2. Overview
• Background on Policy and Policy Management
Policies
Policy Management
• Some HPL/TSL R&D in the Policy/Policy Management Space
Enterprise Privacy Management with IdM Solutions
Privacy-Aware Access Control
Privacy-Aware Information Lifecycle Management
Identity Capable Platforms (ICP) and Provisioning Services
• Some Future R&D Opportunities in the Policy/Policy Management Space
• W3C Policy Languages Interest Group (PLING)
3. Overview
• Background on Policy and Policy Management
Policies
Policy Management
• Some HPL/TSL R&D in the Policy/Policy Management Space
Enterprise Privacy Management with IdM Solutions
Privacy-Aware Access Control
Privacy-Aware Information Lifecycle Management
Identity Capable Platforms (ICP) and Provisioning Services
• Some Future R&D Opportunities in the Policy/Policy Management Space
• W3C Policy Languages Interest Group (PLING)
4. 4 April 15, 2018
Policy & Policy Management:
A Complex Area …
• Policy and Policy Management are “overloaded” terms
• Many definitions, many areas of impact and perspectives: legislative,
social, business, personal, IT …
Legislative
Social
Policies &
Policy
Mgmt
Business
IT
Personal
…
5. Overview
• Background on Policy and Policy Management
Policies
Policy Management
• Some HPL/TSL R&D in the Policy/Policy Management Space
Enterprise Privacy Management with IdM Solutions
Privacy-Aware Access Control
Privacy-Aware Information Lifecycle Management
Identity Capable Platforms (ICP) and Provisioning Services
• Some Future R&D Opportunities in the Policy/Policy Management Space
• W3C Policy Languages Interest Group (PLING)
6. 6 April 15, 2018
What is a Policy?
“A Policy is a concise, formal statement
of principles which indicate how an Entity
will act in a particulararea of its
interest/operation …”
“A Policy defines a definite goal,
course ormethod of action
to guide and determine present
and future decisions”
“A Policy is a set of rules and constraints
(and exceptions) :
(1) dictating the desired state of one ormore
managed objects
(1) Used to manage and control the changing
and/or
maintaining of the state of managed objects”
ABSTRACTIONLAYERS
Abstract
Legal & Business
Principles
Operational
Goals
Technical
Rules and
Constraints
7. 7 April 15, 2018
Impact of Policies in Enterprises/Orgs
Business Layer
Process Layer
Application/Service Layer
Information/Data Layer
System/Device Layer
NetworkLayer
Legal Layer
Policy
Policy/
Sub-policy
Policy Refinement
Enterprise/Organisation
8. 8 April 15, 2018
Examples of (High-Level) Policies [1/3]
The UKData Protection Act (1998) requires that Personal Data shall:
1. Be processed fairly and lawfully and shall not be processed unless certain conditions are met;
2. Be obtained for a specified and lawful purpose and shall not be processed
in any manner incompatible with that purpose;
3. Be adequate, relevant and not excessive for those purposes;
4. Be accurate and, where necessary, kept up to date;
5. Not be kept for longer than is necessary for that purpose;
6. Be processed in accordance with the data subject’s rights;
7. Be kept secure from unauthorised or unlawful processing and protected
against accidental loss, destruction or damage by using the appropriate
technical and organisational measures;
8. And not be transferred to a country or territory outside the European
Economic Area, unless that country or territory ensures an adequate level
of protection for the rights and freedoms of data subjects in relation to the
processing of personal data.
