|
It is necessary to use privacy monitoring technology in information technology
systems adhering to privacy policies. Privacy policies control the use of personally
identifiable information (PII) according to individual choices. Tivoli Privacy
Manager (TPM) provides server support for creating, deploying, and administering
privacy policies as well as checking compliance with policies and logging auditable
data on data access. However, applications using TPM must intercept each access
of PII and interact with the TPM server for auditing and enforcement. This is
the function of privacy monitoring.
JSPM is Java/SQL Privacy Monitoring for TPM. JSPM is a privacy monitor for
the applications running on a WebSphere Application Server and connecting to
IBM DB2 by JDBC. The idea is to wrap JDBC connection class by adding the privacy
monitoring/enforcement functions so that when an application calls JDBC to retrieve
PII data,
| (i) |
first, the request SQL is analyzed, |
| (ii) |
then, a privacy compliance check request is sent to the TPM
server to evaluate privacy policies, |
| (iii) |
finally, SQL ResultSet table is modified based on the compliance check
results, and return to the application. |
JSPM will also support a results cache mechanism to optimize compliance
checking. It is effective for SQL statements accessing multiple people’s
data simultaneously.
|
