Related papers: TIRA: An OpenAPI Extension and Toolbox for GDPR Transparency in RESTful Architectures

TIRA: An OpenAPI Extension and Toolbox for GDPR Transparency in RESTful Architectures

URL: http://arxiv.org/abs/2106.06001v1
Date: Thu, 10 Jun 2021 18:42:50 GMT
Title: TIRA: An OpenAPI Extension and Toolbox for GDPR Transparency in RESTful Architectures
Authors: Elias Gr\"unewald, Paul Wille, Frank Pallas, Maria C. Borges, Max-R. Ulbricht
Abstract summary: Transparency provides information about what personal data is collected for which purposes, how long it is stored, or to which parties it is transferred. Technical approaches for implementing transparency in practice are, however, only rarely considered. We introduce 1) a transparency-focused extension of OpenAPI specifications that allows individual service descriptions to be enriched with transparency-related annotations in a bottom-up fashion and 2) a set of higher-order tools for aggregating respective information across multiple, interdependent services and for coherently integrating our approach into automated CI/CD-pipelines.
Score: 0.0
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Transparency - the provision of information about what personal data is collected for which purposes, how long it is stored, or to which parties it is transferred - is one of the core privacy principles underlying regulations such as the GDPR. Technical approaches for implementing transparency in practice are, however, only rarely considered. In this paper, we present a novel approach for doing so in current, RESTful application architectures and in line with prevailing agile and DevOps-driven practices. For this purpose, we introduce 1) a transparency-focused extension of OpenAPI specifications that allows individual service descriptions to be enriched with transparency-related annotations in a bottom-up fashion and 2) a set of higher-order tools for aggregating respective information across multiple, interdependent services and for coherently integrating our approach into automated CI/CD-pipelines. Together, these building blocks pave the way for providing transparency information that is more specific and at the same time better reflects the actual implementation givens within complex service architectures than current, overly broad privacy statements.

Related papers

Extending Business Process Management for Regulatory Transparency [0.0]
We bridge the gap between business processes and application systems by providing a plug-in extension to BPMN featuring regulatory transparency information. We leverage process mining techniques to discover and analyze personal data flows in business processes.
arXiv Detail & Related papers (2024-06-14T12:08:34Z)
Hook-in Privacy Techniques for gRPC-based Microservice Communication [0.0]
gRPC is at the heart of modern distributed system architectures. Despite its widespread adoption, gRPC lacks any advanced privacy techniques beyond transport and basic token-based authentication. We propose a novel approach for integrating such advanced privacy techniques into the gRPC framework in a practically viable way.
arXiv Detail & Related papers (2024-04-08T15:18:42Z)
Provable Privacy with Non-Private Pre-Processing [56.770023668379615]
We propose a general framework to evaluate the additional privacy cost incurred by non-private data-dependent pre-processing algorithms. Our framework establishes upper bounds on the overall privacy guarantees by utilising two new technical notions.
arXiv Detail & Related papers (2024-03-19T17:54:49Z)
Transparent Object Tracking with Enhanced Fusion Module [56.403878717170784]
We propose a new tracker architecture that uses our fusion techniques to achieve superior results for transparent object tracking. Our results and the implementation of code will be made publicly available at https://github.com/kalyan05TOTEM.
arXiv Detail & Related papers (2023-09-13T03:52:09Z)
Hawk: DevOps-driven Transparency and Accountability in Cloud Native Systems [0.0]
Transparency is one of the most important principles of modern privacy regulations. Data controllers must provide data subjects with precise information about the collection, processing, storage, and transfer of personal data.
arXiv Detail & Related papers (2023-06-04T22:09:42Z)
Towards Building the Federated GPT: Federated Instruction Tuning [66.7900343035733]
This paper introduces Federated Instruction Tuning (FedIT) as the learning framework for the instruction tuning of large language models (LLMs) We demonstrate that by exploiting the heterogeneous and diverse sets of instructions on the client's end with FedIT, we improved the performance of LLMs compared to centralized training with only limited local instructions.
arXiv Detail & Related papers (2023-05-09T17:42:34Z)
Enabling Versatile Privacy Interfaces Using Machine-Readable Transparency Information [0.0]
We argue that privacy shall incorporate the context of display, personal preferences, and individual competences of data subjects. We provide a general model of how transparency information can be provided from a data controller to data subjects. We show how transparency can be enhanced using machine-readable transparency information and how data controllers can meet respective regulatory obligations.
arXiv Detail & Related papers (2023-02-21T20:40:26Z)
A Data-Centric Framework for Composable NLP Workflows [109.51144493023533]
Empirical natural language processing systems in application domains (e.g., healthcare, finance, education) involve interoperation among multiple components. We establish a unified open-source framework to support fast development of such sophisticated NLP in a composable manner.
arXiv Detail & Related papers (2021-03-02T16:19:44Z)
Dimensions of Transparency in NLP Applications [64.16277166331298]
Broader transparency in descriptions of and communication regarding AI systems is widely considered desirable. Previous work has suggested that a trade-off exists between greater system transparency and user confusion.
arXiv Detail & Related papers (2021-01-02T11:46:17Z)
TILT: A GDPR-Aligned Transparency Information Language and Toolkit for Practical Privacy Engineering [0.0]
TILT is a transparency information language and toolkit designed to represent and process transparency information. We provide a detailed analysis of transparency obligations to identify the required for a formal transparency language. On this basis, we specify our formal language and present a respective, fully implemented toolkit.
arXiv Detail & Related papers (2020-12-18T18:45:04Z)
Petri Nets with Parameterised Data: Modelling and Verification (Extended Version) [67.99023219822564]
We introduce and study an extension of coloured Petri nets, called catalog-nets, providing two key features to capture this type of processes. We show that fresh-value injection is a particularly complex feature to handle, and discuss strategies to tame it.
arXiv Detail & Related papers (2020-06-11T17:26:08Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.