OtherLegislation: SOX, GLB, HIPAA, COPPA, EU Data Protection Law, etc
9. 9 April 15, 2018
Examples of Policies (Refinement) [2/3]
“Every financial institution has an affirmative and continuing obligation to
respect customerprivacy and protect
the security and confidentiality of customerinformation”
Gramm-Leach-Bliley (GLB) Act
All Critical Systems
Storing Data Need
to be Periodically
Scanned Against
Viruses
All Processes, Applications
and services
need to be auditable
Only People with
Role X
Can Access Data Y
In Data Storage Z
All Critical MS Applications
and Services Must have the
Audit Log Feature Turned-on
Information has
To be retained only
If there are well
Defined reasons &
purposes
All Financial, Personal and
Confidential Information
must be secured
The CEO has the
duty to demonstrate
Organisational
Compliance to GLB
…
Financial Data
must not be
deleted unless
If explicitly
authorised by CFO
10. 10 April 15, 2018
Examples of Policies (Categories) [3/3]
Enterprise Information Lifecycle Management Policies
Availability and
Recovery Time
Policies
Change
Control
Policies
Service Level
Agreements IT Governance
Policies
Security
Policies
11. 11 April 15, 2018
Technical (IT) Policies …
“A Policy is a Set of Rules and Constraints (and exceptions) :
(1) Dictating the desired state of one ormore managed objects
(2) Used to manage and control the changing and/or
maintaining of the state of managed objects”
Targets:
- Business Processes
- Applications, Services
- Information
- Infrastructural Resources
- …
Goals:
Rules & Constraints:
- Permissions
-- Obligations
-- Contextual Actions
- …
Exceptions
12. 12 April 15, 2018
Common Types of IT Policies
IT
Policies
Security
Policies
Entitlement
Management
Policies
Privacy
Policies
Digital Rights
Policies
ILM& Info Flow
Policies
…
Collaboration
Policies
Physical &
Logistic
Policies
13. 13 April 15, 2018
IT Policy Representation
Policy Languages
• Formal representation of Policy Rules, Constraints
and Exceptions
• Reasoning
• Automation of Policy Decisions, Enforcement and Monitoring
Many Standards and/or Proposals
• Security/Access Control: OASIS XACML, Ponder (IC), …
• Privacy: W3C P3P, EPAL, Extended XACML, EU PRIME, …
• Assertions/Rights: OASIS SAML, …
• …
14. Overview
• Background on Policy and Policy Management
Policies
Policy Management
• Some HPL/TSL R&D in the Policy/Policy Management Space
Enterprise Privacy Management with IdM Solutions
Privacy-Aware Access Control
Privacy-Aware Information Lifecycle Management
Identity Capable Platforms (ICP) and Provisioning Services
• Some Future R&D Opportunities in the Policy/Policy Management Space
• W3C Policy Languages Interest Group (PLING)
15. 15 April 15, 2018
Enterprise Policy Management
Regulations, Standards,
Best Practices
Enterprise IT Infrastructure
IT
Alignment
Policy
Enforcement
Policy
Development
Transparency &
Compliance
Monitoring
Reporting
17. 17 April 15, 2018
Policy Management Framework
Policy Enforcement
Point (PEP)
Policy Decision
Point (PDP)
Policy Information
Point (PIP)
Policy RepositoryPolicy Administration
Point (PAP)
Resources
(Data, files,
Apps/Services,
Etc.)
OtherPolicy
Repository
Request to Make
Decisions
Enforcing
Decisions
Policy
Retrieval
Making
Decisions
Policy
Retrieval
Events, Requests orActions
Affecting
Resources
Policy
Definition/
Updates
Authoring &
Administering
Policies
Retrieving
Policy
18. 18 April 15, 2018
Policy Management Frameworks in Enterprises
Business Layer
Process Layer
Application/Service Layer
Information/Data Layer
System/Device Layer
NetworkLayer
Legal Layer
Enterprise/Organisation
PEP PDP
PAP PIP
PEP PDP
PAP PIP
PEP PDP
PAP PIP
PEP PDP
PAP PIP
PEP PDP
PAP PIP
PEP PDP
PAP PIP
19. 19 April 15, 2018
Policy Management for “Information Management
What is Information?
• Documents
• Identity & Personal Data
• (Web) Content
• Multimedia Data
• …
Categories of Information
• Structured (e.g. RDBMS relational data, LDAP objects, etc.)
• Semi-structured (e.g. compliant to XML schema but with variable parts)
• Un-structured (e.g. free text)
20. 20 April 15, 2018
Policies for “Information Management”
Some Relevant Policies
• Security Policies
e.g. Only Person/Role X can Read and Modify Information I
• Privacy Policies
e.g. Data X can only be Accessed for Purpose P under the Explicit Consent
of Data Subject (Owner) U
• Retention/Disposal Policies
e.g. Medical Information X can be disposed after 7 years
• Availability and Retrieval (QoS) Policies
e.g. Information of Type X must always be retrievable and accessible
in not more than T seconds
• Information Flow Policies
e.g. Personal Data generated in EU can only be transferred to EU countries
• …
21. 21 April 15, 2018
Information Lifecycle Management (ILM) provides degrees
of support for the following Information/Data Management
Phases:
Assessment
Data Analysis
Classification
Automation
Review
“Information Lifecycle Management” Scenario
[1/2]
22. 22 April 15, 2018
Policy-driven Information Lifecycle Management (ILM)
Automation Technologies:
ILM Policy
Engine
Search and
Classify
ILM Policy
Audit
Information/
Document
Mover
Secure
Access
Source: “Data Protection and Information Lifecycle Management
Ed. Prentice Hall, Author: Petrocelli”
“Information Lifecycle Management” Scenario
[2/2]
23. 23 April 15, 2018
Role of Policies in other Important Scenarios
• Enterprise Identity and Privacy Management
Management of Identity and Confidential Information
driven by Security and Privacy Policies
• Federated Service Scenarios
Policy-driven Information Flows across boundaries in Federated
Contexts
• Collaborative Scenarios
Policy-driven Content Management
• Management of Confidential Content in Devices
Policy-driven management of Sensitive Information
stored in Devices
• …
24. Overview
• Background on Policy and Policy Management
Policies
Policy Management
• Some HPL/TSL R&D in the Policy/Policy Management Space
Enterprise Privacy Management with IdM Solutions
Privacy-Aware Access Control
Privacy-Aware Information Lifecycle Management
Identity Capable Platforms (ICP) and Provisioning Services
• Some Future R&D Opportunities in the Policy/Policy Management Space
• W3C Policy Languages Interest Group (PLING)
25. Overview
• Background on Policy and Policy Management
Policies
Policy Management
• Some HPL/TSL R&D in the Policy/Policy Management Space
Enterprise Privacy Management with IdM Solutions
Privacy-Aware Access Control
Privacy-Aware Information Lifecycle Management
Identity Capable Platforms (ICP) and Provisioning Services
• Some Future R&D Opportunities in the Policy/Policy Management Space
• W3C Policy Languages Interest Group (PLING)
26. 26 April 15, 2018
Personal
Data
Applications
& Services
PEOPLE
ENTERPRISE
Privacy Legislation
(EU Laws, HIPAA, COPPA,SOX, GLB, Safe Harbour, …)
Customers’
Expectations
Internal
Guidelines
Regulatory Compliance
Customers’
Satisfaction
Positive Impact on
Reputation, Brand,
CustomerRetention
Enterprise: Privacy Management Automation
with Identity Management Solutions
Impact on
Enterprises and
Opportunities
Regulations,
Standards,
Best Practices
Enterprise IT Infrastructure
IT
Alignment
Policy
Enforcement
Policy
Development
Transparency
Monitoring
Reporting
Effective Enterprise
Privacy depends on
Good IT Governance
Practices
27. 27 April 15, 2018
Privacy and Identity Management:
Implications
OutsourcingPartnership
Data +
Policies
Data +
Policies
Data +
Policies
28. 28 April 15, 2018
Individual
Participation
Individual
Participation
OpennessOpenness
Collection
Limitation
Collection
Limitation
Security
Safeguards
Security
Safeguards
Use
Limitation
Use
Limitation
Data
Quality
Data
Quality
Purpose
Specification
Purpose
Specification
Privacy Policies
Privacy For Personal Data: Core Principles
Privacy
OECDPrinciples
Privacy
Rights
Privacy
Permissions
Privacy
Obligations
29. 29 April 15, 2018
Addressed Problems
• How to Automate Privacy Management within
Enterprises:
− How to Automate Privacy-Aware Access Control
− How to Automate Privacy-Aware Information Lifecycle
• How to Do this in a Systematic Way
• How to Leverage Current Identity Management
Solutions
30. 30 April 15, 2018
Enterprise Identity Management: Impacted
Areas
Privacy
Mgmt
Directories Meta- Directories Virtual Directories
Data Repository Components
Authentication Authorization Auditing
Security Components
Provisioning Longevity
Lifecycle Components
Single Sign-On Personalization
Consumable Value Components
Self Service
Management Components
Fed. Mgmt
User
Mgmt
Access
Control
Databases
Privacy-aware
Information
Lifecycle
Management Privacy-Aware
Access Control
31. 31 April 15, 2018
Access
Control
System
ENTERPRISE
Privacy-aware
Information
Lifecycle
Manager
Privacy-aware
Information
Lifecycle
Manager
Privacy-aware
Access
Control
System
Privacy-aware
Access
Control
System
Applications/ Services
Web
Portal
Web
Portal
Data Repositories
Users
Access
Request
To Apps
Privacy
Obligation
Policies
Consent &
Other
Prefs.
