当前位置: X-MOL 学术arXiv.cs.CY › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
TIRA: An OpenAPI Extension and Toolbox for GDPR Transparency in RESTful Architectures
arXiv - CS - Computers and Society Pub Date : 2021-06-10 , DOI: arxiv-2106.06001
Elias Grünewald, Paul Wille, Frank Pallas, Maria C. Borges, Max-R. Ulbricht

Transparency - the provision of information about what personal data is collected for which purposes, how long it is stored, or to which parties it is transferred - is one of the core privacy principles underlying regulations such as the GDPR. Technical approaches for implementing transparency in practice are, however, only rarely considered. In this paper, we present a novel approach for doing so in current, RESTful application architectures and in line with prevailing agile and DevOps-driven practices. For this purpose, we introduce 1) a transparency-focused extension of OpenAPI specifications that allows individual service descriptions to be enriched with transparency-related annotations in a bottom-up fashion and 2) a set of higher-order tools for aggregating respective information across multiple, interdependent services and for coherently integrating our approach into automated CI/CD-pipelines. Together, these building blocks pave the way for providing transparency information that is more specific and at the same time better reflects the actual implementation givens within complex service architectures than current, overly broad privacy statements.

中文翻译:

TIRA:用于 RESTful 架构中 GDPR 透明度的 OpenAPI 扩展和工具箱

透明度——提供关于收集哪些个人数据用于何种目的、存储多长时间或传输给哪些方的信息——是 GDPR 等法规的核心隐私原则之一。然而,在实践中实施透明度的技术方法很少被考虑。在本文中,我们提出了一种在当前 RESTful 应用程序架构中执行此操作的新方法,并与流行的敏捷和 DevOps 驱动的实践保持一致。为此,我们引入了 1) OpenAPI 规范的以透明度为重点的扩展,允许以自下而上的方式使用与透明度相关的注释来丰富单个服务描述,以及 2) 一组用于聚合各个信息的高阶工具多,相互依赖的服务,并将我们的方法连贯地集成到自动化 CI/CD 管道中。总之,这些构建块为提供更具体的透明度信息铺平了道路,同时比当前过于宽泛的隐私声明更好地反映了复杂服务架构中的实际实现。
更新日期:2021-06-14
down
wechat
bug