|
Privacy monitoring technology addresses the need for ensuring that software
in an information technology system adheres to privacy policies. Privacy policies
control the use of personally identifiable information, and can be written to
enforce compliance to external regulations, internal business practices, and
individual choices. Products like Tivoli Privacy Manager provide support for
creating, deploying, and administering privacy policies as well as checking
conformance to policies and logging auditable data on data access. Technology
like the Enterprise Privacy Authorization Language supports expressing complex
privacy policies in machine readable form. However, applications using such
privacy services products must intercept each access of personally identifiable
information and interact with the privacy services for auditing and enforcement.
This is the function of a privacy monitor.
The Declarative Privacy Monitoring technology removes the need for applications
to be "privacy aware". With this technology, Java 2 Enterprise Edition
components can be written without any privacy specific code. Components can
be servlets, Java Server Pages, or Enterprise Java Beans. During application
assembly or deployment, information known to the application and used for privacy
policy management can be specified declaratively in an XML privacy descriptor
file. This includes information on how end user identity is determined, what
business tasks are being performed, and what personally identifiable information
is accessed. This information is used at runtime to intercept methods to web
and ejb components that are associated with the privacy descriptors, and then
interact with privacy services before or after the method execution.
Declarative Privacy Monitoring
can be used with either the Tivoli Privacy Manager for e-Business product,
or a provided Enterprise Privacy Authorization Language enforcement library.
|
