Hi Jayanga, Currently for identity claims, the claim URIs start with *http://wso2.org/claims/identity/ <http://wso2.org/claims/identity/>*XXXXX which is used to identify the identity related claims separately. How about we follow similar approach here for isolating the sensitive attributes? This way we can define new claims as well easily which should belong to the same group of sensitive attributes.
Thanks, TharinduE On Thu, Jan 11, 2018 at 3:34 PM, Awanthika Senarath < [email protected]> wrote: > Hello Jayanga, > > This looks interesting and timely, however, two questions. How do you plan > to identify the "privacy concerned attributes" for a particular person? > From your email, it appears as the identification of the "privacy concerned > attributes" is straightforward or you are having a predefined list of > attributes that you believe to be privacy concerned. > > The other question is what are the "places where pseudonyms can't be used > "? > > Regards > Awanthika Senarath > PhD Research Student > Australian Centre for Cyber Security > Australian Defence Force Academy > The University of New South Wales (UNSW Canberra) > > > On Thu, Jan 11, 2018 at 5:21 AM, Jayanga Kaushalya <[email protected]> > wrote: > >> Hi all, >> >> To cater the requirements related to [1], we are planing to implement a >> set of utility classes to mange privacy of privacy concerned objects (Eg: >> User). >> >> All the objects that are with privacy concerned attributes will be >> wrapped inside a privacy insulator object. Duty of the privacy insulator is >> to prevent the misuse of privacy related attributes. It will hide the >> attributes that are related to object's privacy and provide a hash or id as >> a pseudonym to represent the attribute instead of the real value. >> Furthermore, classes can be marked as confidential as well. All >> confidential classes should provide the pseudonym to represent there >> privacy concerned attribute. So whenever using a confidential object, >> pseudonym will be used instead of the underlying real value. >> >> There will be separate ID manager to map the related ID with the >> underlying actual value. So wherever the actual value should be needed, >> (Eg: Display the users username in a UI) ID manager can retrieve it and >> used. But this should be used only in places where pseudonym can't be used. >> >> Please provide your thoughts. >> >> [1] [Architecture] GDPR - Pseudonyms For Username >> >> *Jayanga Kaushalya* >> Senior Software Engineer >> Mobile: +94777860160 <+94%2077%20786%200160> >> WSO2 Inc. | http://wso2.com >> lean.enterprise.middleware >> >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
