istpa privacy framework - ehcca.com
TRANSCRIPT
1
ISTPA Privacy Framework
John T. SaboComputer Associates
Copyright © 1999-2003 International Security, Trust & Privacy AllianceAll Rights Reserved
IAPP-TRUSTe SymposiumJune 9, 2004
2
Context-Hard ProblemMultidimensional Privacy
Legal, regulatory, social, economic, political, moral and ethical dimensions
Variable NatureChanges with context, audience “privacy is contextual and personal”
Privacy is plagued by lack of a:Common vocabulary Shared reference model and frameworkStructured and uniform means of analysis
Sort out the issues, understand and communicate the underlining requirements
3
ISTPA’s ApproachResolution-Solution Focus
Transform Privacy Policy to Privacy Science & Engineering DisciplineBuild and Forward Open Multidisciplinary Standards, Specifications and Unified Approach (Methodology)
Shared privacy vocabulary (terms, notation)Open policy configurable frameworkStandardized Set of Industry Specific Use Cases
Privacy Framework as Platform for Multidisciplinary Collaboration
Regulators, lawyers, law makers, corporate policy makers, business and product managers, citizen-consumers, privacy advocates, IT and security professionals, technologist
4
Framework Defined
Privacy FrameworkAn open, policy configurable set of collaborating services and capabilities used to guide the analysis, design and implementation and assessment of security, trust and privacy solutions and infrastructure
5
ISTPA Privacy Framework Services & Capabilities
Audit – independent, verifiable accountabilityCertification – credentials, trusted processes Control - only permissible access to dataEnforcement - redress when violationInteraction - manages data/preferencesNegotiation – of agreements, rules, privileges Validation - checks accuracy of personal informationAccess - subject can correct/update informationAgent – software that acts on behalf of data subjectUsage – data use, aggregation, anonymization
6
ISTPA Privacy Framework
S e c u r i ty F o u n d a t io n
U s a g e
A s s u ra n c e S e rv ic e s
P IC o n ta in e r
(P IC )
D a ta S u b je c t D a ta R e q u e s to r
C o n t ro l
N e g o t ia t io n
P I , P re fe re n c e s& P IC R e p o s i to ry
In te ra c t io n
C o n t ro l
N e g o t ia t io n
In te r a c t io n
P IC R e p o s ito ry
A g e n t A g e n t
A u d it E n fo rc e m e n tC e r t i f ic a t io nV a l id a t io n
L e g a l , R e g u la to ry , & P o l ic y C o n te x t
7
Framework: PI Container
C o n d itio n s
P o lic ies
In ten ed ed U se
P I
P I C o n trac t
P I C o n ta in er
C red en tia ls
P erm issio n s
Id en tityC red en tia ls
S ig n atu re
PI ContainerBinding of
PIContractCredentials
8
ISTPA Privacy Framework
S e c u r ity F o u n d a t io n
U s a g e
A s s u ra n c e S e rv ic e s
P IC o n ta in e r
(P IC )
D a ta S u b je c t D a ta R e q u e s to r
C o n tro l
N e g o t ia t io n
P I, P re fe re n c e s& P IC R e p o s ito ry
In te ra c t io n
C o n tro l
N e g o t ia t io n
In te ra c tio n
P IC R e p o s ito ry
A g e n t A g e n t
A u d it E n fo rc e m e n tC e r t i f ic a t io nV a lid a t io n
L e g a l , R e g u la to ry , & P o l ic y C o n te x t
A set of collaborating services and capabilities (layer)Security Foundation (layer)Legal, Regulatory & Policy Context
9
Layers and Context
10
Translating Privacy Law and Practices into Infrastructure
Privacy Fair Information Practices and Translation to the Real World Infrastructure
Security Foundation
Usage
Assurance Services
PIContainer
(PIC)
Data Subject Data Requestor
Access
Control
Negotiation
Interaction
Control
Negotiation
Interaction
PIC Repository
Audit EnforcementCertificationValidation
Legal, Regulatory, & Policy Context
PI, PreferencesPIC Repository
Service
Capability
UPDATE
CORRECTION
NOTICE
AWARENESSACCESS
QUALITYINTEGRITY
ENFORCEMENTRECOURCE
Practices
Agent Agent
CHOICE
CONSENT
11
Services, Capabilities vs. Mechanisms
Services & Capabilities – Defined functionality (what) supporting privacy and security requirementsMechanisms –Specific service and capability implementations (how) supporting defined services and capabilities
Protocols, technologies, infrastructure – Smart cards, Trusted platforms, SAML, cryptographic tools, secure hash, symmetric keys, P3P, EPAL, XACML
12
Reference Model Approach
AES, MD5, Authentication, Non-Repudiation, Access Control, Integrity, Confidentiality, Availability, PKIMechanisms
Audit Check Services, Certificate Authorities, Credit Check Services,checks accuracy of personal informationValidation
ISTPA Privacy Framework as Reference Model
EU Data Protection Directive, HIPAA, GLBA, COPPA, Privacy Act Legal, Regulatory, Policy
Legal Context
Security Foundation
Trusted Computing Group, Trusted Platforms, Smartcards, Secure Tokensdata use, aggregation, anonymizationUsage
of agreements, rules, privileges
credentials, trusted processes
Function
APPEL, P3P, License Script, FDRM, ODRL, XrMLNegotiation
BBBOnline, BetterWeb, E-Safe, Global Trust Alliance, Guardian eCommerce Security, Net-Ethix, Privacy License, Privacy Secure, Inc., PrivacyBot.com, SecureBiz, TRUSTe, WebTrust
Certification
Organizations/Protocols/MechanismsService/Capability
13
ISTPA Project Areas
Framework ProjectsISO Publicly Available Specification (PAS)Privacy Capability Maturity ModelPrivacy Tools & Technology
Privacy Rule Language (IBM’s EPAL)Identity Management Systems
14
Questions?Questions?
John T. [email protected]
www.istpa.org
John T. [email protected]
www.istpa.org
15
Backup
16
Privacy Framework Services
Checks for accuracy of PI at any point in its life cycle.Validation
Handles arbitration of a proposal between a data collection entity and a data subject. Successful negotiation results in an agreement. Humans, agents, or any combination, can handle negotiation.
Negotiation
Presents proposed agreements from a data collection entity to the data subject; receives the subject’s personal information, preferences, and actions; confirms actions; manages movement of data into and out of the Framework. To the extent the data subject is represented by an agent, this service comprises the interface to the agent.
Interaction
Handles redress when a data collection entity is not in conformance with the terms and policies of an agreement and any applicable regulations.Enforcement
Functions as “repository gatekeeper” to ensure that access to PI which is stored by a data collection entity complies with the terms and policies of an agreement and any applicable regulations.
Control
Manages and validates the credentials of any party or process involved in processing of a PI transaction.Certification
Handles the recording and maintenance of events in any service to capture the data that is necessary to ensure compliance with the terms and policies of an agreement and any applicable regulations.
Audit
DescriptionService / Capability
17
Privacy Framework Capabilities
Functions as “processing monitor” to ensure that active use of PI complies with the terms and policies of an agreement and any applicable regulations. Such uses may include transfer, derivation, aggregation, anonymization, linking, and inference of data.
Usage
A software capability that acts on behalf of a data subject or a requestor. The Agent Capability engages with one or more of the other services defined in this Framework. Agent can also refer to the human data subject in the case of a manual process.
Agent
A capability that allows the data subject to both access the individual’s PI that is held by a data collection entity, and to correct or update it as necessary.
Access
DescriptionService / Capability
18
Framework-Related Technologies and Standards
Security Foundation
Usage
Assurance Services
PIContainer
(PIC)
Data Subject Data Requestor
Control
Negotiation
PI, Preferences& PIC Repository
Interaction
Control
Negotiation
Interaction
PIC Repository
Agent Agent
Audit EnforcementCertificationValidation
Legal, Regulatory, & Policy Context
TrustedComputingGroup
Integration & InteroperabilityMicrosoft PassportLiberty Alliance ProjectXNSPSP
APPEL
Security TechnologiesCryptography (PK & Symmetric)Secure Hashing
Privacy Seals• BBBOnline• BetterWeb• E-Safe• Global Trust Alliance• Guardian eCommerce Security• Net-Ethix• Privacy License• Privacy Secure, Inc• PrivacyBot.com• SecureBiz• TRUSTe• WebTrust
• Access• Authentication• Integrity• Non-repudiation• Privacy (Encryption)
Trusted PlatformsSmartcardsSecure Tokens
Negotiation Technologies
Validation ServicesAdult Check ServicesCertificate AuthoritiesCredit Check ServicesAddress Validation Services
Relevant Standards GroupsOASIS (SAML, AVDL, PKI,
WS-Security, XCBF, XRI)W3C (XML*, HTTP, SOAP,
P3P, APPEL, CC/PP)Trusted Computing GroupLiberty Alliance ProjectXNSMany Hardware & Govt Stds
Rights ExpressionLanguages
P3PLicenseScriptFDRMODRLXrML