The Global Data Protection Regulation(GDPR) which was formed in EU will be effective from May 2018. WSO2 Identity Server's architecture was reviewed and a set of new features like full consent lifecycle management and privacy toolkit was introduced to make sure that not only its latest releases but also the older versions can be used to build any GDPR compliant solution.
We are planning to implement a quick start guide which will demonstrate the GDPR compliance with Identity Server through some user stories. Use case: Let us consider a taxi booking company called Pickup, it has an application where its passengers can book a taxi for themselves. Pickup is using WSO2 Identity Server to cater most of its identity and access management use cases. Cameron who is a manager at pickup is assigned to configure WSO2 Identity Server according to their requirements. *Scenario 01 - Purpose registration and granting consent* 1. Cameron logs into Identity Server's management console 2. Cameron adds the following consent purposes and PII categories related to them 1. Booking processing - Name - Address - Phone number 2. Booking Confirmation - Email - Phone number 3. Pickup promotion - Email - Phone number 3. Alex(passenger) attempts to register with Pickup 4. Alex is redirected to Identity Server's self-care portal 5. Alex fills the user details and confirms the consent. 6. Alex is redirected back to Pickup application 7. Alex logs into Pickup application and book a taxi *Scenario 02 - Individual right* 1. Alex logs into the user self-care portal 2. Alex can review the consent 3. Alex can revoke the consent 4. Alex can access attributes 5. Alex can modify attributes 6. Alex can remove attributes *Scenario 03 - Consent based data sharing* 1. Alex visits Pick my book application 2. Alex logs in to pick my book app with Pickup app 3. Alex clicks "Login with Pickup" button and will be redirected to IS 4. IS get Alex's consent 5. Alex get logged in to pick my book app *Scenario 04 - Partner application integration* Alex can visit the Pickup notification center and check the consents given. *Scenario 05 - Portability of personal data* 1. Alex logs into self-care portal 2. Alex downloads a copy of Personally Identifiable Information(PII) *Scenario 06 - Forget me* 1. Alex sends a forget me request 2. Alex's Personally Identifiable Information(PII) get cleared from the database 3. Alex's Personally Identifiable Information(PII) get cleared from the IS logs *Milestone 01 - scenario 01* *TaskPlanned start Planned completionNo. DaysMilestone deliverablesImplement Pickup application10th May 2018 10th May 201801Fully functional Pick my book app with basic UI componentsWrite scripts to IS configurations11th May 201811th May 2018 01Bash and batch scripts to automate user creations and application registrations in IS* *Milestone 02 - scenario 03* *TaskPlanned start Planned completionNo. DaysMilestone deliverablesImplement Pick my book application14th May 201815th May 201802Fully functional Pick my book app with basic UI componentsWrite scripts to IS configurations16th May 201816th May 2018 01Bash and batch scripts to application registrations in IS* *Milestone 03 - scenario 04TaskPlanned start Planned completionNo. DaysMilestone deliverablesImplement Pickup notification center application17th May 201821st May 201803Fully functional Pickup notification center app with basic UI componentsWrite scripts to IS configurations22nd May 201822nd May 201801Bash and batch scripts to application registrations in IS * -- *Kind Regards,Nipuni Bhagya* *Software Engineering Intern* *WSO2* *Mobile : +94 0779028904 <javascript:void(0);>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
