On Fri, Feb 9, 2018 at 12:27 AM, Chamila De Alwis wrote:
> Hi Sanjeewa,
>
> Because it's not clear from this thread,
>
> 1. How are we planning to remove user specific data from analytics where
> log entries and other identification are submitted and processed, on demand?
>
Hi Sanjeewa,
Because it's not clear from this thread,
1. How are we planning to remove user specific data from analytics where
log entries and other identification are submitted and processed, on demand?
2. Are we showing any relationship between an ID and the pseudoname in any
place? Would it
Hi All,
We were able to implement above suggested solution for API Manager 3.0.0
and test user flows successfully. Also we did integrations with identity
server 5.4.0 as authenticate service to verify external system
communication part. If user resides outside product domain(in tested
scenarion IS
Hi Sanjeewa,
On Tue, Feb 6, 2018 at 12:33 PM, Sanjeewa Malalgoda
wrote:
>
>
> On Mon, Feb 5, 2018 at 11:29 PM, Ishara Karunarathna
> wrote:
>
>> HI Sanjeewa,
>>
>> Pseudonym user ID (User ID) is not only limited to GDPR requirements but
>> its really useful
On Mon, Feb 5, 2018 at 11:29 PM, Ishara Karunarathna
wrote:
> HI Sanjeewa,
>
> Pseudonym user ID (User ID) is not only limited to GDPR requirements but
> its really useful supporting features like changing userName, In C4 we do
> some workaround for this.
>
> I think this
Hi all,
When this is done up to some extent let's have a code review. I'm still
struggling to understand the difference between user_id and pseudo name.
And wondering whether we actually need a user_id concept if we implement
something based on a pseudo name or vice versa.
Just to be clear on
Yes what you are suggesting is valid scenario. That is why GDPR talks about
time to effect user data deletion. In this particular scenario if we need
to maintain data for 6 months then we can remove mapping after 6 months. Or
we can completely disable GDPR like i mentioned early.
Thanks,
Hi Sanjeewa,
So, if we are storing with the pseudo name and if we remove the mapping,
the audit logs won't have any value would it? For e.g, a banking
application/mobile, would want to hold the audit logs for at least 6 months
- 1 year for audit purposes/legal purposes but would want to delete
Hi Sanjeewa,
Do we have to remove the entries from the log files as well? even audit
logs? does this mean we will remove from archived logs as well? If so,
shouldn't this be a decision of the data controller? With this design, they
have no control over the logs only right?
On Fri, Feb 2, 2018
Hi Nuwan,
Looks like there are several places we are using usernames as it is. Eg:
provider, business owner, technical owner names in API table, CREATED_BY,
UPDATED_BY audit columns in all the resource tables. There can be several
other places. We need to fix those places to use UUIDs. I guess we
Hi Sanjeewa,
Shouldn't this functionality come from kernel user core? Because in most of
the cases, API Manager needs to communicate with other products. IMO, are
we not supposed to comply GDPR for C4 products? IMO, this implementation
suits for C4 based API Manager.
On Fri, Feb 2, 2018 at 8:55
On Thu, Feb 1, 2018 at 10:47 PM, Rukshan Premathunga
wrote:
> Hi Sanjeewa,
>
> Did we thought how this affect to the analytics and throttle data
> publishing? For Throttle i think we can use the pseudo name right?
> For analytics we can use pseudo name and do all the
Nuwan, All,
When we are calling with external systems such as scim we will use user ID.
But internal flow manly goes with user name. Each time when rest API get
hit with call we will call getUserName() method with http request and it
resolve user name. That particular user name passed all through
@Abi,
On Fri, Feb 2, 2018 at 10:29 AM, Abimaran Kugathasan
wrote:
> Hi Sanjeewa,
>
> Shouldn't this functionality come from kernel user core? Because in most
> of the cases, API Manager needs to communicate with other products. IMO,
> are we not supposed to comply GDPR for C4
Hi Sanjeewa,
Can you post a chunk of code that benefits from this mapping in relation to
GDPR compliance? Basically I want to understand how a chunk of code that
wasn't GDPR compliant before becomes GDPR compliant due to this mapping.
I was under the impression that APIM v3.0 works on user ids
On Thu, Feb 1, 2018 at 10:47 PM, Rukshan Premathunga
wrote:
> Hi Sanjeewa,
>
> Did we thought how this affect to the analytics and throttle data
> publishing? For Throttle i think we can use the pseudo name right?
> For analytics we can use pseudo name and do all the
Hi Sanjeewa,
On Thu, Feb 1, 2018 at 6:05 PM, Sanjeewa Malalgoda
wrote:
> Hi All,
> Recently we evaluated GDPR requirement(right to be forgotten) for API
> Manager 3.0.0 development. Our primary focus was to find a way to implement
> "right to be forgotten" without effecting
Hi Sanjeewa,
Did we thought how this affect to the analytics and throttle data
publishing? For Throttle i think we can use the pseudo name right?
For analytics we can use pseudo name and do all the aggregation based on pseudo
name. But when rendering UI, we can convert to real name using the map.
18 matches
Mail list logo