Third
Parties
User
Provisioning
& Account
Management
Enterprise
Systems
Employees
Privacy-aware
Queries
Privacy
Admins
Privacy
Policies
IdentityManagement
Middleware
Privacy-aware
Information
Lifecycle
Management
Management:
Systematic Approach
Self-
Registration:
Personal
Data & Privacy
Preferences
DataSettings
PolicyCompliance
CheckingSystem
Events
Federated
IdM
32. Overview
• Background on Policy and Policy Management
Policies
Policy Management
• Some HPL/TSL R&D in the Policy/Policy Management Space
Enterprise Privacy Management with IdM Solutions
Privacy-Aware Access Control
Privacy-Aware Information Lifecycle Management
Identity Capable Platforms (ICP) and Provisioning Services
• Some Future R&D Opportunities in the Policy/Policy Management Space
• W3C Policy Languages Interest Group (PLING)
33. 33 April 15, 2018
Privacy-aware Access Control in Enterprises
Regulations,
Standards,
Best Practices
IT Alignment
Policy Enforcement
Policy Development
Enterprise IT InfrastructurePrivacyPolicyEnforcement
• How to Enforce Privacy Policies within Enterprises when
Accessing and Manipulating Personal Data?
• How to Enforce User Preferences, e.g. Consent?
• How to Integrate with Identity Management Solutions?
HPLabs R&DWork
• Privacy-Aware Access
Control System for
Personal Data
• Prototype Integrated
with HP OpenVIew
Select Access
• Plans to Productise it
in 2008
34. 34 April 15, 2018
It is not just a matter of traditional access control:
need to include data purpose, intent and user’s consent
Moving Towards a “Privacy-Aware” Access Control …
Personal
Data
Requestor Actions
Rights
Access
Control
Traditional Access Control
Access
Control
Privacy Extension
Personal
Data
Purpose
Requestor’s
Intent
Constraints
Requestor
ActionsRights
Owner’s
Consent
Privacy-Aware Access Control
Other…
Privacy Policy Enforcement on Data:
Access Control + “Intent, Purpose, Consent,
…”
35. 35 April 15, 2018
Table T1 with PII Data
and Customers’ Consent
Enterprise Privacy Policies &
Customers’ Consent
If role==“empl.” and intent == “Marketing” Then
Allow Access (T1.Condition,T1.Diagnosis)
& Enforce (Consent)
Else If intent == “Research” Then
Allow Access (T1.Diagnosis)
& Enforce (Consent)
Else Deny Access
2
3
1
ResearchMarketingConsent
x
x x
HIVDrug AddictedRob2
HepatitisContagious Illness
Julie3
CirrhosisAlcoholicAlice1
DiagnosisConditionNameuid
Access Table T1
(SELECT * FROM T1)
Intent = “Marketing”
Privacy Policy
Enforcement
Enforcement: Filter data
Example: Privacy-aware Access Control
Consent, Purpose and Intent Mgmt
SELECT “-”,Condition, Diagnosis
FROMT1, T2
WHERE T1.uid=T2.Consent AND
T2.Marketing=“YES”
T1
T2
HepatitisContagious Illness-3
---2
CirrhosisAlcoholism-1
DiagnosisConditionNameuid
Filtered
data
36. 36 April 15, 2018
Implicit Explicit
Privacy Po licy
De finitio n and Enfo rce m e nt
HPApproach
• Single solution for explicit
management of Privacy Policies
on Heterogeneous Data Repositories
• Privacy Enforcement by Leveraging
and Extending Security/
Access Control Framework and
easy to use management UI
• Does not require major changes
to Applications/Services or
Data Repositories
HP Approach: Adaptive, Integrated and Flexible
Enforcement of Privacy Policies
37. 37 April 15, 2018
• Modeling of Personal data
• Explicit Definition, Authoring and Management
of Privacy Policies
• Extensible Privacy Policies
• Explicit Deployment and Enforcement of Privacy Policies
• Integration with traditional Access Control Systems
• Simplicity of Usage
• Support for Audit
Key Requirements
38. 38 April 15, 2018
Our Model of Privacy-Aware Access Control
Personal Data +
Data Subjects’ Consent
Data Enforcer
Privacy Policy
Enforcement Point
(PEP)
Privacy Policy
Decision
Point (PDP)
Privacy
Policy & Data
Authoring
Tools (PAP)
Requestors,
Applications,
Services,
…
Access Control
+
Privacy Policies
(intent, purpose,
consent,
constraints…)
Data Repositories (RDBMS, LDAP, etc.)
