1 / 78

Privacy Management with HP OpenView Identity Management

Privacy Management with HP OpenView Identity Management. Archie Reed Marco Casassa Mont Director of Strategy, Senior Researcher Identity Management, HP TSL, HP Labs, Bristol, UK Tutorial Id: TH-1400/4.

mkennison
Télécharger la présentation

Privacy Management with HP OpenView Identity Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Privacy Management with HP OpenView Identity Management Archie Reed Marco Casassa Mont Director of Strategy, Senior Researcher Identity Management, HP TSL, HP Labs, Bristol, UK Tutorial Id: TH-1400/4

  2. Privacy for Identity Management: Setting the Context • Privacy for Identity Management: Setting the Context • Important Privacy Aspects to be Addressed: • Privacy Policy Enforcement • Privacy Obligation Management • HP Identity Management Portfolio: • HP Select Access, HP Select Identity, HP Select Federation • Current Support for Privacy • HP Labs Privacy Management work: • Privacy Policy Enforcement for HP Select Access • Obligation Management System and Integration with HP Select Identity • Conclusions Outline

  3. PRIVACY Privacy: An Important Aspect of Regulatory Compliance Regulatory Compliance (Example of Process) Regulations (incomplete list …)

  4. Privacy Legislation (EU Laws, HIPAA, COPPA, SOX, GLB, Safe Harbour, …) Internal Guidelines Customers’ Expectations Applications & Services Personal Data PEOPLE ENTERPRISE Positive Impact on Reputation, Brand, Customer Retention Customers’ Satisfaction Regulatory Compliance Impact on Enterprises and Opportunities

  5. Data Governance and Policy Management (Including Privacy Policies): Gaps Policy Development and Modelling Monitoring, Audit, Reporting and Policy Management Data Inventory People/Roles Systems/Applications/Services Gap and Risk Analysis Policy Enforcement Confidential/Personal Data Policy Deployment

  6. Purpose Specification Consent Privacy Permissions Limited Collection Privacy Obligations Privacy Rights Limited Use Limited Disclosure Limited Retention Privacy For Personal Data: Core Principles Privacy Policies

  7. Important Privacy Aspects to be Addressed: • Privacy Policy Enforcement • Privacy Obligation Management • Privacy for Identity Management: Setting the Context • Important Privacy Aspects to be Addressed: • Privacy Policy Enforcement • Privacy Obligation Management • HP Identity Management Portfolio: • HP Select Access, HP Select Identity, HP Select Federation • Current Support for Privacy • HP Labs Privacy Management work: • Privacy Policy Enforcement for HP Select Access • Obligation Management System and Integration with HP Select Identity • Conclusions Outline

  8. Request for DATA + INTENT Data Subject Data Requestors to access personal data they need to express their INTENT i.e. how they intend to use these data P.S.: INTENT could be hard coded in applications or part of role definitions Personal DATA + CONSENT CONSENT is given by data subjects for the usage of their Personal Data (PII) for predefined PURPOSES Terminology: Consent, Intent, Data Purpose, Privacy Policy Applications & Services Personal Data (PII) + Consent Privacy Office & Privacy Admins PRIVACY POLICIES: How data must be managed. What can be accessed by requestors, given their INTENT, the PURPOSE of Collecting the Data and CONSENT given by data subjects Definition of the PURPOSES data are collected for ENTERPRISE

  9. Purpose Specification Consent Limited Collection Privacy Enforcement: Access Control Implications Limited Use Limited Disclosure Limited Retention Privacy Policies Privacy Enforcement for Personal Data: Principles and Implications

  10. Rights Actions Requestor Rights Actions Requestor Purpose Requestor’s Intent Access Control Owner’s Consent Access Control Other… Privacy Extension Constraints Personal Data It is not just a matter of traditional access control: need to include data purpose, intent and user’s consent Moving Towards a “Privacy-Aware” Access Control … Personal Data Privacy-Aware Access Control Traditional Access Control Privacy Enforcement on Data: Access Control + “Intent, Purpose, Consent, …”

