ISTPA Privacy Framework

beansproutscompleteSoftware and s/w Development

Dec 13, 2013 (3 years and 5 months ago)

72 views

1

ISTPA Privacy Framework



John T. Sabo

Computer Associates

Copyright
© 1999
-
2003 International Security, Trust & Privacy Alliance

All Rights Reserved

IAPP
-
TRUST
e
Symposium

June 9, 2004

2

Context
-
Hard Problem


Multidimensional Privacy


Legal, regulatory, social, economic, political, moral and
ethical dimensions


Variable Nature


Changes with context, audience “privacy is contextual
and personal”


Privacy is plagued by lack of a:


Common vocabulary


Shared reference model and framework


Structured and uniform means of analysis


Sort out the issues, understand and communicate the
underlining requirements

3

ISTPA’s Approach



Resolution
-
Solution Focus


Transform Privacy Policy to Privacy Science & Engineering
Discipline


Build and Forward Open Multidisciplinary Standards,
Specifications and Unified Approach (Methodology)


Shared privacy vocabulary (terms, notation)


Open policy configurable framework


Standardized Set of Industry Specific Use Cases


Privacy Framework as Platform for Multidisciplinary
Collaboration


Regulators, lawyers, law makers, corporate policy makers,
business and product managers, citizen
-
consumers, privacy
advocates, IT and security professionals, technologist

4

Framework Defined


Privacy Framework


An open, policy configurable set of collaborating
services and capabilities used to guide the
analysis, design and implementation and
assessment of security, trust and privacy
solutions and infrastructure

5

ISTPA Privacy Framework Services
& Capabilities


Audit


independent, verifiable accountability


Certification


credentials, trusted processes


Control
-

only permissible access to data


Enforcement
-

redress when violation


Interaction
-

manages data/preferences


Negotiation


of agreements, rules, privileges


Validation
-

checks accuracy of personal information


Access
-

subject can correct/update information


Agent


software that acts on behalf of data subject


Usage


data use, aggregation, anonymization

6

ISTPA Privacy Framework

Security Foundation
Usage
Assurance Services
PI
Container
(PIC)
Data Subject
Data Requestor
Control
Negotiation
PI, Preferences
& PIC Repository
Interaction
Control
Negotiation
Interaction
PIC Repository
Agent
Agent
Audit
Enforcement
Certification
Validation
Legal, Regulatory, & Policy Context
7

Framework: PI Container

Conditions
Policies
Inteneded Use
PI
PI Contract
PI Container
Credentials
Permissions
Identity
Credentials
Signature

PI Container


Binding of


PI


Contract


Credentials


8

ISTPA Privacy Framework

Security Foundation
Usage
Assurance Services
PI
Container
(PIC)
Data Subject
Data Requestor
Control
Negotiation
PI, Preferences
& PIC Repository
Interaction
Control
Negotiation
Interaction
PIC Repository
Agent
Agent
Audit
Enforcement
Certification
Validation
Legal, Regulatory, & Policy Context

A set of
collaborating
services and
capabilities
(layer)


Security
Foundation
(layer)


Legal,
Regulatory &
Policy
Context

9

Layers and Context

10


Translating Privacy Law and
Practices into Infrastructure


Privacy Fair
Information
Practices and
Translation to
the Real World
Infrastructure

Security Foundation
Usage
Assurance Services
PI
Container
(PIC)
Data Subject
Data Requestor
Access
Control
Negotiation
Interaction
Control
Negotiation
Interaction
PIC Repository
Audit
Enforcement
Certification
Validation
Legal, Regulatory, & Policy Context
PI, Preferences
PIC Repository
Service
Capability
UPDATE
CORRECTION
NOTICE
AWARENESS
ACCESS
QUALITY
INTEGRITY
ENFORCEMENT
RECOURCE
Practices
Agent
Agent
CHOICE
CONSENT
11

Services, Capabilities vs.
Mechanisms



Services & Capabilities


Defined functionality
(what)

supporting privacy and security
requirements


Mechanisms

Specific service and capability
implementations
(how)

supporting defined
services and capabilities


Protocols, technologies, infrastructure


Smart cards,
Trusted platforms, SAML, cryptographic tools, secure
hash, symmetric keys, P3P, EPAL, XACML

12

Reference Model Approach

ISTPA Privacy Framework as Reference Model

Service/Capability

Function

Organizations/Protocols/Mechanisms

Certification

credentials, trusted processes

BBBOnline, BetterWeb, E
-
Safe, Global Trust Alliance, Guardian
eCommerce Security, Net
-
Ethix, Privacy License, Privacy Secure,
Inc., PrivacyBot.com, SecureBiz, TRUSTe, WebTrust

Validation

checks accuracy of personal
information

Audit Check Services, Certificate Authorities, Credit Check Services,

Negotiation

of agreements, rules, privileges

APPEL, P3P, License Script, FDRM, ODRL, XrML

Usage

data use, aggregation, anonymization

Trusted Computing Group, Trusted Platforms, Smartcards, Secure
Tokens

Security
Foundation

Mechanisms

AES, MD5, Authentication, Non
-
Repudiation, Access Control,
Integrity, Confidentiality, Availability, PKI

Legal Context

Legal, Regulatory,
Policy

EU Data Protection Directive, HIPAA, GLBA, COPPA, Privacy Act

13

ISTPA Project Areas


Framework Projects


ISO Publicly Available Specification (PAS)


Privacy Capability Maturity Model


Privacy Tools & Technology


Privacy Rule Language (IBM’s EPAL)


Identity Management Systems

14

Questions?



John T. Sabo

john.t.sabo@ca.com

www.istpa.org


15

Backup

16

Privacy Framework Services

Service /
Capability

Description

Audit

Handles the recording and maintenance of events in any service to capture the data that
is necessary to ensure compliance with the terms and policies of an agreement and any
applicable regulations.

Certification

Manages and validates the credentials of any party or process involved in processing of
a PI transaction.

Control

Functions as “repository gatekeeper” to ensure that access to PI which is stored by a
data collection entity complies with the terms and policies of an agreement and any
applicable regulations.

Enforcement

Handles redress when a data collection entity is not in conformance with the terms and
policies of an agreement and any applicable regulations.

Interaction


Presents proposed agreements from a data collection entity to the data subject; receives
the subject’s personal information, preferences, and actions; confirms actions; manages
movement of data into and out of the Framework. To the extent the data subject is
represented by an agent, this service comprises the interface to the agent.

Negotiation


Handles arbitration of a proposal between a data collection entity and a data subject.
Successful negotiation results in an agreement. Humans, agents, or any combination,
can handle negotiation.

Validation

Checks for accuracy of PI at any point in its life cycle.

17

Privacy Framework Capabilities

Service /
Capability

Description

Access

A capability that allows the data subject to both access the
individual’s PI that is held by a data collection entity, and to
correct or update it as necessary.

Agent

A software capability that acts on behalf of a data subject or
a requestor. The Agent Capability engages with one or
more of the other services defined in this Framework. Agent
can also refer to the human data subject in the case of a
manual process.

Usage

Functions as “processing monitor” to ensure that active use
of PI complies with the terms and policies of an agreement
and any applicable regulations. Such uses may include
transfer, derivation, aggregation, anonymization, linking, and
inference of data.

18

Framework
-
Related Technologies and
Standards

Security Foundation
Usage
Assurance Services
PI
Container
(PIC)
Data Subject
Data Requestor
Control
Negotiation
PI, Preferences
& PIC Repository
Interaction
Control
Negotiation
Interaction
PIC Repository
Agent
Agent
Audit
Enforcement
Certification
Validation
Legal, Regulatory, & Policy Context
Trusted

Computing

Group

Integration & Interoperability

Microsoft Passport

Liberty Alliance Project

XNS

PSP

APPEL

Security Technologies

Cryptography (PK & Symmetric)

Secure Hashing

Privacy Seals


BBBOnline


BetterWeb


E
-
Safe


Global Trust Alliance


Guardian eCommerce Security


Net
-
Ethix


Privacy License


Privacy Secure, Inc


PrivacyBot.com


SecureBiz


TRUSTe


WebTrust


Access


Authentication


Integrity


Non
-
repudiation


Privacy (Encryption)

Trusted Platforms

Smartcards

Secure Tokens

Negotiation Technologies

Validation Services

Adult Check Services

Certificate Authorities

Credit Check Services

Address Validation Services

Relevant Standards Groups

OASIS (SAML, AVDL, PKI,


WS
-
Security, XCBF, XRI)

W3C (XML*, HTTP, SOAP,


P3P, APPEL, CC/PP)

Trusted Computing Group

Liberty Alliance Project

XNS

Many Hardware & Govt Stds

Rights Expression

Languages

P3P

LicenseScript

FDRM

ODRL

XrML