Re: [Architecture] [GDPR] API Manager 3.0.0 GDPR Support

On Fri, Feb 9, 2018 at 12:27 AM, Chamila De Alwis wrote: > Hi Sanjeewa, > > Because it's not clear from this thread, > > 1. How are we planning to remove user specific data from analytics where > log entries and other identification are submitted and processed, on demand? >

Re: [Architecture] [GDPR] API Manager 3.0.0 GDPR Support

Hi Sanjeewa, Because it's not clear from this thread, 1. How are we planning to remove user specific data from analytics where log entries and other identification are submitted and processed, on demand? 2. Are we showing any relationship between an ID and the pseudoname in any place? Would it

Re: [Architecture] [GDPR] API Manager 3.0.0 GDPR Support

Hi All, We were able to implement above suggested solution for API Manager 3.0.0 and test user flows successfully. Also we did integrations with identity server 5.4.0 as authenticate service to verify external system communication part. If user resides outside product domain(in tested scenarion IS

Re: [Architecture] [GDPR] API Manager 3.0.0 GDPR Support

Hi Sanjeewa, On Tue, Feb 6, 2018 at 12:33 PM, Sanjeewa Malalgoda wrote: > > > On Mon, Feb 5, 2018 at 11:29 PM, Ishara Karunarathna > wrote: > >> HI Sanjeewa, >> >> Pseudonym user ID (User ID) is not only limited to GDPR requirements but >> its really useful

Re: [Architecture] [GDPR] API Manager 3.0.0 GDPR Support

On Mon, Feb 5, 2018 at 11:29 PM, Ishara Karunarathna wrote: > HI Sanjeewa, > > Pseudonym user ID (User ID) is not only limited to GDPR requirements but > its really useful supporting features like changing userName, In C4 we do > some workaround for this. > > I think this

Re: [Architecture] [GDPR] API Manager 3.0.0 GDPR Support

Hi all, When this is done up to some extent let's have a code review. I'm still struggling to understand the difference between user_id and pseudo name. And wondering whether we actually need a user_id concept if we implement something based on a pseudo name or vice versa. Just to be clear on

Re: [Architecture] [GDPR] API Manager 3.0.0 GDPR Support

Yes what you are suggesting is valid scenario. That is why GDPR talks about time to effect user data deletion. In this particular scenario if we need to maintain data for 6 months then we can remove mapping after 6 months. Or we can completely disable GDPR like i mentioned early. Thanks,

Re: [Architecture] [GDPR] API Manager 3.0.0 GDPR Support

Hi Sanjeewa, So, if we are storing with the pseudo name and if we remove the mapping, the audit logs won't have any value would it? For e.g, a banking application/mobile, would want to hold the audit logs for at least 6 months - 1 year for audit purposes/legal purposes but would want to delete

Re: [Architecture] [GDPR] API Manager 3.0.0 GDPR Support

Hi Sanjeewa, Do we have to remove the entries from the log files as well? even audit logs? does this mean we will remove from archived logs as well? If so, shouldn't this be a decision of the data controller? With this design, they have no control over the logs only right? On Fri, Feb 2, 2018

Re: [Architecture] [GDPR] API Manager 3.0.0 GDPR Support

Hi Nuwan, Looks like there are several places we are using usernames as it is. Eg: provider, business owner, technical owner names in API table, CREATED_BY, UPDATED_BY audit columns in all the resource tables. There can be several other places. We need to fix those places to use UUIDs. I guess we

Re: [Architecture] [GDPR] API Manager 3.0.0 GDPR Support

Hi Sanjeewa, Shouldn't this functionality come from kernel user core? Because in most of the cases, API Manager needs to communicate with other products. IMO, are we not supposed to comply GDPR for C4 products? IMO, this implementation suits for C4 based API Manager. On Fri, Feb 2, 2018 at 8:55

Re: [Architecture] [GDPR] API Manager 3.0.0 GDPR Support

On Thu, Feb 1, 2018 at 10:47 PM, Rukshan Premathunga wrote: > Hi Sanjeewa, > > Did we thought how this affect to the analytics and throttle data > publishing? For Throttle i think we can use the pseudo name right? > For analytics we can use pseudo name and do all the

Re: [Architecture] [GDPR] API Manager 3.0.0 GDPR Support

Nuwan, All, When we are calling with external systems such as scim we will use user ID. But internal flow manly goes with user name. Each time when rest API get hit with call we will call getUserName() method with http request and it resolve user name. That particular user name passed all through

Re: [Architecture] [GDPR] API Manager 3.0.0 GDPR Support

@Abi, On Fri, Feb 2, 2018 at 10:29 AM, Abimaran Kugathasan wrote: > Hi Sanjeewa, > > Shouldn't this functionality come from kernel user core? Because in most > of the cases, API Manager needs to communicate with other products. IMO, > are we not supposed to comply GDPR for C4

Re: [Architecture] [GDPR] API Manager 3.0.0 GDPR Support

Hi Sanjeewa, Can you post a chunk of code that benefits from this mapping in relation to GDPR compliance? Basically I want to understand how a chunk of code that wasn't GDPR compliant before becomes GDPR compliant due to this mapping. I was under the impression that APIM v3.0 works on user ids

Re: [Architecture] [GDPR] API Manager 3.0.0 GDPR Support

On Thu, Feb 1, 2018 at 10:47 PM, Rukshan Premathunga wrote: > Hi Sanjeewa, > > Did we thought how this affect to the analytics and throttle data > publishing? For Throttle i think we can use the pseudo name right? > For analytics we can use pseudo name and do all the

Re: [Architecture] [GDPR] API Manager 3.0.0 GDPR Support

Hi Sanjeewa, On Thu, Feb 1, 2018 at 6:05 PM, Sanjeewa Malalgoda wrote: > Hi All, > Recently we evaluated GDPR requirement(right to be forgotten) for API > Manager 3.0.0 development. Our primary focus was to find a way to implement > "right to be forgotten" without effecting

Re: [Architecture] [GDPR] API Manager 3.0.0 GDPR Support

Hi Sanjeewa, Did we thought how this affect to the analytics and throttle data publishing? For Throttle i think we can use the pseudo name right? For analytics we can use pseudo name and do all the aggregation based on pseudo name. But when rendering UI, we can convert to real name using the map.