Privacy protection dynamics
The concept of privacy means different things to different entities. More often that not it depends on the context, the preferences of individuals, their relations and current objectives. Therefore to protect privacy you need technology that can adapt to such criteria, whatever it happens to be. Context-awareness is key.
Privacy means controlled disclosure of sensitive information
Privacy is also a paradox. If it simply meant "keeping private", information could be locked away for good in a safe place. Problem solved. However, in reality we have a desire or a need to share sensitive information with others. Not everything with everyone, but some things with a select group at given times. Privacy means enabling secure disclosure of information as much as it means protecting it against unwanted disclosure.
For instance, you want your medical records to be shared with your doctor, your CV with your recruitment officer, financial data with your financial advisor, and so on. The latter must also be shared with your income tax officer, whether you like it or not. But no one should be snooping beyond the scope of their professional relation to you. Thus, privacy depends on relations, preferences and legal constraints that vary over time and jurisdictions.
Privacy cannot be upheld without dynamic access controls
In modern, connected infrastructures any attempt to protect privacy by means of static assignments of access rights is doomed to fail. Who should be granted access to what, when, why and how is subject to constant change. Contextual, preferential and relational factors must be considered in the scope of applicable judicial constraints. Conventional Identity & Access Management concepts are too static and therefore too inadequate to handle this.
Multi-dimensional and fine-grained filtering of sensitive information
Privacy typically concerns composite information objects. The data subject identified with a unique identifier such as a social security number is linked to multiple records. Each record contains different types of sensitive data items, such as financial or medical details. Some items must be filtered out depending on the relation between the current user and the data subject of records accessed, "Since Alice is your client you may see and update her items X and Y but you have no access to item Z, whereas Bob belongs to a case you are reviewing which means you can read item Y but nothing else."
This may be a difficult task even for a dynamic and XACML-based solution. When there are large records sets and items per record, vast numbers of authorization decisions must be made in real-time.
Axiomatics offers unique filtering capabilities for privacy use cases
The XACML standard principally enables dynamic Attribute Based Access Control (ABAC) capable of handling modern privacy concerns. However, it is designed to expect explicit questions that render a PERMIT or DENY response. For the above scenario, authorization enquires for each item generates many questions â€“ "may I see X about Alice, Y about Alice, Z about Alice, X about Bob, Y about Bob?" and so on. The XACML standard comes with a multi-decision profile that to a certain extent caters for such use cases. Yet, it too has some limitations.
This is why Axiomatics offers a patented Reverse Querying technology on top of its XACML authorization engine. The Axiomatics Reverse Query (ARQ) engine enables multi-dimensional filtering of huge data sets based on XACML policies. Rather than asking vast amounts of questions, ARQ processes logical expressions which are used in combination with data set producers for different types of environments.
The result: fine-grained filtering of large data sets to enable secure information sharing aligned with context-aware and dynamic privacy policies.