Privacy in Service Oriented Architectures SOA Boundary Identity Masking for Enterprises
Sensitive data is increasingly proliferating due to outsourcing, application service provisioning, cloud computing and so on. The control of such data is increasingly crucial for enterprises, because of regulatory scrutiny, data privacy concerns, and so on. One approach to confine storing and processing sensitive data is our Boundary Identity Masking approach 1, in which a key-value token substitution ensures that sensitive data in its clear-text representation is available only within a well-defined boundary. However, the governance of these boundaries and substitution rules is not defined in 1. This paper introduces a model for defining boundaries for sensitive data in the context of an enterprise. Next, the paper describes how to govern data privacy of services given the boundary model and a Service Oriented Architecture (SOA). Furthermore, we describe how the data structures of our Boundary Identity Masking approach are governed at an enterprise level. This addresses the scaling of our approach with respect to a large number of services and many boundaries.
component service oriented architecture data privacy trust data aliasing enterprise architecture
B. Liver R. Di Paolo K. Tice
Credit Suisse Information Technology Zurich, Switzerland
国际会议
上海
英文
204-211
2010-11-10(万方平台首次上网日期,不代表论文的发表时间)