Requestor’s
Intent +
Request to
Access Data
1
Access
Request
2
Privacy-aware
Decision
3
Privacy-aware
Access to Data
4
Accessed
Data
(it could be
a subset of
the Requested
Data)
5
39. 39 April 15, 2018
Web Server
Policy
Builder
Audit
ServerClient
Policy
LDAP
Server
User
LDAP
Server
Internet/
Intranet
Web
Browser
SAML Server
Audit
Record
Repository
Enforcer
Plug-in
Enforcer
Plug-in
Enforcer
Plug-in
Validator
Policy Cache
Cookie
Management
Validator
Policy Cache
Cookie
Management
Validator
Resource
repository
PEP
PDP
PAP
Access Control System: Definition, Enforcement and Auditing of Access Control Policies
HP OpenView Select Access
http://www.openview.hp.com/products/select/
40. 40 April 15, 2018
Validator
(Policy
Decision)
Policy
Builder
AccessControl
Policies
Audit
Policy
Repository
Enforcer
Plug-in
Enforcer
Plug-in
Enforcer
Plug-in
Access Request
Grant/Deny
Web
Services
Personal Data +
Owners’ Consent
Applications,
Services,
…
HPL
Plug-ins
HPL
Plug-ins
+
Privacy Policies
(intent, purpose,
consent,
constraints…)
Data
Modelling
&
Privacy
Policy
Authoring
HPL
Plug-ins
HPL
Plug-ins
Privacy
Policy
Deployment
&
Decisions
Privacy-aware
Access to Data
HPL
Data Enforcer
Requestor’s
Intent +
Request to
Access Data
Privacy-
aware
Decision
Data Access
Privacy- aware
Access Request
Privacy
Policy
Enforcement
On
Personal
Data
Privacy Enforcement in HP OpenView Select Access
41. 41 April 15, 2018
Data Resources Added to Policy Builder
Modelling Data Resources
43. 43 April 15, 2018
Privacy Policy Authoring [2/2]
Checking Intent against Purpose
Define Data Filtering Criteria
Define How to Handle Consent
44. Overview
• Background on Policy and Policy Management
Policies
Policy Management
• Some HPL/TSL R&D in the Policy/Policy Management Space
Enterprise Privacy Management with IdM Solutions
Privacy-Aware Access Control
Privacy-Aware Information Lifecycle Management
Identity Capable Platforms (ICP) and Provisioning Services
• Some Future R&D Opportunities in the Policy/Policy Management Space
• W3C Policy Languages Interest Group (PLING)
45. 45 April 15, 2018
Privacy-Aware Information Lifecycle
Management
HPLabs R&DWork
• Privacy Obligation
Management System
• Prototype Integrated
with HP Select Identity
• Explore its Productisation
• Research in EU PRIME
Project
Regulations,
Standards,
Best Practices
IT Alignment
Policy Enforcement
Policy Development
Enterprise IT Infrastructure
Privacy
ObligationEnforcement
Monitoring
Reporting
Obligation
M
onitoring
Transparency
Privacy Obligations dictate Duties and Expectations to Enterprises on How
to Handle Personal Data. It is about Privacy-aware Info rm atio n Life cycle
Mg m t:
• Which Privacy Obligations to Manage? How to Represent them?
• How to Schedule, Enforce and Monitor Privacy Obligations?
• How to Integrate with Identity Management Solutions?
46. 46 April 15, 2018
Obligations can be very abstract:
“Every financial institution has an affirmative and continuing
obligation to respect customerprivacy and protect
the security and confidentiality of customerinformation”
Gramm-Leach-Bliley Act
More refined Privacy Obligations dictate Duties,
Expectations and Responsibilities on How to Handle
Personal Data:
• Notice Requirements
• Enforcement of opt-in/opt-out options
• Limits on reuse of Information and Information Sharing
• Data Retention limitations …
Privacy Obligation Refinement: Abstract vs. Refined
47. 47 April 15, 2018
• Timeframe (period of validity) of obligations
• Target of an obligation (PII data)
• Events/Contexts that trigger the need to fulfil obligations
• Actions/Tasks/Workflows to be Enforced
• Responsible for enforcing obligations
• Exceptions and special cases
Privacy Obligations: Common Aspects
Example of Privacy Obligation
TARGET:
HIVDrug AddictedRob2
HepatitisContagious Illness
Julie3
CirrhosisAlcoholicAlice1
DiagnosisConditionNameuid
T1
WHEN CurrentTime>Retention-Time
ACTIONS: Notify_User
Delete_data
ON VIOLATION: …
Personal Data
48. 48 April 15, 2018
• Explicit Modeling and Representation of privacy obligations
• (Strong) Association of obligations to data
• Mapping obligations into enforceable actions
• Compliance of refined obligations to high-level policies
• Tracking the evolution of obligation policies
• Dealing with Long-termObligation aspects
• Accountability management and auditing
• Monitoring obligations
• Userinvolvement
• Handling Complexity and Cost of instrumenting Apps and Services
Key Requirements
49. 49 April 15, 2018
Obligation
Management
Framework
Obligations
Scheduling
Obligations
Enforcement
Obligations
Monitoring
Personal
Data (PII)
Data
Subjects
Administrators
ENTERPRISE
Obligation Management System (OMS): Model
Privacy Obligation Policies
Privacy
Preferences
50. 50 April 15, 2018
Obligation IdentifierObligation Identifier
ActionsActions
Additional Metadata
(Future Extensions)
Additional Metadata
(Future Extensions)
Targeted Personal DataTargeted Personal Data
References to stored
PII data
e.g. Database query,
LDAP reference,
Files, etc.
Triggering EventsTriggering Events
One ormore Events
that triggerdifferent
Actions
e.g. Event: Time-based events
Access-based
Context-based
On-Going Events
Actions: Delete, Notify, …
Privacy Obligation
Privacy Obligations: Modelling and
Representation
51. 51 April 15, 2018
Obligation
Server
Obligation
Scheduler
Obligation
Enforcer
Action Adaptors
Workflows
Obligation Monitoring Service
Monitoring Task Handler
Events
Handler
Information
Tracker
Obligation Store
& Versioning
Audit
Server
Confidential Data
Obligation
Data
Ref.
Data
Subjects
Privacy-enabled
Portal
Admins
Admins
ENTERPRISE
Applications and Services
Setting Privacy Obligations
On Personal Data
Enforcing
Privacy
Obligations
Monitoring
Privacy Obligations
OMS: High Level System Architecture
52. 52 April 15, 2018
• Centralised Management of Identities in an Organisation
• Support for Self Registration and User Provisioning
• Account Management and Provisioning across Platforms,
Applications and Corporate Boundaries
HP OpenView Select Identity:
User Provisioning and Account Management
HP
Select Identity
HP
Select Identity
Personal
Data
Data Repositories
Accounts on Systems
Legacy Applications
and Services
Administrators
JCA Connectors
Feedback/Updates
Agents
Agents
Users
Services, Roles, Entitlements Descr.
Provisioning Workflows
Web Service
Admin GUI
http://www.openview.hp.com/products/slctid/index.html
53. 53 April 15, 2018
OMS Integration with HP Select Identity
Explicit Management, Enforcement and Monitoring of Privacy Preferences and
Constraints associated to Personal Data and Digital Identities:
Self Registration
And User Account
Management
HP Select Identity
Self Registration
And User Account
Management
HP Select Identity
Data
Subject
Personal
Data
+
Privacy
Preferences
User Provisioning
Turning privacy
preferences into
Privacy
Obligations
Obligation
Management
System
Obligation
Management
System
Privacy Obligation
Enforcement &
Monitoring
Enterprise
Data Repositories
Connectors
Web Service API
Audit
Logs
54. Overview
• Background on Policy and Policy Management
Policies
Policy Management
• Some HPL/TSL R&D in the Policy/Policy Management Space
Enterprise Privacy Management with IdM Solutions
Privacy-Aware Access Control
Privacy-Aware Information Lifecycle Management
Identity Capable Platforms (ICP) and Provisioning Services
• Some Future R&D Opportunities in the Policy/Policy Management Space
• W3C Policy Languages Interest Group (PLING)
55. 55 April 15, 2018
Identity Capable Platforms (ICP) [1/2]
56. 56 April 15, 2018
Identity Capable Platforms (ICP) [2/2]
• Liberty Alliance Initiative (http://www.projectliberty.org)
• Focus on Federated Identity Management, involving
Identity Providers (IdP) and Service Providers (SPs)
• Aiming at specifying:
− Identity Capable Platforms (ICP) to allow users
to engage in a safe and transparent way
into federated IdM. Store “Identity Tokens” in a
secure and trustworthy environment along with
Policies and Manage them
− Provisioning Services: extend Liberty Alliance
Federated IdM Standards to safely delegate
and provision “Identity Tokens” to ICP
• Technology Pilot: HP/HP Labs, BT, Intel
• Current Status: Full working prototype and
demonstrator (PoCv1) shown at RSA 2007.
Moving towards a PoCv2 and technology trial.
57. 57 April 15, 2018
IdP
Evolution of Liberty Alliance Clients
• Passive Client (Web Browser)
1. User authenticates to IdP over network
2. IdP delivers authentication assertions to
relying parties
• Active Client (Client Application)
1. Client authenticates to IdP over network on
behalf of user
2. IdP delivers authentication assertions to
client
3. Client delivers assertions to relying parties
• Advanced Client (Trusted Module)
1. User authenticates to trusted module
2. Trusted module authenticates user to
relying parties on behalf of IdP
3. Must be provisioned by IdP!
Passive
Client
IdP
SP
Active
Client
IdP
SP
Advanced
Client
SP
1
2
1
2
3
1
2
3
58. 58 April 15, 2018
The Identity Capable Platform (ICP):
basis for Advanced Client
• A trusted environment
− An Identity Manager (IDMgr)
− One or more Manageable Identities
(iMID) e.g. SAML to ke n, 8 0 2. 1 X
wire le ss authe nticatio n to ke ns, VPN
to ke ns, Info Card/CardSpace to ke ns,
O pe nId to ke ns, e tc.
• Full lifecycle support for
Manageable Identities
− Provision, update, delete
− Activate, deactivate
− Serialize/deserialize
− Portability
− Over the wire/air as well as physical
provisioning
• Policy controlled access and
operations
− Which user can access which iMID
− What can be done with each iMID
− Lifecycle management of iMID
Identity Capable Platform
59. 59 April 15, 2018
HP Federated
IdM Services
ICP Provisioning: HP Software/HPL
Contributions
HPL Registration & Provisioning Service used
to provision a new ICPdevice (Based on HP
OpenView Select Federation)
1. User making request from client device is
authenticated by IdP
2. Re g istratio n Se rvice called to create
Pro visio ning Data for user’s device and store it
with Pro visio ning Se rvice
3. Pro visio ning Handle returned to client device
(references Pro visio ning Data stored in
Pro visio ning Se rvice )
4. Provisioning Handle is de-referenced to obtain
Provisioning Data and initialize Advanced Client
Note:
− Advanced Client software could be preinstalled on
device or downloaded on demand
− Registration Application could run on client device
Browser
IdP
1
Prov Hdl
3
Identity
Capable
Platform
Identity
Capable
Platform Provisioning
Service
iMID
Client
Device
Registration
Service
2
4
60. 60 April 15, 2018
Pilot PoCv1: BT / HP / Intel Demo
An e xisting BT custo m e r subscribe s to BT’s WiFi se rvice
fro m a wire d no te bo o k PC in the ir ho m e and the n use s
the instantly pro visio ne d cre de ntials to acce ss BT’s
wire le ss se rvice
Intel-based Client
w/Identity Capable Platform
1. User
Registers
3. Identity
Provisioned
Brow
ser+
Provisioning
Server
Authentication
Server
Registration Server &
Credential Generator
21C21C NetworkNetwork
2. Credentials
created
&
distributed
Identity Capable Platform
•Intel Identity Manager
•Trusted Environment
•Trusted Modules
61. Overview
• Background on Policy and Policy Management
Policies
Policy Management
• Some HPL/TSL R&D in the Policy/Policy Management Space
Enterprise Privacy Management with IdM Solutions
Privacy-Aware Access Control
Privacy-Aware Information Lifecycle Management
Identity Capable Platforms (ICP) and Provisioning Services
• Some Future R&D Opportunities in the Policy/Policy Management Space
• W3C Policy Languages Interest Group (PLING)
62. 62 April 15, 2018
Policy Management: Hard Problems and
Future Research Areas [1/5]
A) Policy Refinement Process
Human vs. Technological approach to Policies and Policy Management
Not Always Policies can be refined to IT Policies/Automated Policies
Business Layer
Process Layer
Application/
Service Layer
Information/
Data Layer
System/
Device Layer
NetworkLayer
Legal Layer
Policy
Policy/
Sub-policy
• How to achieve Policy Refinement
by Balancing Human Processes and
Technologies?
• How to Address this with a right
“blend” of Automation, Decision
Support Systems, Collaboration
Support Tools, Processes, Feedback
Management?
63. 63 April 15, 2018
Policy Management: Hard Problems and
Future Research Areas [2/5]
B) “Federated Policy Management” in Organisations
Too many different types of Policies and Policy Management Frameworks
Too many controls, inconsistencies, misalignment s negative
impact on IT Governance
Business Layer
Process Layer
Application/
Service Layer
Information/
Data Layer
System/
Device Layer
NetworkLayer
Legal Layer
• How to “Federate” various Policy
Management ?
• How to ensure better IT Governance
and compliance to high-level goals?
• How, for example, to achieve this
in a context of Information
Management (so many different
types of Data/Information, managed
with different tools and solutions)?
PEP PDP
PAP PIP
PEP PDP
PAP PIP
PEP PDP
PAP PIP
PEP PDP
PAP PIP
PEP PDP
PAP PIP
64. 64 April 15, 2018
Policy Management: Hard Problems and
Future Research Areas [3/5]
C) Management of “Sticky Policies” forInformation Flow
Information and Data Moves around, within and across organisations.
Associated Policies might be lost during this flow or misinterpreted
• How to Ensure that Policies Stick to
data and can be Enforced?
• How to provide Assurance?
• Need for Standards in terms of
Policies and Policy Frameworks?
• Need for Rich Semantic and
Upfront Negotiation?
Data
Applications
& Services
PEOPLE
ENTERPRISE
Data
Applications
& Services
PEOPLE
ENTERPRISE
Data/Information
+ “Sticky” Policies
65. 65 April 15, 2018
Policy Management: Hard Problems and
Future Research Areas [4/5]
D) Content-aware Access Control in Collaborative
Environments driven by Policies (e.g. Enterprise Web 2.0)
Collaborative content creation and management needs adequate,
fine grained access control.
Associated Policies might be lost during this flow or misinterpreted
• How to deal with fine-grained
access control for semi-structured
and unstructured data?
• How to factor in Enterprise
constraints in terms of
confidentiality?
• How to provide dynamics,
fine-grained views on content?Storage
(docs & policies)
Collaborative
Tool
Injecting
data
Request
access for
entire
document
Request access
for parts of a
document
66. 66 April 15, 2018
Policy Management: Hard Problems and
Future Research Areas [5/5]
E) OtherResearch Areas
• Interoperability between Policy Languages
• Policy Conflict Detection and Resolution
• Policy Violation Detection and Remediation
• Rich Semantic for Policies and “Deep” Reasoning
• …
67. Overview
• Background on Policy and Policy Management
Policies
Policy Management
• Some HPL/TSL R&D in the Policy/Policy Management Space
Enterprise Privacy Management with IdM Solutions
Privacy-Aware Access Control
Privacy-Aware Information Lifecycle Management
Identity Capable Platforms (ICP) and Provisioning Services
• Some Future R&D Opportunities in the Policy/Policy Management Space
• W3C Policy Languages Interest Group (PLING)
68. 68 April 15, 2018
W3C Policy Languages Interest Group
(PLING)
It is a W3C Interest Group on Policies:
http://www.w3.org/Policy/pling/
Scope:
• It is NOT about defining new Policy Languages
Too many languages are already there. How to make sense of them?
• Explore what the main requirements, obstacles and issues are
to have a “joint” deployment of them, to achieve security,
privacy, identity management, obligation management,
compliance, etc.
69. 69 April 15, 2018
W3C Policy Languages Interest Group
(PLING)
It is a W3C Interest Group on Policies:
http://www.w3.org/Policy/pling/
Approach:
• Start from real use-cases and requirements (and issues)
• Discuss about policy approaches, architectures and frameworks
• explore the use of relevant technologies toward
delivering interoperability frameworks for policy languages.
Deliverables:
Discussions, new Requirements and Proposals, Reports and
Workshops. No Language Specifications.
Next Steps:
Start Discussions in mailing list, WWW2008 Panel (proposal)
70. 70 April 15, 2018
W3C Policy Languages Interest Group
(PLING)
It is a W3C Interest Group on Policies:
http://www.w3.org/Policy/pling/
co-Chairs:
• Marco Casassa Mont (HPL)
• Renato Iannella (NICTA, Australia)
Opportunity:
Steer discussions and outcome in the context of policies and
policy management in a way that is relevant to your needs!!!
PLEASE SUBSCRIBE ANDGET INVOLVED
How to Get Involved:
Subscribe to PLING mailing list (http://lists.w3.org/Archives/Public/public-pling/)
71. 71 April 15, 2018
Additional Material
• HPL Projects and Documents on Research on Privacy, Identity Management
and Policy Management (see Projects section):
http://www.hpl.hp.com/personal/mcm/
• My Blogs on “Research on Identity Management”:
http://h20325.www2.hp.com/blogs/mcm
http://research-on-identitymanagement.blogspot.com/
Several deployment models for provisioning advanced clients. This is the one we’ll be showing in the demo, where a browser client is used to provision an advanced client.
Here’s the demo setup:
Intel-based client with Identity Capable Platform
HP provisioning service integrated with BT 21st century network
- Shows how we can combine existing Liberty Protocols and the ID Web Services Framework with HP’s provisioning services and Intel’s Identity capable platforms to remotely provision a customer with new credentials.
- Could use this same process with a wide variety of devices to remotely enable uniform access to many different services on a converged network.