Dear Slim, After a quick scan of the latest version you made available on the FI-WARE Private wiki I'm tempted to say you addressed from your side most of the comments issued by Juanjo on Data Handling GE. In the meantime there might some comments or suggestions that Juanjo would have like to be addressed (e.g. "I would also suggest to elaborate on the following concepts: PPL and PPI, PPL Privacy Tuner tool", "It would be nice to describe what PPL stands for, the first time this acronym is used" ...) So for me the description is good enough to be published and after the review I did perform (apologize I couldn't have it done before since on vacation last week) I will wrote in email to Juanjo in that sense. In the meantime if you could just check/review from your side if there is no remaining comments/suggestions from Juanjo's to be addressed as the above it can help to close the work from your side. As for Optional Security enablers descriptions I do think his claim was that they were not compliant with the Table of content suggested and used by each of our GEs (also some diagrams were not FMC conformant). This is also something which could be improved with support of INRIA and Thales (TAI) who owns those enablers. Hope I have answered and clarified. Thanks in advance for your final check and polish. Hearing from you and best regards, Pascal PS: For your convenience here are the comments got from Juanjo (you mostly addressed). 1.5. Data Handling GE I would review writing of the example scenario. Some comments (part of them editorial, but I have decided to compile all them together here): • First bullet, I guess that explaining that the Clique social network has been developed within the PrimeLife project doesn't add any value. • Also first bullet, we introduce the role of "Data Controller" ... I guess it would be nice to introduce the concept of "Data Controller" someway in the paragraph of the Description section (section previous to the example). Would it match the backend part of the "Data Handling GE" ? • Third bullet: o you refer to the "PrimeLife Privacy Tuner" ... is that a tool linked to the Data Handling GE ? If so, I would use the term "Data Handling Privacy Tuner" instead. Would "PPL Privacy Tuner" work, given the fact that use the term "PPP Privacy Engine" in the fourth bullet ? o you say: "This tuner is a graphical tool used to edit Privacy preferences in PPL language defined in the deliverable" ... is the usage of the term "deliverable" appropiate here or is it the result of copying&pasting from some document in the PrimeLife project ? o my understanding is that one of the things Alice would be able to configure using the Privacy Tuner would be what domain would be allowed to access data ... (or what rules will determine whether a domain would be allowed to access data). If this is correct, I would mention it to establish a better link with what is being said in the fourth bullet. This would make the example easier to follow. • Fourth bullet: o where is the PPL Privacy Engine running ? My understanding is that it runs on Alice's machine but if so, please say it explicitly. o simply editorial: should be "Alice's machine" instead of "Alice machine". o you say: "the engine will enforce the access control rules related to the requested data". If I understand it right, these access control rules would refer to rules setup by Alice using the Privacy Tuner ... If this is correct, I would mention it. Something like: " the engine will enforce the access control rules related to the requested data that were programmed by Alice using the PPL Privacy Tuner" o you say: " If the domain is allowed to access this data the engine match the privacy policy of the website with the preferences of Alice" ... where are the preferences of Alice configured ? My understanding is that it is also through the Privacy Tuner. If this is correct, I would mention it. Something like: "If the domain is allowed to access this data the engine match the privacy policy of the website with the preferences of Alice, also configured through the PPL Privacy Tuner" • Fifth bullet ... It is said: "Alice has the possibility to decide if she accepts or refuses to send her data". If my understanding is correct, it should not only be that. She should also be able to validate the privacy policy of the website (i.e., which data would be sent and what will it be exclusively used for). If so, I would mention it explicitly. • Sixth bullet ... I believe it would be nice to explain where both the sticky policy and Alice's data will be stored. You refer to "the server" but ... what is that server ? Will it be in the server where the backend of the Data Handling GE is running ? If so, mention it explictly. It would be worth mentioning, btw, maybe not in this bullet but somewhere, where can such Data Handling GE backend be running. Does it necessarely have to be collocated in the backend of the Clique portal ? Could be somewhere else, providing its functionality "as a Service" ? If it may go somewhere else, provided "as a Service", then I would explain this is a possibility. • Eight bullet ... (just editorial) You say: " The policy engine of clique.primelife.eu will match the privacy policy of travel.example.com with the sticky policy related to the e-mail of Alice (step 8), and will check if the sticky policy allows to forward for the purpose of statistics for example" ... I guess it would be better to say "... (step 8), checking if the sticky policy allows to forward Alice's e-mail address for the purpose of statistics, for example." • About what we describe in the last bullet ... how it is prevented that the travel agency doesn't make a wrong usage of Alice's data ? Could it be someway ? If so, it would be worth explaining ... There is no section on "Basic Concepts". Probably it would make sense to translate some of the content in the Appendix here (if you decide to move everything, just the reference would be kept at the end). I would also suggest to elaborate on the following concepts: • PPL and PPI • PPL Privacy Tuner tool Figure on Architecture should be adapted to follow FMC notation. On the other hand, it would be nice to illustrate there: • What is the role of the Privacy Tuner ? Please try to illustrate it • Is the left big grey box a description of the architecture linked to the "PPL Privacy Engine" ? If so, name it accordingly. Otherwise ... what components would be linked to the PPL Privacy Engine ? Main interactions after the Architecture figure: • You describe interactions in terms of operations described in some sort of description of a RESTful binding. This doesn't follow the reference example provided as guidelines. As a result, it is too austere and doesn't elaborate on who invokes an operation, for example. Sequence diagrams would be useful. • The suggested structure for the "Main Interactions" section is fine though: o Data subject side: Managing PII Managing Preference Groups o Data controller side: Uploading resource data and policy Uploading PII PII downstream usage request for a single PII 1.6 Optional Security Enablers: I understand the Architecture Description of these enablers, and particularly adaption to published guidelines, is under way. Therefore, I will wait until they are more elaborated. 2.2 Data Handling GE • I may be wrong but it seems to me like there is something missing or wrong (from an editorial point of view) in the following sentence: "It supports integrated data handling, in particular through two-sided detailed data handling, that takes into account specific preferences/policies expressed using the PPL language, based on XACML". • It would be nice to describe what PPL stands for, the first time this acronym is used. Same for PII. -----Message d'origine----- De : TRABELSI, Slim [mailto:slim.trabelsi at sap.com] Envoyé : lundi 5 mars 2012 15:21 À : BISSON Pascal; Seidl, Robert (NSN - DE/Munich); gabor.marton at nsn.com; norbert.goetze at nsn.com; DI CERBO, Francesco; GASPARD Lucie; Alexandre Boeglin; osb at zurich.ibm.com; anj at zurich.ibm.com; antonio.garcia at atosorigin.com; Antonio Garcia Vazquez; LELEU Philippe; Wolfgang.Steigerwald at telekom.de Cc : GIDOIN Daniel; Pedro Soria Rodriguez; fiware-security at lists.fi-ware.eu Objet : RE: FI-WARE Security - Outcomes of today's audio with CA regarding Security AT contrib to D2.3 (some work needed) Hi Pascal, On the Data Handling GE we made the modifications according to Juanjo's comments. What kind of modifications are expected ? I really do not undestand this decision ! Please can you explain give us more details about this ? thank you best Slim ________________________________ From: BISSON Pascal [pascal.bisson at thalesgroup.com] Sent: Monday, March 05, 2012 3:11 PM To: Seidl, Robert (NSN - DE/Munich); gabor.marton at nsn.com; norbert.goetze at nsn.com; TRABELSI, Slim; DI CERBO, Francesco; GASPARD Lucie; Alexandre Boeglin; osb at zurich.ibm.com; anj at zurich.ibm.com; antonio.garcia at atosorigin.com; Antonio Garcia Vazquez; LELEU Philippe; Wolfgang.Steigerwald at telekom.de Cc: GIDOIN Daniel; BISSON Pascal; Pedro Soria Rodriguez; fiware-security at lists.fi-ware.eu Subject: FI-WARE Security - Outcomes of today's audio with CA regarding Security AT contrib to D2.3 (some work needed) Dear Task leads/GE owners, This just to let you know that this morning I had an audio conference with Juanjo were discussed the readiness of our GEs description for publication in the context of D2.3 and according to latest version available on FI-WARE Private wiki (https://forge.fi-ware.eu/plugins/mediawiki/wiki/fi-ware-private/index.php/FiwareDeliverableD2.3) aka the place where we are supposed to upload our GE description from our FI-WARE Security Private Wiki. Here are what we discussed and agreed: * We will proceed with publishing the contents linked to the Security Monitoring GE because despite some additional comments may come after a second review, it's worth publishing the current contents and we can deal with new comments by end of March (but without the pressure of delivery dates) * We will proceed with publishing the contents linked to the Identity Management GE provided that the owner commits to translate the figures to FMC format by end of this week. As with the previous case, despite some additional comments may come after a second review, it's worth publishing the current contents and we can deal with new comments by end of March (but without the pressure of delivery dates) * We will publish the Privacy GE * We won't publish the rest pending on response regarding how the comments initially provided by Juanjo were addressed (please refer here to email I forwarded you from Juanjo - 21 février 2012 05:07 - on the topic ). Apparently, comments were not addressed for some of the GEs, if not all, and even the history of the Wiki pages reflect that. In order not to delay any longer the publishing of our Security Chapter contrib. to D2.3 I will ask: o Antonio as to check and address Juanjo’s comments on Context-based security and compliance comments this no later than by tomorrow EOB, o Same for Slim or Francesco regarding Data Handling GE although after a quick scan I noticed they had already implemented a number of Juanjo’s comments. o Slim/Francesco, Alexandre, Philippe/Lucie to do the same for what concerns Optional Security GEs Please Antonio, Slim/Francesco, Alexandre, Philippe/Lucie please acknowledge receipt of this email and confirm you would be addressing comments according the set deadline (i.e. by tomorrow EOB at the latest – hope earlier - let me know once done) to close our work on D2.3 and have our specifications be published also redirect our effort on our Security contrib. to D2.4. Hearing from you, Best Regards, Pascal PS: Don’t forget to stick to suggested table of content if not done already and follow instructions provided at https://forge.fi-ware.eu/plugins/mediawiki/wiki/fi-ware-private/index.php/Instructions_on_how_to_develop_FI-WARE_Chapter_Architecture_Descriptions PS2: As announced will call for an audio conference tomorrow. Will provide you with details in a separate email.
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy