Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Management with HP OpenView Identity Management

Published byJosé Ramón Castellanos Franco Modified over 5 years ago

Similar presentations

Presentation on theme: "Privacy Management with HP OpenView Identity Management"— Presentation transcript:

1 Privacy Management with HP OpenView Identity Management
Presentation Title Privacy Management with HP OpenView Identity Management Archie Reed Marco Casassa Mont Director of Strategy, Senior Researcher Identity Management, HP TSL, HP Labs, Bristol, UK Tutorial Id: TH-1400/4

2 Outline Privacy for Identity Management: Setting the Context
Important Privacy Aspects to be Addressed: Privacy Policy Enforcement Privacy Obligation Management HP Identity Management Portfolio: HP Select Access, HP Select Identity, HP Select Federation Current Support for Privacy HP Labs Privacy Management work: Privacy Policy Enforcement for HP Select Access Obligation Management System and Integration with HP Select Identity Conclusions Presentation Title Outline

3 Privacy: An Important Aspect of Regulatory Compliance
Presentation Title PRIVACY Regulatory Compliance (Example of Process) Regulations (incomplete list …) November 29, 2018

4 Impact on Enterprises and Opportunities
Presentation Title Privacy Legislation (EU Laws, HIPAA, COPPA, SOX, GLB, Safe Harbour, …) Customers’ Expectations Internal Guidelines Personal Data Applications & Services PEOPLE ENTERPRISE Regulatory Compliance Customers’ Satisfaction Positive Impact on Reputation, Brand, Customer Retention November 29, 2018

5 Systems/Applications/Services Confidential/Personal Data
Data Governance and Policy Management (Including Privacy Policies): Gaps Presentation Title Policy Development and Modelling Monitoring, Audit, Reporting and Policy Management Data Inventory People/Roles Systems/Applications/Services Gap and Risk Analysis Policy Enforcement Confidential/Personal Data Policy Deployment November 29, 2018

6 Privacy For Personal Data: Core Principles
Presentation Title Limited Retention Limited Disclosure Limited Use Limited Collection Consent Purpose Specification Privacy Rights Permissions Obligations Privacy Policies November 29, 2018

7 Outline Privacy for Identity Management: Setting the Context
Important Privacy Aspects to be Addressed: Privacy Policy Enforcement Privacy Obligation Management HP Identity Management Portfolio: HP Select Access, HP Select Identity, HP Select Federation Current Support for Privacy HP Labs Privacy Management work: Privacy Policy Enforcement for HP Select Access Obligation Management System and Integration with HP Select Identity Conclusions Presentation Title Important Privacy Aspects to be Addressed: Privacy Policy Enforcement Privacy Obligation Management Outline

8 Terminology: Consent, Intent, Data Purpose, Privacy Policy
Presentation Title to access personal data they need to express their INTENT i.e. how they intend to use these data P.S.: INTENT could be hard coded in applications or part of role definitions Data Requestors Request for DATA + INTENT Applications & Services Data Subject CONSENT is given by data subjects for the usage of their Personal Data (PII) for predefined PURPOSES Personal DATA + CONSENT Personal Data (PII) + Consent Privacy Office & Privacy Admins PRIVACY POLICIES: How data must be managed. What can be accessed by requestors, given their INTENT, the PURPOSE of Collecting the Data and CONSENT given by data subjects Definition of the PURPOSES data are collected for ENTERPRISE November 29, 2018

9 Privacy Enforcement for Personal Data: Principles and Implications
Presentation Title Access Control Implications Privacy Enforcement: Limited Retention Limited Disclosure Limited Use Limited Collection Consent Purpose Specification Privacy Policies November 29, 2018

10 Moving Towards a “Privacy-Aware” Access Control …
Privacy Enforcement on Data: Access Control + “Intent, Purpose, Consent, …” Presentation Title Access Control Privacy Extension Personal Data Purpose Requestor’s Intent Constraints Requestor Actions Rights Owner’s Consent Privacy-Aware Access Control Other… Personal Data Requestor Actions Rights Access Control Traditional Access Control It is not just a matter of traditional access control: need to include data purpose, intent and user’s consent Moving Towards a “Privacy-Aware” Access Control … November 29, 2018

11 Enterprise Privacy Policies &
2nd Example: Privacy-aware Access Control Consent, Purpose and Intent Mgmt Presentation Title Table T1 with PII Data and Customers’ Consent Enterprise Privacy Policies & Customers’ Consent T1 HIV Drug Addicted Rob 2 Hepatitis Contagious Illness Julie 3 Cirrhosis Alcoholic Alice 1 Diagnosis Condition Name uid If role==“empl.” and intent == “Marketing” Then Allow Access (T1.Condition,T1.Diagnosis) & Enforce (Consent) Else If intent == “Research” Then Allow Access (T1.Diagnosis) Else Deny Access T2 2 3 1 Research Marketing Consent x Access Table T1 (SELECT * FROM T1) Intent = “Marketing” Privacy Policy Enforcement Enforcement: Filter data SELECT “-”,Condition, Diagnosis FROM T1, T2 WHERE T1.uid=T2.Consent AND T2.Marketing=“YES” Hepatitis Contagious Illness - 3 2 Cirrhosis Alcoholism 1 Diagnosis Condition Name uid Filtered data November 29, 2018

12 Definition and Enforcement
Implicit Approach to Enforce Privacy Policies: No Flexibility Presentation Title Implicit Privacy Policy Definition and Enforcement Embed privacy policies within applications, queries, services/ad-hoc solutions Simple Approach It does not scale in terms of policy management It is not flexible and adaptive to changes Applications & Services Business logic Privacy policies Personal Data November 29, 2018

13 Definition and Enforcement
Explicit Approach to Enforce Privacy Policies: Vertical and Invasive Presentation Title Explicit Privacy Policy Definition and Enforcement Current Approaches Fully deployed Privacy Management Frameworks Explicit Management of Privacy Policies Might require major changes to IT and data infrastructure Usage of Vertical Solutions IBM Privacy Manager Privacy-aware Hippocratic Databases November 29, 2018

14 Definition and Enforcement
HP Approach: Adaptive, Integrated and Flexible Enforcement of Privacy Policies Presentation Title Privacy Policy Definition and Enforcement Implicit Explicit HP Approach Single solution for explicit management of Privacy Policies Privacy Enforcement by Leveraging and Extending HP Select Access Access Control Framework and easy to use management UI Does not require major changes to Applications/Services or Data Repositories November 29, 2018

15 Outline Privacy for Identity Management: Setting the Context
Important Privacy Aspects to be Addressed: Privacy Policy Enforcement Privacy Obligation Management HP Identity Management Portfolio: HP Select Access, HP Select Identity, HP Select Federation Current Support for Privacy HP Labs Privacy Management work: Privacy Policy Enforcement for HP Select Access Obligation Management System and Integration with HP Select Identity Conclusions Presentation Title Important Privacy Aspects to be Addressed: Privacy Policy Enforcement Privacy Obligation Management Outline

16 the security and confidentiality of customer information”
Privacy Obligation Refinement: Abstract vs. Refined Presentation Title Obligations can be very abstract: “Every financial institution has an affirmative and continuing obligation to respect customer privacy and protect the security and confidentiality of customer information” Gramm-Leach-Bliley Act More refined Privacy Obligations dictate Duties and Responsibilities with respect of Personal Information: Notice Requirements Enforcement of opt-in/opt-out options Limits on reuse of Information and Information Sharing Data Retention limitations … November 29, 2018

17 Privacy Obligations: A Complex Topic …
Presentation Title Privacy Obligations: A Complex Topic … Short-term Long-term Duration One-time Ongoing Enforcement “Delete Data XYZ after 7 years” “Notify User via 1 If his Data is Accessed” Types Transactional Data Retention & Handling Other Event-driven Obligations Context Dependent on Access Control Independent from Access Data Subject Setting Enterprise “How Represent Privacy Obligations? How to Stick them to Personal Data? How to Manage, Enforce and Monitor them? How to Integrate them into current IDM solutions?” November 29, 2018

18 Privacy Obligations: Common Aspects
Presentation Title Timeframe (period of validity) of obligations Events/Contexts that trigger the need to fulfil obligations Target of an obligation (PII data) Actions/Tasks/Workflows to be Enforced Responsible for enforcing obligations Exceptions and special cases November 29, 2018

19 Technical Work in this Space [1/2]
Presentation Title Current Approaches to Deal with Privacy Obligations: - P3P (W3C): - Definition of User’s Privacy Expectations - Explicit Declaration of Enterprise Promises - No Definition of Mechanisms for their Enforcement Data Retention Solutions and Document Management Systems. - Limited in terms of expressiveness and functionalities. - Focusing more on documents/files not personal data - Ad-hoc Solutions for Vertical Markets November 29, 2018

20 Recent relevant Work done in this Space:
Technical Work in this Space [2/2] Presentation Title Recent relevant Work done in this Space: IBM Enterprise Privacy Architecture, including a policy management system, a privacy enforcement system and audit Initial work on privacy obligations in the context of Enterprise Privacy Authorization Language (EPAL) lead by IBM XACML (OASIS): similar standard proposal - No Refined Model of Privacy Obligations - Privacy Obligations Subordinated to AC. Incorrect … November 29, 2018

21 Privacy Obligations: Suggested Approach
Presentation Title Privacy Obligations: Suggested Approach Deal with Privacy Obligations as “first-class citizens” in the context of Enterprises and Organisations – recognise its importance for Regulatory Compliance Recognise the Importance of Separation of Concerns: explore how to explicitly represent, manage and enforce privacy obligations without imposing any dominant view (for example, the authorization perspective) Research and Work on Longer-term Issues, such as accountability, stronger associations of obligations to data, obligation versioning and tracking November 29, 2018

22 Outline Privacy for Identity Management: Setting the Context
Important Privacy Aspects to be Addressed: Privacy Policy Enforcement Privacy Obligation Management HP Identity Management Portfolio: HP Select Access, HP Select Identity, HP Select Federation Current Support for Privacy HP Labs Privacy Management work: Privacy Policy Enforcement for HP Select Access Obligation Management System and Integration with HP Select Identity Conclusions Presentation Title Outline HP Identity Management Portfolio: HP Select Access, HP Select Identity, HP Select Federation Current Support for Privacy

23 HP OpenView Identity Management
Presentation Title Registration/ Creation Propagation Accounts & Policies Authentication Authorization Compliance Privacy Federation Single Sign-On Maintenance/ Management Termination Personalization HP Select Identity Cross-enterprise user life-cycle management Provisioning Workflow Password management Self Service Delegated administration HP Select Access Authentication Policy-based Access control Single sign-on Web Services Security &Access Mgmt Personalization HP Select Federation Open protocol federation Automated inter-organizational user activation & provisioning Privacy management Federation auditing & governance November 29, 2018

24 Access Control product Policy Authoring Policy Decisions
Presentation Title [1] HP Select Access Access Control product Policy Authoring Policy Decisions Policy Enforcement Auditing November 29, 2018

25 Presentation Title [1] HP Select Access Access Control System: Definition, Enforcement and Auditing of Access Control Policies November 29, 2018

26 Authoring Access Control Constraints
[1] Policy Builder: Authoring Access Control Constraints Presentation Title High-Level matrix-based UI to set-up access control constrains on resources given users/groups November 29, 2018

27 fine grained Access Control Rules
[1] Rule Editor: fine grained Access Control Rules Presentation Title Rule editor for fine-grained definition of access control policies November 29, 2018

28 [1] HP Select Access: Summary
Presentation Title [1] HP Select Access: Summary Access Control System Fine-grained Policy Authoring, Deployment and Enforcement Intuitive and Simple to use GUIs Enforcement for Web Resources Auditing November 29, 2018

29 Management of Identities in Organisations
Presentation Title [2] HP Select Identity Management of Identities in Organisations Support for Self Registration and User Provisioning Account Management across Platforms, Applications and Corporate Boundaries November 29, 2018

30 Security & Access Controls Identity Management Functions
Presentation Title [2] HP Select Identity Connector Bus Windows Databases H.R. Web SSO Directories Business Apps Mainframe Policy & Security Security & Access Controls Identity Management Functions Workflow Policies Notifications IdM Services Business Relationships Identity Store (users) Groups November 29, 2018

31 [2] HP Select Identity: Summary
Presentation Title [2] HP Select Identity: Summary Centralised Management of Users and Entitlements User Provisioning: create, update and delete Administrative Delegation User Self Service Approval Workflow Password & Profile Management Audit and Reporting November 29, 2018

32 Enables web SSO and Cross Domain Federated Identity Management
Presentation Title [3] HP Select Federation Enables web SSO and Cross Domain Federated Identity Management No need for Centralised Data Repository Support for Liberty Alliance, SAML, WS Federation November 29, 2018

33 [3] HP Select Federation
Presentation Title [3] HP Select Federation OpenView Select Federation enables secure, cross-enterprise single sign-on and identity data sharing Supports multiple federation protocols, including Liberty and SAML Supports heterogeneous identity management environments Includes a comprehensive management console Provides extensive audit capabilities Enables policy-based privacy management Enables 1-click smart user activation/provisioning Federation Protocol Agnostic OVSF supports all the leading federation protocol standards so that your enterprise can federate with any business partner without the need to worry about the future of any particular protocol. Supports SAML 1.0/1.1, Liberty ID-FF 1.1/1.2, Liberty ID-WSF 1.0, Liberty ID-PP 1.0, Liberty ID-EP 1.0, Liberty LECP, and soon will support SAML 2.0 and WS-Federation Identity System Independent OVSF is available as a stand-alone server, or integrated with Select Access. As a stand-alone server it is capable of integrating with your existing identity system, whether it is home grown or from another vendor. This allows you to preserve your investments while building for the future Comprehensive Management Console OFSF provides a simple yet comprehensive administrative interface for configuring and managing your enterprises federations, thus hiding the complexity of the underlying protocols. The administrative interface is entirely web based providing easy deployment, firewall traversal, and ubiquitous access. Extensive Audit All administrative and operational actions can be audited and reported upon providing accountability within and across organizations. This is an important part of regulatory compliance Privacy Management End users can specify what personal information can be released to whom. User consent (opt-in) for federations and attribute release can be controlled, audited, and reported upon. One-touch user activation/provisioning With OVSF, the act of a user federating with a partner site can trigger the provisioning of user attribute information to that partner for account activation/creation on their end. J2EE Architecture A 100% Java architecture built on the J2EE environment provides scalability, fail-over, and load balancing across 100s of servers and millions of users November 29, 2018

34 Outline Privacy for Identity Management: Setting the Context
Important Privacy Aspects to be Addressed: Privacy Policy Enforcement Privacy Obligation Management HP Identity Management Portfolio: HP Select Access, HP Select Identity, HP Select Federation Current Support for Privacy HP Labs Privacy Management work: Privacy Policy Enforcement for HP Select Access Obligation Management System and Integration with HP Select Identity Conclusions Presentation Title Outline HP Identity Management Portfolio: HP Select Access, HP Select Identity, HP Select Federation Current Support for Privacy

35 HP IDM Solutions: HPL Privacy Extensions
Presentation Title HP IDM Solutions: HPL Privacy Extensions HP Select Access HP Select Identity HP Select Federation Data Modelling & Management Privacy-aware Policy Authoring Privacy-aware Policy Deployment Privacy-aware Policy Enforcement (Access Control) Obligation Management & Enforcement Audit & Reporting Federated Environments Federated Environments Federated Environments Supported Can Be Extended Not Relevant November 29, 2018

36 Outline Privacy for Identity Management: Setting the Context
Important Privacy Aspects to be Addressed: Privacy Policy Enforcement Privacy Obligation Management HP Identity Management Portfolio: HP Select Access, HP Select Identity, HP Select Federation Current Support for Privacy HP Labs Privacy Management work: Privacy Policy Enforcement for HP Select Access Obligation Management System and Integration with HP Select Identity Conclusions Presentation Title Outline HP Labs Privacy Management work: Privacy Policy Enforcement for HP Select Access Obligation Management System and Integration with HP Select Identity

37 HP IDM Solutions: HPL Privacy Extensions
Presentation Title HP IDM Solutions: HPL Privacy Extensions HP Select Access HP Select Identity HP Select Federation Data Modelling & Management Privacy-aware Policy Authoring Privacy-aware Policy Deployment Privacy-aware Policy Enforcement (Access Control) Obligation Management & Enforcement Audit & Reporting HPL Work Federated Environments Federated Environments Federated Environments Supported Can Be Extended Not Relevant November 29, 2018

38 Outline Privacy for Identity Management: Setting the Context
Important Privacy Aspects to be Addressed: Privacy Policy Enforcement Privacy Obligation Management HP Identity Management Portfolio: HP Select Access, HP Select Identity, HP Select Federation Current Support for Privacy HP Labs Privacy Management work: Privacy Policy Enforcement for HP Select Access Obligation Management System and Integration with HP Select Identity Conclusions Presentation Title Outline HP Labs Privacy Management work: Privacy Policy Enforcement for HP Select Access Obligation Management System and Integration with HP Select Identity

39 Privacy Policy Enforcement: Requirements for HP Select Access
Presentation Title Core requirements: 1 Explicit Modelling of Confidential Data Describe Privacy Policy based on the Content of Data, Consent, Intent and Data Purpose Make Decisions based on these Privacy Policies Enforce these Privacy Decisions 2 3 4 Extend Select Access mainly via its Standard APIs to implement the above requirements November 29, 2018

40 AccessControl Policies
Privacy Enforcement in HP Select Access Presentation Title HPL Plug-ins Privacy Policy Deployment & Decisions Validator (Policy Decision) Policy Builder AccessControl Policies Audit Repository Enforcer Plug - in Access Request Grant/Deny Web Services Personal Data + Owners’ Consent Applications, Services, Privacy-aware Access to Data HPL Data Enforcer Requestor’s Intent + Request to Access Data Privacy- aware Decision Data Access Privacy- aware Access Request Privacy Policy Enforcement On Personal Data HPL Plug-ins + Privacy Policies (intent, purpose, consent, constraints…) Data Modelling & Privacy Policy Authoring November 29, 2018

41 Select Access: Privacy Extension [1/4]
Presentation Title Modelling Data Resources in SA Policy Builder: 1 Data Resources Added to Policy Builder November 29, 2018

42 Select Access: Privacy Extension [2/4]
Presentation Title Author Privacy Policies in SA Policy Builder via SA Plug-ins: Add Privacy Constraints on “Data Resources”: checking Intent vs. Purpose, Consent, etc. Describe Policies the evaluation of which is: “Allow Access to Data + Privacy Constraints to be Enforced” 2 Rule Editor Purpose-based Decision plug-in Data Filtering plug-in Consent Management plug-in Data Expiration plug-in Privacy Constraints: - Filtering data - Enforce Consent - Obfuscating data - Transformation of Data … November 29, 2018

43 Select Access: Privacy Extension [3/4]
Presentation Title 3 Request: Data Resource + Intent+ (Parameters) Privacy Decisions by SA Validator (PDP): Validator Plug-in makes decisions based on Privacy Policies (1-1 correspondence with Policy Builder plug-in) Decisions must support Privacy-oriented Constraints (to be enforced): “Allow Access to Data + Constraints to be Enforced” (e.g. allow access to table “Patients Details”, but strip-out the columns “Name, Surname, Address”) The SA Validator is general purpose. It does not examine Confidential Data for performance/logistic reasons. SA Validator Plug-in Decisions: NO YES YES + Constraints November 29, 2018

44 Select Access: Privacy Extension [4/4]
Presentation Title Privacy Constraints enforced by a Data Enforcer … 4 The SA Web Enforcer focuses on Web Resources. It does not explicitly deal with Data Resources… Add a SA “Data Enforcer”: located nearby the Data Repository (performance …) knows how to access/handle Data and “Queries” know how to enforce Privacy Constraints can support “Query rewriting” (i.e. filtering, etc.) The new SA “Data Enforcer” is designed to have: A General Purpose Engine (to interact with SA Validator) Ad-hoc plug-ins for different Data Sources to interpret and enforce privacy decisions (e.g. RDBMS, LDAP servers, virtual directories, meta-directories, …) Data allowed to access Access Request + Intent Enforcer API SA Data Enforcer (Data Proxy) Logic Validator Plug-in Constraint Enforcement Engine Constraint Enforcement Engine Constraint Enforcement Engine LDAP Server Meta Directory RDBMS November 29, 2018

45 SQL Query Transformation
Data Enforcer SQL Query Transformation Presentation Title Original SQL Query: SELECT * FROM PatientRecords; SQL Query Transformed by Data Enforcer (Pre-Processing): SELECT PatientRecords.NAME,PatientRecords.DoB,PatientRecords.GENDER,'-‘ AS SSN,PatientRecords.ADDRESS,PatientRecords.LOCATION,PatientRecords. , PatientRecords.COMM,PatientRecords.LIFESTYLE,'-' AS GP,'-' AS HEALTH,'-' AS CONSULTATIONS,'-' AS HOSPITALISATIONS,'-' AS FAMILY,'-' AS Username FROM PatientRecords,PrivacyPreferences WHERE PatientRecords.Name=PrivacyPreferences.Name AND PrivacyPreferences.Marketing='Yes'; November 29, 2018

46 Performance Based on Type of Queries
Data Enforcer: Performance Based on Type of Queries Presentation Title November 29, 2018

47 Demo: HealthCare Scenario
Presentation Title Demo: HealthCare Scenario Web Services Accessing PII Data (SQL) SA Web Enforcer LDAP Directories JDBC Proxy Privacy Plug-ins User’s Web Browser Web Portal SA Validator + Privacy plug-ins SA Data Enforcer Privacy Plug-ins SA Policy Builder Personal Data Database November 29, 2018

48 Presentation Title Demo Snapshot November 29, 2018

49 Effect of applying the privacy policy
Presentation Title Demo Snapshot Effect of applying the privacy policy (data filtering) Effect of enforcing customers’ consent November 29, 2018

50 Benefits Integration of: Rationalization and Simplification of
Presentation Title Benefits Integration of: - Resource Management: data, IT resources, web resources, … - Management of Access Control and Privacy Policies - Policy Authoring and Administration GUI - Policy Deployment and Enforcement Framework Rationalization and Simplification of policy management and enforcement solutions November 29, 2018

51 Presentation Title Next Steps HP Software Business Considering the Productisation of Privacy Enforcement for HP Select Access in 2006 HP interested in “lighthouse” customers for collaborations and joint technological trials November 29, 2018

52 Outline Privacy for Identity Management: Setting the Context
Important Privacy Aspects to be Addressed: Privacy Policy Enforcement Privacy Obligation Management HP Identity Management Portfolio: HP Select Access, HP Select Identity, HP Select Federation Current Support for Privacy HP Labs Privacy Management work: Privacy Policy Enforcement for HP Select Access Obligation Management System and Integration with HP Select Identity Conclusions Presentation Title Outline HP Labs Privacy Management work: Privacy Policy Enforcement for HP Select Access Obligation Management System and Integration with HP Select Identity

53 Obligation Management System (OMS): Model
Presentation Title Obligation Management Framework Obligations Scheduling Enforcement Monitoring Privacy Obligations Data Subjects Administrators Personal Data (PII) ENTERPRISE November 29, 2018

54 [1] Privacy Obligations: Modelling and Representation
Presentation Title Targeted Personal Data References to stored PII data e.g. Database query, LDAP reference, etc. Privacy Obligation Obligation Identifier Triggering Events One or more Events that trigger different Actions potentially involving changes to PII data e.g. Event: Time-based events Actions: Delete PII, Notify Actions Additional Metadata (Future Extensions) November 29, 2018

55 [1] Privacy Obligations: Format Example
Presentation Title <obligation id=“gfrbg7645gt45"> <target> <database> <dbname>Customers</dbname> <tname>Customers</tname> <locator> <key name=“UserID">oid_a83b8a:fdfc44df3b:-7f9c</key> </locator> <data attr="part"> <item>creditcard</item> <item>firstname</item> </data> </database> </target> <obligationitem sid="1"> <metadata> <type>LONGTERM</type> <description>Delete [firstname,surname] at Sat Aug 15 17:26:21 BST 2004.]</description> </metadata> <events> <event> <type>TIMEOUT</type> <date now="no"> <year>2004</year> <month>08</month> <day>14</day> <hour>17</hour><minute>26</minute> </event> </events> <actions> <action> <type>DELETE</type> </action> </actions> </obligationitem> </obligation> November 29, 2018

56 Setting Privacy Obligations
[2] OMS: High Level System Architecture Presentation Title Enforcing Privacy Obligations Applications and Services Data Subjects Privacy-enabled Portal Admins Monitoring Privacy Obligations Setting Privacy Obligations On Personal Data Obligation Monitoring Service Events Handler Monitoring Task Handler Admins Obligation Server Workflows Obligation Scheduler Obligation Enforcer Information Tracker Action Adaptors ENTERPRISE Audit Server Data Ref. Obligation Obligation Store & Versioning Confidential Data November 29, 2018

57 Privacy Obligation Management System: Use Case
Presentation Title Explicit Management, Enforcement and Monitoring of Privacy Preferences and Constraints associated to Personal Data and Digital Identities: Turning privacy preferences into Privacy Obligations Personal Data + Privacy Preferences Self Registration And User Account Management HP Select Identity Obligation Management System Connectors Audit Logs Data Subject Privacy Obligation Enforcement & Monitoring Web Service API User Provisioning Enterprise Data Repositories November 29, 2018

58 Presentation Title Demo Screenshots … November 29, 2018

59 Demo: Environment HP Select Identity
Presentation Title HP Select Identity Obligation Management System - GUI November 29, 2018

60 OMS UI – Managed Obligations [1/2]
Presentation Title View: List of Managed Obligations (to be enforced and enforced obligations) Note: in this example all obligations are enforced (status OK or Violated) November 29, 2018

61 OMS UI – Managed Obligations [2/2]
Presentation Title Details of Selected Obligation November 29, 2018

62 OMS UI – Monitored Obligations
Presentation Title View: Monitored Obligations (enforced obligations) Note: In this example, the last two obligations in the list are in the “Violated” status (RED colour). This status and the details can be logged/audited and reported to the administrator for follow-up actions November 29, 2018

63 OMS UI – System Status View: Status of OMS Internal Components
Presentation Title View: Status of OMS Internal Components Note: More than an instance of each OMS component could be running, on different systems, for fault tolerance and workload balancing November 29, 2018

64 HP SI – Provisioning a New User [1/2]
Presentation Title Privacy Preferences (deletion times of selected attributes and of the entire account) November 29, 2018

65 HP SI – Provisioning a New User [2/2]
Presentation Title Privacy Preferences (notification of deletions via ) November 29, 2018

66 HP SI – Provisioning Request OK
Presentation Title The new user provisioning request has been successful – User information will also be provisioned via the OMS connector that will cause the creation of new privacy obligations based on previous user’ privacy preferences November 29, 2018

67 OMS – New Privacy Obligations Generated
Presentation Title OMS – New Privacy Obligations Generated New Privacy Obligations generated as Effect of provisioning a new User and Handling Privacy preferences (Deletion and Notification) November 29, 2018

68 Benefits - Explicit Control, Enforcement and Monitoring of
Presentation Title Benefits - Explicit Control, Enforcement and Monitoring of Privacy Obligations - Explicitly Address Data Subjects’ Preferences and Laws/Enterprise Obligations Integration of User Provisioning and Data Subject’s Preference Rationalization and Simplification of Obligation Management and Enforcement November 29, 2018

69 Presentation Title Next Steps Addressing open issues such as obligation life-cycle management, overall efficiency, stickiness of privacy obligations to PII data Further research to be done in the context of the EU PRIME project HPL interest in “lighthouse” customers for collaborations and joint technological trials November 29, 2018

70 Outline Privacy for Identity Management: Setting the Context
Important Privacy Aspects to be Addressed: Privacy Policy Enforcement Privacy Obligation Management HP Identity Management Portfolio: HP Select Access, HP Select Identity, HP Select Federation Current Support for Privacy HP Labs Privacy Management work: Privacy Policy Enforcement for HP Select Access Obligation Management System and Integration with HP Select Identity Conclusions Presentation Title Outline Conclusions

71 Conclusions Presentation Title Privacy Management is a Key Aspect of IT Governance and Regulatory Compliance Important Privacy Issues that Must be Addressed: - Privacy Policy Enforcement - Privacy Obligation Management Current HP IDM Solutions already Address part of these Issues: Privacy Management as a Key Differentiator for HP IDM solutions HP Labs’ Contributions: - Vision and R&D in the Privacy Management Space - Privacy Extensions of HP Select Access and HP Select Identity Privacy Enforcement for HP Select Access to be Productised in 2006 HP keen in Collaborations with Customers for Trials and Requirements November 29, 2018

72 Contacts Archie Reed (archie. reed@hp. com) Marco Casassa Mont (marco
Contacts Archie Reed Marco Casassa Mont Presentation Title Please Visit the HP Identity Management Booth for Additional Details on HP IDM Solutions November 29, 2018

73 Presentation Title Backup Slides

74 Building SA Policy Builder Plug-ins …
Presentation Title com.hp.ov.selectaccess.rulebuilder SA XML API RuleComponentPanel com.hp.ov.selectaccess.util.property com.hp.ov.selectaccess.util.propertyElement com.hp.ov.selectaccess.util.propertyListElement initialise() okClicked() helpClicked() cancelClicked() extends import Decision Point Plug-in Java-based Plug-in extends JPanel comm. to Policy Store code GUIs Filter Point Plug-in read component.xml default configuration values for plug-in link to the correspondent Validator plug-in November 29, 2018

75 Building SA Validator Plug-ins …
Presentation Title #include Validator.h #include Decider.h SA XML API PropertyElement.h PropertyLIstElement.h Decider init() factory() decide() extends import Decision Point Plug-in comm. to Enforcer comm. to Policy Store C/C++-based Plug-in code Filter Point Plug-in init() register plug-in factory() retrieve portion of privacy policy from LDAP. Create plug-in instance decide() decision point plug-in: decide path to follow based on Enforcer’s request filter point plug-in: add constraints to Validator’s reply November 29, 2018

76 Data Enforcer - Technical Details
Presentation Title Data Enforcer - Technical Details Application/Service Application/Service JDBC Requests JDBC Requests JDBC Proxy JDBC Proxy Client Enforcer API SSL RMI SA Validator JDBC Proxy Server Database SA Validator Database Enforcer API SSL com.hp.ov.selectaccess.enforcer Enforcer API Java C++ COM Work in Progress Exploring similar approaches for LDAP and Virtual Directories Enforcer() XMLQueryInit() XMLQuerySend() November 29, 2018

77 OMS and HP Select Identity Integration: Current Prototype
Presentation Title HP Select Identity Data Subject Personal Data + Privacy Preferences (deletion, notification) 1 Personal Data 2 Personal Data User Provisioning MS SQL Server Web Services OMS Connector Privacy Obligation Generation Obligation Enforcement (attributes & user account deletion) ( notifications) 4 Personal Data + Obligations 3 Data Storage Obligation Management System (OMS) Privacy Obligations Personal Data Obligation Monitoring 5 MySQL HP Labs Contribution MySQL November 29, 2018

78 Presentation Title

Download ppt "Privacy Management with HP OpenView Identity Management"

Similar presentations

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Policy Enforcement in Enterprises.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Policy Enforcement in Enterprises.
XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.

XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
02/12/00 E-Business Architecture

02/12/00 E-Business Architecture
1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
“This presentation is for informational purposes only and may not be incorporated into a contract or agreement.”

“This presentation is for informational purposes only and may not be incorporated into a contract or agreement.”
WSS 3.0 Architecture and Enhancements Ashvini Shahane Member – Synergetics Research Lab.

WSS 3.0 Architecture and Enhancements Ashvini Shahane Member – Synergetics Research Lab.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.
Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.

Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.
Copyright ®xSpring Pte Ltd, All rights reserved Versions DateVersionDescriptionAuthor May 20121.0First version. Modified from Enterprise edition.NBL.

Copyright ®xSpring Pte Ltd, All rights reserved Versions DateVersionDescriptionAuthor May First version. Modified from Enterprise edition.NBL.
Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK InfraSec 2002 InfraSec 2002 Bristol, 01-03 October 2002 Marco Casassa Mont Richard.

Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK InfraSec 2002 InfraSec 2002 Bristol, October 2002 Marco Casassa Mont Richard.
Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)

Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)
Sudha Iyer Principal Product Manager Oracle Corporation.

Sudha Iyer Principal Product Manager Oracle Corporation.
1 Schema Registries Steven Hughes, Lou Reich, Dan Crichton NASA 21 October 2015.

1 Schema Registries Steven Hughes, Lou Reich, Dan Crichton NASA 21 October 2015.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
James Akrigg Microsoft Ltd Integrating InfoPath Forms Into Workflow Solutions And Business Processes.

James Akrigg Microsoft Ltd Integrating InfoPath Forms Into Workflow Solutions And Business Processes.

Similar presentations

Ads by Google