Privacy in Service Oriented Architectures: SOA Boundary Identity Masking for Enterprises
- 1 November 2010
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- p. 204-211
- https://doi.org/10.1109/cec.2010.21
Abstract
Sensitive data is increasingly proliferating due to outsourcing, application service provisioning, cloud computing and so on. The control of such data is increasingly crucial for enterprises, because of regulatory scrutiny, data privacy concerns, and so on. One approach to confine storing and processing sensitive data is our Boundary Identity Masking approach [1], in which a key-value token substitution ensures that sensitive data in its clear-text representation is available only within a well-defined boundary. However, the governance of these boundaries and substitution rules is not defined in [1]. This paper introduces a model for defining boundaries for sensitive data in the context of an enterprise. Next, the paper describes how to govern data privacy of services given the boundary model and a Service Oriented Architecture (SOA). Furthermore, we describe how the data structures of our Boundary Identity Masking approach are governed at an enterprise level. This addresses the scaling of our approach with respect to a large number of services and many boundaries.Keywords
This publication has 6 references indexed in Scilit:
- Privacy-Preserving Sharing of Sensitive InformationIEEE Security & Privacy, 2010
- Privacy-preserving data publishingACM Computing Surveys, 2010
- Computing arbitrary functions of encrypted dataCommunications of the ACM, 2010
- Privacy Application Infrastructure: Confidential Data MaskingPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2009
- Efficient attributes for anonymous credentialsPublished by Association for Computing Machinery (ACM) ,2008
- Credit Suisse: a case study in service orientationPublished by Cambridge University Press (CUP) ,2006