TIRA: An OpenAPI Extension and Toolbox for GDPR Transparency in RESTful Architectures
Gespeichert in:
| Titel: | TIRA: An OpenAPI Extension and Toolbox for GDPR Transparency in RESTful Architectures |
|---|---|
| Autoren: | Elias Grünewald, Max-R. Ulbricht, Paul Wille, Frank Pallas, Maria C. Borges |
| Quelle: | 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). :312-319 |
| Publication Status: | Preprint |
| Verlagsinformationen: | IEEE, 2021. |
| Publikationsjahr: | 2021 |
| Schlagwörter: | FOS: Computer and information sciences, transparency, DevOps, 000 Informatik, Informationswissenschaft, allgemeine Werke::000 Informatik, Wissen, Systeme::000 Informatik, Informationswissenschaft, allgemeine Werke, data protection, Agile, REST, 02 engineering and technology, privacy, Software Engineering (cs.SE), Computer Science - Software Engineering, Computer Science - Computers and Society, Computers and Society (cs.CY), 0202 electrical engineering, electronic engineering, information engineering, OpenAPI, GDPR, privacy engineering |
| Beschreibung: | Transparency – the provision of information about what personal data is collected for which purposes, how long it is stored, or to which parties it is transferred – is one of the core privacy principles underlying regulations such as the GDPR. Technical approaches for implementing transparency in practice are, however, only rarely considered. In this paper, we present a novel approach for doing so in current, RESTful application architectures and in line with prevailing agile and DevOps-driven practices. For this purpose, we introduce 1) a transparency-focused extension of OpenAPI specifications that allows individual service descriptions to be enriched with transparency-related annotations in a bottom-up fashion and 2) a set of higher-order tools for aggregating respective information across multiple, interdependent services and for coherently integrating our approach into automated CI/CD-pipelines. Together, these building blocks pave the way for providing transparency information that is more specific and at the same time better reflects the actual implementation givens within complex service architectures than current, overly broad privacy statements. |
| Publikationsart: | Article Conference object |
| DOI: | 10.1109/eurospw54576.2021.00039 |
| DOI: | 10.14279/depositonce-20467 |
| DOI: | 10.48550/arxiv.2106.06001 |
| Zugangs-URL: | http://arxiv.org/pdf/2106.06001 http://arxiv.org/abs/2106.06001 https://arxiv.org/pdf/2106.06001 https://dblp.uni-trier.de/db/journals/corr/corr2106.html#abs-2106-06001 https://arxiv.org/abs/2106.06001 |
| Rights: | IEEE Copyright arXiv Non-Exclusive Distribution |
| Dokumentencode: | edsair.doi.dedup.....3bd768150c1089f974cf5c4daa15d97a |
| Datenbank: | OpenAIRE |
Nájsť tento článok vo Web of Science | Abstract: | Transparency – the provision of information about what personal data is collected for which purposes, how long it is stored, or to which parties it is transferred – is one of the core privacy principles underlying regulations such as the GDPR. Technical approaches for implementing transparency in practice are, however, only rarely considered. In this paper, we present a novel approach for doing so in current, RESTful application architectures and in line with prevailing agile and DevOps-driven practices. For this purpose, we introduce 1) a transparency-focused extension of OpenAPI specifications that allows individual service descriptions to be enriched with transparency-related annotations in a bottom-up fashion and 2) a set of higher-order tools for aggregating respective information across multiple, interdependent services and for coherently integrating our approach into automated CI/CD-pipelines. Together, these building blocks pave the way for providing transparency information that is more specific and at the same time better reflects the actual implementation givens within complex service architectures than current, overly broad privacy statements. |
|---|---|
| DOI: | 10.1109/eurospw54576.2021.00039 |