  11. Consent Marketing Research uid Name Condition Diagnosis x 1 1 Alice Alcoholic Cirrhosis x x 2 2 Rob Drug Addicted HIV 3 3 Julie Contagious Illness Hepatitis Privacy Policy Enforcement Enforcement: Filter data Access Table T1 (SELECT * FROM T1) Intent = “Marketing” uid Name Condition Diagnosis Filtered data 1 - Alcoholism Cirrhosis 2 - - - 3 - Contagious Illness Hepatitis 2nd Example: Privacy-aware Access Control Consent, Purpose and Intent Mgmt Table T1 with PII Data and Customers’ Consent Enterprise Privacy Policies & Customers’ Consent T1 If role==“empl.” andintent == “Marketing” Then Allow Access (T1.Condition,T1.Diagnosis) & Enforce (Consent) Else If intent == “Research” Then Allow Access (T1.Diagnosis) & Enforce (Consent) Else Deny Access T2 SELECT “-”,Condition, Diagnosis FROM T1, T2 WHERE T1.uid=T2.Consent AND T2.Marketing=“YES”

  12. Privacy Policy Definition and Enforcement Implicit • Embed privacy • policies within • applications, queries, • services/ad-hoc solutions • Simple Approach • It does not scale in terms • of policy management • It is not flexible and • adaptive to changes Implicit Approach to Enforce Privacy Policies: No Flexibility Applications & Services Business logic Privacy policies Personal Data

  13. Privacy Policy Definition and Enforcement Explicit • Fully deployed • Privacy Management • Frameworks • Explicit Management • of Privacy Policies • Might require major • changes to IT and data • infrastructure • Usage of Vertical • Solutions Explicit Approach to Enforce Privacy Policies: Vertical and Invasive Current Approaches IBM Privacy Manager Privacy-aware Hippocratic Databases

  14. HP Approach: Adaptive, Integrated and Flexible Enforcement of Privacy Policies Privacy Policy Definition and Enforcement Implicit Explicit • HP Approach • Single solution for • explicit management of • Privacy Policies • Privacy Enforcement by Leveraging • and Extending HP Select Access • Access Control Frameworkand • easy to use management UI • Does not require major changes • to Applications/Services or • Data Repositories

  15. Important Privacy Aspects to be Addressed: • Privacy Policy Enforcement • Privacy Obligation Management • Privacy for Identity Management: Setting the Context • Important Privacy Aspects to be Addressed: • Privacy Policy Enforcement • Privacy Obligation Management • HP Identity Management Portfolio: • HP Select Access, HP Select Identity, HP Select Federation • Current Support for Privacy • HP Labs Privacy Management work: • Privacy Policy Enforcement for HP Select Access • Obligation Management System and Integration with HP Select Identity • Conclusions Outline

  16. Privacy Obligation Refinement: Abstract vs. Refined Obligations can be very abstract: “Every financial institution has an affirmative and continuing obligation to respect customer privacy and protect the security and confidentiality of customer information” Gramm-Leach-Bliley Act • More refined Privacy Obligations dictate Duties and • Responsibilities with respect of Personal Information: • Notice Requirements • Enforcement of opt-in/opt-out options • Limits on reuse of Information and Information Sharing • Data Retention limitations …

  17. Duration Enforcement Long-term Ongoing Short-term Obligations One-time Types Other Event-driven Transactional Data Retention & Handling Dependent on Access Control Independent from Access Control Data Subject Context “Notify User via e-mail1 If his Data is Accessed” “Delete Data XYZ after 7 years” Enterprise “How Represent Privacy Obligations? How to Stick them to Personal Data? How to Manage, Enforce and Monitor them? How to Integrate them into current IDM solutions?” Setting Privacy Obligations: A Complex Topic …

  18. Privacy Obligations: Common Aspects • Timeframe(period of validity) of obligations • Events/Contexts that trigger the need to • fulfil obligations • Target of an obligation (PII data) • Actions/Tasks/Workflows to be Enforced • Responsible for enforcing obligations • Exceptions and special cases

  19. Technical Work in this Space [1/2] • Current Approaches to Deal with Privacy Obligations: • - P3P (W3C): • - Definition of User’s Privacy Expectations • - Explicit Declaration of Enterprise Promises • - No Definition of Mechanisms for their Enforcement • Data Retention Solutions and Document Management • Systems. • - Limited in terms of expressiveness and functionalities. • - Focusing more on documents/files not personal data • - Ad-hoc Solutions for Vertical Markets

  20. - No Refined Model of Privacy Obligations • - Privacy Obligations Subordinated to AC. Incorrect … Technical Work in this Space [2/2] • Recent relevant Work done in this Space: • IBM Enterprise Privacy Architecture, including • a policy management system, a privacy enforcement • system and audit • Initial work on privacy obligations in the context of • Enterprise Privacy Authorization Language (EPAL) • lead by IBM • XACML (OASIS): similar standard proposal

  21. Privacy Obligations: Suggested Approach • Deal with Privacy Obligations as “first-class citizens” in the • context of Enterprises and Organisations – recognise its • importance for Regulatory Compliance • Recognise the Importance of Separation of Concerns: • explore how to explicitly represent, manage and • enforce privacy obligations without imposing any dominant • view (for example, the authorization perspective) • Research and Work on Longer-term Issues, such as • accountability, stronger associations of obligations to data, • obligation versioning and tracking

  22. HP Identity Management Portfolio: • HP Select Access, HP Select Identity, HP Select Federation • Current Support for Privacy • Privacy for Identity Management: Setting the Context • Important Privacy Aspects to be Addressed: • Privacy Policy Enforcement • Privacy Obligation Management • HP Identity Management Portfolio: • HP Select Access, HP Select Identity, HP Select Federation • Current Support for Privacy • HP Labs Privacy Management work: • Privacy Policy Enforcement for HP Select Access • Obligation Management System and Integration with HP Select Identity • Conclusions Outline

  23. Accounts & Policies HP OpenView Identity Management Registration/ Creation Propagation Compliance Privacy Authentication Authorization Federation Single Sign-On Maintenance/ Management Personalization Termination • HP Select Access • Authentication • Policy-based Access control • Single sign-on • Web Services Security &Access Mgmt • Personalization • HP Select Identity • Cross-enterprise user life-cycle management • Provisioning • Workflow • Password management • Self Service • Delegated administration • HP Select Federation • Open protocol federation • Automated inter-organizational user activation & provisioning • Privacy management • Federation auditing & governance

  24. [1] HP Select Access • Access Control product • Policy Authoring • Policy Decisions • Policy Enforcement • Auditing

  25. [1] HP Select Access Access Control System: Definition, Enforcement and Auditing of Access Control Policies

  26. [1] Policy Builder: Authoring Access Control Constraints High-Level matrix-based UI to set-up access control constrains on resources given users/groups

  27. [1] Rule Editor: fine grained Access Control Rules Rule editor for fine-grained definition of access control policies

  28. [1] HP Select Access: Summary • Access Control System • Fine-grained Policy Authoring, Deployment and • Enforcement • Intuitive and Simple to use GUIs • Enforcement for Web Resources • Auditing

  29. [2] HP Select Identity • Management of Identities in Organisations • Support for Self Registration and User Provisioning • Account Management across Platforms, Applications and Corporate Boundaries

  30. Security & Access Controls Connector Bus Windows Databases H.R. Web SSO Directories Mainframe Identity Management Functions Workflow Policies Notifications Policy &Security BusinessApps [2] HP Select Identity IdM Services BusinessRelationships Identity Store(users) Groups

  31. [2] HP Select Identity: Summary • Centralised Management of Users and Entitlements • User Provisioning: create, update and delete • Administrative Delegation • User Self Service • Approval Workflow • Password & Profile Management • Audit and Reporting

  32. [3] HP Select Federation • Enables web SSO and Cross Domain Federated Identity Management • No need for Centralised Data Repository • Support for Liberty Alliance, SAML, WS Federation

  33. [3] HP Select Federation • Supports multiple federation protocols, including Liberty and SAML • Supports heterogeneous identity management environments • Includes a comprehensive management console • Provides extensive audit capabilities • Enables policy-based privacy management • Enables 1-click smart user activation/provisioning OpenView Select Federation enables secure, cross-enterprise single sign-on and identity data sharing

  34. HP Identity Management Portfolio: • HP Select Access, HP Select Identity, HP Select Federation • Current Support for Privacy • Privacy for Identity Management: Setting the Context • Important Privacy Aspects to be Addressed: • Privacy Policy Enforcement • Privacy Obligation Management • HP Identity Management Portfolio: • HP Select Access, HP Select Identity, HP Select Federation • Current Support for Privacy • HP Labs Privacy Management work: • Privacy Policy Enforcement for HP Select Access • Obligation Management System and Integration with HP Select Identity • Conclusions Outline

  35. HP IDM Solutions: HPL Privacy Extensions Federated Environments Federated Environments Federated Environments Supported Can Be Extended Not Relevant

  36. HP Labs Privacy Management work: • Privacy Policy Enforcement for HP Select Access • Obligation Management System and Integration with HP Select Identity • Privacy for Identity Management: Setting the Context • Important Privacy Aspects to be Addressed: • Privacy Policy Enforcement • Privacy Obligation Management • HP Identity Management Portfolio: • HP Select Access, HP Select Identity, HP Select Federation • Current Support for Privacy • HP Labs Privacy Management work: • Privacy Policy Enforcement for HP Select Access • Obligation Management System and Integration with HP Select Identity • Conclusions Outline

  37. HPL Work HP IDM Solutions: HPL Privacy Extensions Federated Environments Federated Environments Federated Environments Supported Can Be Extended Not Relevant

  38. HP Labs Privacy Management work: • Privacy Policy Enforcement for HP Select Access • Obligation Management System and Integration with HP Select Identity • Privacy for Identity Management: Setting the Context • Important Privacy Aspects to be Addressed: • Privacy Policy Enforcement • Privacy Obligation Management • HP Identity Management Portfolio: • HP Select Access, HP Select Identity, HP Select Federation • Current Support for Privacy • HP Labs Privacy Management work: • Privacy Policy Enforcement for HP Select Access • Obligation Management System and Integration with HP Select Identity • Conclusions Outline

  39. Privacy Policy Enforcement: Requirements for HP Select Access Core requirements: 1 Explicit Modelling of Confidential Data Describe Privacy Policy based on the Content of Data, Consent, Intent and Data Purpose Make Decisions based on these Privacy Policies Enforce these Privacy Decisions 2 3 4 • Extend Select Access mainly via its Standard APIs to implement the above requirements

  40. Privacy Policy Deployment & Decisions Access Request Web Services Validator (Policy Decision) Grant/Deny Applications, Services, … Requestor’s Intent+ Request to Access Data Policy Repository HPL Plug-ins Privacy- aware Access Request AccessControl Policies Data Access Privacy- aware Decision Enforcer HPL Data Enforcer Enforcer Enforcer Plug - in + Privacy Policies (intent, purpose, consent, constraints…) Plug - in Plug - in Privacy Policy Enforcement On Personal Data Data Modelling & Privacy Policy Authoring Privacy-aware Access to Data Policy Builder Audit HPL Plug-ins Personal Data + Owners’ Consent Privacy Enforcement in HP Select Access

  41. 1 Select Access: Privacy Extension [1/4] • Modelling Data Resources in SA Policy Builder: Data Resources Added to Policy Builder

  42. 2 Select Access: Privacy Extension [2/4] • Author Privacy Policies in SA Policy Builder via SA Plug-ins: • Add Privacy Constraints on “Data Resources”: • checking Intent vs. Purpose, Consent, etc. • Describe Policies the evaluation of which is: • “Allow Access to Data + Privacy Constraints to be Enforced” Rule Editor Purpose-based Decision plug-in Data Filtering plug-in Consent Management plug-in Data Expiration plug-in • Privacy Constraints: • - Filtering data • - Enforce Consent • - Obfuscating data • - Transformation of Data …

  43. 3 Select Access: Privacy Extension [3/4] Request: Data Resource + Intent+ (Parameters) • Privacy Decisions by SA Validator (PDP): • Validator Plug-in makes decisions based on • Privacy Policies • (1-1 correspondence with Policy Builder plug-in) • Decisions must support Privacy-oriented Constraints • (to be enforced): • “Allow Access to Data + Constraints to be Enforced” • (e.g. allow access to table “Patients Details”, but strip-out the • columns “Name, Surname, Address”) • The SA Validator is general purpose. It does not • examine Confidential Data for performance/logistic • reasons. SA Validator Plug-in • Decisions: • NO • YES • YES + Constraints

  44. 4 Select Access: Privacy Extension [4/4] Privacy Constraints enforced by a Data Enforcer … • The SA Web Enforcer focuses on Web Resources. • It does not explicitly deal with Data Resources… • Add a SA “Data Enforcer”: • located nearby the Data Repository (performance …) • knows how to access/handle Data and “Queries” • know how to enforce Privacy Constraints • can support “Query rewriting” (i.e. filtering, etc.) • The new SA “Data Enforcer” is designed to have: • A General Purpose Engine • (to interact with SA Validator) • Ad-hoc plug-ins for different Data Sources • to interpret and enforce privacy decisions • (e.g. RDBMS, • LDAP servers, • virtual directories, • meta-directories, …) Data allowed to access Access Request + Intent Enforcer API SA Data Enforcer (Data Proxy) Logic Validator Plug-in Constraint Enforcement Engine Constraint Enforcement Engine Constraint Enforcement Engine LDAP Server Meta Directory RDBMS

  45. SQL Query Transformed by Data Enforcer (Pre-Processing): SELECT PatientRecords.NAME,PatientRecords.DoB,PatientRecords.GENDER,'-‘ AS SSN,PatientRecords.ADDRESS,PatientRecords.LOCATION,PatientRecords.EMAIL, PatientRecords.COMM,PatientRecords.LIFESTYLE,'-' AS GP,'-' AS HEALTH,'-' AS CONSULTATIONS,'-' AS HOSPITALISATIONS,'-' AS FAMILY,'-' AS Username FROM PatientRecords,PrivacyPreferences WHERE PatientRecords.Name=PrivacyPreferences.Name AND PrivacyPreferences.Marketing='Yes'; Data Enforcer SQL Query Transformation Original SQL Query: SELECT * FROM PatientRecords;

  46. Data Enforcer: Performance Based on Type of Queries

  47. Demo: HealthCare Scenario Web Services Accessing PII Data (SQL) SA Web Enforcer LDAP Directories JDBC Proxy Privacy Plug-ins User’s Web Browser Web Portal SA Validator + Privacy plug-ins SA Data Enforcer Privacy Plug-ins SA Policy Builder Personal Data Database

  48. Demo Snapshot

  49. Demo Snapshot Effect of applying the privacy policy (data filtering) Effect of enforcing customers’ consent

  50. Rationalization and Simplification of policy management and enforcement solutions Benefits • Integration of: • - Resource Management: data, IT resources, web resources, … • - Management of Access Control and Privacy Policies • - Policy Authoring and Administration GUI • - Policy Deployment and Enforcement Framework

More Related