that is exchanged between these EnCoRe components uses the XML technology to support future extensions and quick adaptation to the needs of different organisations and their IT operational environments.
This framework has been used by HP Labs as a platform for experimentation of innovative privacy management and consent/revocation solutions. Specifically, HP Labs used it to develop and deploy advanced solutions for: the tracking of whereabouts of personal data (via an enhanced version of the Data Registry component); the management of sticky policies by means of a variety of possible technical approaches. The service framework now fully supports sticky policies as the mechanism to exchange personal data and privacy preferences across parties, in a safe and accountable way. A reference implementation is available as described in [8].
The HP Labs Service Framework is also an agile platform to develop demonstrators for a variety of needs, including prototypes of the overall system for the EnCoRe engagement with the Cabinet Office Identity Assurance Programme [2].
HP Labs are exploring the opportunity to release this Service Framework in the context of an Open Source initiative. This option is currently being discussed within EnCoRe and various involved organisations: a decision will be made towards the end of the project (April 2012).
[1] D2.3 Technical Architecture for the third realized Case Study,, http://www.encore-project.info/deliverables_material/D2_3_EnCoRe_Architecture_V1.0.pdf
[2] UK Cabinet Office, Identity Assurance (IdA) Programme Statements, http://services.parliament.uk/hansard/Commons/ByDate/20110518/writtenministerialstatements/part003.html
[3] D2.1 Technical Architecture for the first realized Case Study, http://www.encore-project.info/deliverables_material/D2.1%20EnCoRe%20Architecture%20V1.0.pdf
[4] D2.2 Technical Architecture for the second realized Case Study, http://www.encore-project.info/deliverables_material/D2_2_EnCoRe_Architecture_V1.0.pdf
[5] EnCoRe, HP Labs Service Framework, http://www.encore-project.info/newsletters/newsletter03/EnCoReAUG2011.html
[6] REST, http://en.wikipedia.org/wiki/Representational_state_transfer
[7] RESTLET, RESTful web framework for Java, http://www.restlet.org/
[8] Siani Pearson, Marco Casassa Mont, Sticky Policies: An Approach for Managing Privacy across Multiple Parties, IEEE Computer Magazine, Volume 44, Number 9, September 2011, 2011
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment