On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The...

21
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice On Parametric Obligation Policies: Enabling Privacy-aware Information Lifecycle Management in Enterprises IEEE Policy Workshop 2007 Marco Casassa Mont ([email protected]) Hewlett-Packard Labs

Transcript of On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The...

Page 1: On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice On Parametric Obligation

© 2006 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice

On Parametric Obligation Policies:Enabling Privacy-aware Information Lifecycle Management in Enterprises

IEEE Policy Workshop 2007

Marco Casassa Mont([email protected])

Hewlett-Packard Labs

Page 2: On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice On Parametric Obligation

Presentation Outline

• Background on Privacy Obligation Management

• Addressed Problem and Related Work

• Scalable Obligation Management

• Conclusions

Page 3: On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice On Parametric Obligation

Presentation Outline

• Background on Privacy Obligation Management

• Addressed Problem and Related Work

• Scalable Obligation Management

• Conclusions

Page 4: On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice On Parametric Obligation

4 13 June, 2007

Privacy Legislation(EU Laws, HIPAA, COPPA, SOX, GLB, Safe Harbour, …)

Customers’Expectations

Internal Guidelines

Regulatory ComplianceCustomers’Satisfaction

Positive Impact onReputation, Brand,Customer Retention

PersonalData

Applications& Services

PEOPLEENTERPRISE

Privacy: Impact on Users and Enterprises

Page 5: On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice On Parametric Obligation

5 13 June, 2007

Privacy Obligation Policies

• Privacy Obligations are Policies that describe Duties and Expectations on how Personal Data (PII) Should be Managed in Enterprises (e.g.Data Deletion, Retention, Notifications, Data Transformation, …)

• They dictate “Privacy-aware (Identity) Information Lifecycle Management”

• They can be defined by Privacy Laws, Data Subjects (Users)’ Preferences and Enterprise Guidelines

Privacy PoliciesPrivacy Policies

PrivacyRights

PrivacyPermissions

PrivacyObligations Enterprise

Identity ManagementSolutions

EnterpriseIdentity Management

Solutions

Enterprise Data Repositories

IdentityLifecycleManagement

Privacy Obligations

Page 6: On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice On Parametric Obligation

6 13 June, 2007

Privacy Obligations: A Complex Topic …

“Delete Data XYZ after 7 years”

Short-term

Long-term

Duration

One-time

Ongoing

Enforcement

Context

Dependenton Access Control

Independentfrom Access Control

Data Subject

Setting

Enterprise

TypesTransactional Data

Retention &Handling

OtherEvent-driven

Obligations

“Notify User via e-mail If his/her Data is Accessed”

Obligation Constraints:

• Notice Requirements

• Enforcement of opt-in/opt-out options

• Limits on reuse of Information

and Information Sharing

• Data Retention

limitations …

Page 7: On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice On Parametric Obligation

Presentation Outline

• Background on Privacy Obligation Management

• Addressed Problem and Related Work

• Scalable Obligation Management

• Conclusions

Page 8: On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice On Parametric Obligation

8 13 June, 2007

Key Research Problems

• How to Help Enterprises to Handle Obligation Policies:− How to Represent Privacy Obligations? − How to “Stick” them to Data?− How to Manage, Enforce and Monitor Them? − How to Leverage Current Identity Management Solutions?

• How to Achieve this in a Scalable Way, withVery Large Sets of Managed Personal Data (>100K, usually million of records …)

Page 9: On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice On Parametric Obligation

9 13 June, 2007

Technical Work in this Space (Privacy Obligation Management)

- P3P (W3C):- Definition of User’s Privacy Expectations - Explicit Declaration of Enterprise Promises - No Definition of Mechanisms for their Enforcement

- Data Retention Solutions, Document Management Systems, Ad-hoc Solutions for Vertical Markets

- Limited in terms of expressiveness and functionalities. - Focusing more on documents/files not personal data

- IBM Enterprise Privacy Architecture, EPAL, XACML …

- No Refined Model of Privacy Obligations - Privacy Obligations Subordinated to AC. Incorrect …- No Focus on Scalability Issue …

Page 10: On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice On Parametric Obligation

Presentation Outline

• Background on Privacy Obligation Management

• Addressed Problem and Related Work

•Scalable Obligation Management

• Conclusions

Page 11: On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice On Parametric Obligation

11 13 June, 2007

• Privacy Obligations are “First-Class Entities”: No Subordination to Access Control/Authorization View

Explicit Representation, Managementand Enforcement of Privacy Obligation Policies

• Allow Users to Express their Privacy Preferencesthat are Mapped into Enterprises’ Obligation Policies

• Scalability to Large data sets (>100K) by means of Parametric Obligation Policies

• Provide a Solution to Enterprises to Automate the Managementand Enforcement of Privacy Obligation Policies

Our Approach (EU PRIME Project)

Page 12: On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice On Parametric Obligation

12 13 June, 2007

ObligationManagementFramework

ObligationsScheduling

ObligationsEnforcement

ObligationsMonitoring

PersonalData (PII) &Preferences

Users

ENTERPRISE

Our Model: Obligation Management Framework [1/2]

Administrators

Parametric Obligations

PrivacyPreferences

Page 13: On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice On Parametric Obligation

13 13 June, 2007

Data Subjects(Users)

Personal Data +

Privacy Preferences

ENTERPRISE

ObligationManagementSystem (OMS)

Personal DataPrivacy Preferences

(Deletion, Notification,etc.)

EnterpriseData Repositories

Privacy Prefs.

Privacy Preferences

N:1 Association

ParametricObligation1

ParametricObligationsderived fromTemplates

(Admin)

ParametricObligation2

Our Model: Obligation Management Framework [2/2]

EnterpriseIdentity

ManagementSolutions

EnterpriseIdentity

ManagementSolutions

Personal Data

Page 14: On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice On Parametric Obligation

14 13 June, 2007

Parametric (Privacy) Obligation Policies

• Parametric Obligation: contains a “parametric definition” of Obligation’s Target, Events, Actions (and On-Violation Actions …)

• Structure based on Predefined Obligation Templates. Once Instantiated, it contains References to Personal Data and Privacy Preferences

• References are Resolved at Runtime by OMS

Target

Actions

Events

PII Data

Parametric Obligation

On Violation Actions

Preferences

Target +References

Parametric Obligation (Reactive Rule)FOR: TargetWHEN Events(Refs)THEN EXECUTE [Actions(Refs)]ON VIOLATION:

EXECUTE [Violation-Actions(Refs)]

Page 15: On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice On Parametric Obligation

15 13 June, 2007

Parametric Obligation: “Simple” XML-based Example …

<obligation ObligationId=“OBLID1”><target>

<DataRepositories> <Repositories>

<DataRepository alias= "CDB"><drType>RDBMS_DATABASE </drType><DBname>oms_demo-customerdb</DBname><TableName>piidata</TableName> <Conditions>

<Condition> ZipCode != '' </Condition></Conditions> <UniqueIdentifier>

<References><Reference>@key:UID</Reference>

</References></UniqueIdentifier>

</DataRepository></Repositories><InternalLinks>

<Link> </Link></InternalLinks>

</DataRepositories><PreferenceRepositories>

<Repositories><DataRepository alias= "PPDB">

<drType>RDBMS_DATABASE </drType><DBname>oms_demo-soms</DBname><TableName>privacypreferences</TableName><UniqueIdentifier>

<References><Reference>@key:UID</Reference>

</References></UniqueIdentifier>

</DataRepository></Repositories> <InternalLinks>

<Link> </Link></InternalLinks>

</PreferenceRepositories><CrossLinks>

<Link> CDB.UID = PPDB.UID </Link></CrossLinks>

</target>

<metadata><type>Parametric</type><description>

Delete creditcard WHEN Timeout Occurs </description>

</metadata><events operator="OR">

<event id="e1"><type>TIMEOUT</type><date now="no">

[#ref] NOW > PPDB.GeneralTimePreference</date>

</event> </events><actions>

<action id="a1"><type>DELETE</type><data attr="part">

<item> [#ref] CDB.CreditCardReference </item><item> [#ref] CDB.CreditCardNumber </item><item> [#ref] CDB.CreditCardExpirationDate </item>

</data></action><action id="a2">

<type>NOTIFY</type><method>EMAIL</method><to> [#ref] CDB.Email </to><text> some e-mail text here </text>

</action></actions>

<onviolation><attempts> 50 </attempts><ovaction id="ova1">

<type> REENFORCE </type><do> Only-Violated </do>

</ovaction><ovaction id="ova2">

<type>NOTIFY</type><method>EMAIL</method><to> [#val] [email protected] </to>

<text> some e-mail text here </text></ovaction>

</onviolation></obligation>

Target with the references description of the databases

Timeout Event using the explicit reference

Actions involving the Notification and Data Deletion

On Violation Actionsusing the direct value

FOR ALL TARGETED PII DATA + RELATED PREFS WHEN Deletion_Time (Ref) THEN EXECUTE [DELETE CreditCard (Ref) & Notify (Ref)]ON VIOLATION: EXECUTE [Notify(admin)]

Page 16: On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice On Parametric Obligation

16 13 June, 2007

PrivPref.TimePref > now()

Events

• Target− Data Model Definition (PII Data, Preferences, etc.)− Uses Alias to identify each data model

• Events− Uses the “Alias + References” to get the data to trigger the action

• Actions− Uses the “Alias + References” to acquire additional information to enforce

the action

Parametric Obligation: Working with References …

Alias = PrivPref Alias = MyPII

Privacy Preferences PII Data

Target

MyPII.e-Email

ActionsData Models

PrivPref MyPII

Page 17: On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice On Parametric Obligation

17 13 June, 2007

Obligation Processing Workflow (Run-time …)

Target

Events

Actions

OnViolationActions

Identify Relevant Personal Data and Privacy Preferences

External Events Happen

Yes

No

Parametric Obligation Policy

Data Repository

Preference Repository

Solving the Events References by building

dynamically SQL queries

Event Trigger a parametric obligation on a given piece of

data ?

Update StatefulEvents

Enforce the Actions by solving the Actions References building dynamical SQL queries

Scalable Obligation Database

Page 18: On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice On Parametric Obligation

18 13 June, 2007

Scalable OMS High-Level Architecture

Obligation Server

ObligationScheduler

ObligationEnforcer

Action Adaptors

Workflows

Obligation Monitoring Service

Monitoring Task Handler

EventsHandler

InformationTracker

Audit Server

DataSubjects Privacy-enabled

Portal Admins

Admins

ENTE

RPR

ISE

Applications and Services

Obligation Store& Versioning Confidential Data

Privacy Prefs

DataRef.

Privacy Preferences Repository

Parametric Obligation UID

Setting Parametric Obligations

Setting Privacy Preferences on Personal DataMonitoring

Privacy Obligations

EnforcingPrivacy

Obligations

Current Status- Full working prototype. Tested with Large data sets (>100K)- Integrated with HP OpenView Identity Management Solution (HP Select Identity)- Working on further Tests and Analysing them …

Page 19: On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice On Parametric Obligation

Presentation Outline

• Background on Privacy Obligation Management

• Addressed Problems and Related Work

•Scalable Obligation Management

• Conclusions

Page 20: On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice On Parametric Obligation

20 13 June, 2007

Conclusions

• Privacy Management is Important for Enterprises

• Need to Provide Scalable Solutions to Handle Privacy Obligations

• Proposed a Scalable Obligation Management Framework and Solution

- Explicit Modelling and Management of Obligation Policies

- Concept of Parametric Obligation Policies

• It Works!! Handling Obligations on Large set of PII Data (>100k)

• Collecting Test Results and more Formal Analysis …• R&D Work in Progress:

− Stickiness of Obligation Policy to Data (subject to change of locations)− Management of Obligation Policies in Federated Identity Management

Contexts - …

Page 21: On Parametric Obligation Policies€¦ · © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice On Parametric Obligation

Parametric Versus Non Parametric Statistics

Parametric Versus Non Parametric Statistics

Bloomberg L.P., (2012), FWCV Forward Analysis Matching Output. Bloomberg L.P..pdf

Bloomberg L.P., (2012), FWCV Forward Analysis Matching Output. Bloomberg L.P..pdf

"General" Obligation Not a "General Obligation Bond?

"General" Obligation Not a "General Obligation Bond?

Thinking Parametric Design- Introducing Parametric Gaudi

Thinking Parametric Design- Introducing Parametric Gaudi

Renewables Obligation: Sustainability Reporting · The Renewables Obligation (RO), the Renewables Obligation (Scotland) (ROS) and the Northern Ireland Renewables Obligation (NIRO)

Renewables Obligation: Sustainability Reporting · The Renewables Obligation (RO), the Renewables Obligation (Scotland) (ROS) and the Northern Ireland Renewables Obligation (NIRO)

Parametric & Non-parametric Parametric Non-Parametric A parameter to compare Mean, S.D. Normal Distribution & Homogeneity No parameter is compared.

Parametric & Non-parametric Parametric Non-Parametric A parameter to compare Mean, S.D. Normal Distribution & Homogeneity No parameter is compared.

2014 FLORIDA FIRE PREVENTION CODE · 2019. 1. 9. · X X X X X X X X X X X X X X X X PROPERTY LINE N01°23'40"W 41.41' L.P. L.P. L.P. L.P. L.P. L.P. L.P. L.P. L.P. 175.00' 74.70'

2014 FLORIDA FIRE PREVENTION CODE · 2019. 1. 9. · X X X X X X X X X X X X X X X X PROPERTY LINE N01°23'40"W 41.41' L.P. L.P. L.P. L.P. L.P. L.P. L.P. L.P. L.P. 175.00' 74.70'

L.P. Bridge Builders

L.P. Bridge Builders

The Blackstone Group L.P....collateralized loan obligation (“CLO”), real estate investment trusts and registered investment companies that are managed by Blackstone. “Our carry

The Blackstone Group L.P....collateralized loan obligation (“CLO”), real estate investment trusts and registered investment companies that are managed by Blackstone. “Our carry

Parametric Modeling with Creo Parametric 2...Randy H. Shih Parametric Modeling with Creo Parametric 2.0 An Introduction to Creo Parametric 2.0 SDC Better Textbooks. Lower Prices. ...

Parametric Modeling with Creo Parametric 2...Randy H. Shih Parametric Modeling with Creo Parametric 2.0 An Introduction to Creo Parametric 2.0 SDC Better Textbooks. Lower Prices. ...

Non-parametric statistics Dr David Field. Parametric vs. non-parametric The t test covered in Lecture 5 is an example of a “parametric test” Parametric.

Non-parametric statistics Dr David Field. Parametric vs. non-parametric The t test covered in Lecture 5 is an example of a “parametric test” Parametric.

NUSTAR ENERGY L.P.

NUSTAR ENERGY L.P.

Parametric & Non-parametric

Parametric & Non-parametric

Dear Shareholders, · Company, L.P. As of March 31, 2020, Nuvo’s outstanding principal debt obligation is US$107.3 million. Since January 1, 2020, we have repaid $11.5 million of

Dear Shareholders, · Company, L.P. As of March 31, 2020, Nuvo’s outstanding principal debt obligation is US$107.3 million. Since January 1, 2020, we have repaid $11.5 million of

California; General Obligation; General Obligation ...

California; General Obligation; General Obligation ...

ALLIANCEBERNSTEIN HOLDING L.P.

ALLIANCEBERNSTEIN HOLDING L.P.

Semi-parametric and Parametric Inference of Extreme …amir.eng.uci.edu/publications/10_Extr_Rain_WRM.pdf · 2010-03-27 · Semi-parametric and Parametric Inference of Extreme ...

Semi-parametric and Parametric Inference of Extreme …amir.eng.uci.edu/publications/10_Extr_Rain_WRM.pdf · 2010-03-27 · Semi-parametric and Parametric Inference of Extreme ...

Sunoco Pipeline L.P.

Sunoco Pipeline L.P.

Parametric Modeling with Creo Parametric 7

Parametric Modeling with Creo Parametric 7

5. Non-Parametric TechniquesNon Non--Parametric Techniques Parametric … · 2009-10-19 · Non Non Non-Parametric Techniques-Parametric Techniques Parametric Techniques • All Parametric

5. Non-Parametric TechniquesNon Non--Parametric Techniques Parametric … · 2009-10-19 · Non Non Non-Parametric Techniques-Parametric Techniques Parametric Techniques • All Parametric