TIRA: An OpenAPI Extension and Toolbox for GDPR Transparency in RESTful Architectures

Grünewald, Elias; Wille, Paul; Pallas, Frank; Borges, Maria Carolina; Ulbricht, Max-R.

doi:10.1109/eurospw54576.2021.00039

Cited by 17 publications

(7 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Last decade, the [Voigt, 2018] introduces the GDPR, and among other concerns, demands "more comprehensible information to end users" in applicable regions. These demands form the basis of data governance, but require more clarity and precision [Grünewald and Pallas, 2021].…”

Section: Transparency On the Handling Of User Datamentioning

confidence: 99%

Users are the North Star for AI Transparency

Mei¹,

Saxon²,

Chang³

et al. 2023

Preprint

View full text Add to dashboard Cite

Despite widespread calls for transparent artificial intelligence systems, the term is too overburdened with disparate meanings to express precise policy aims or to orient concrete lines of research. Consequently, stakeholders often talk past each other, with policymakers expressing vague demands and practitioners devising solutions that may not address the underlying concerns. Part of why this happens is that a clear ideal of AI transparency goes unsaid in this body of work. We explicitly name such a north star-transparency that is usercentered, user-appropriate, and honest. We conduct a broad literature survey, identifying many clusters of similar conceptions of transparency, tying each back to our north star with analysis of how it furthers or hinders our ideal AI transparency goals. We conclude with a discussion on common threads across all the clusters, to provide clearer common language whereby policymakers, stakeholders, and practitioners can communicate concrete demands and deliver appropriate solutions. We hope for future work on AI transparency that further advances confident, user-beneficial goals and provides clarity to regulators and developers alike.

show abstract

Section: Transparency On the Handling Of User Datamentioning

confidence: 99%

Users are the North Star for AI Transparency

Mei¹,

Saxon²,

Chang³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…When used in proper combination, they may, depending on the type of data, the context, and the party receiving the data, even allow to render data non-personal from the regulatory perspective. At the same time, the practical application of these techniques in real-world Web APIs is -like for other privacy / data protection principles and technologies [12,18] -hindered by a lack of easily adoptable technical solutions that smoothly integrate into established technology stacks and development practices [13].…”

Section: Data-providing Web Apis and Data Minimizationmentioning

confidence: 99%

“…In line with other endeavors of practical privacy engineering (such as [11,12,18]), we formulate a set of functional and non-functional requirements that need to be fulfilled. Functional requirements here refer to the core functionality that needs to be provided while non-functional requirements address the practical applicability in real-world technology stacks and architectures.…”

Section: Requirementsmentioning

confidence: 99%

Configurable Per-Query Data Minimization for Privacy-Compliant Web APIs

Pallas¹,

Hartmann²,

Heinrich³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

The purpose of regulatory data minimization obligations is to limit personal data to the absolute minimum necessary for a given context. Beyond the initial data collection, storage, and processing, data minimization is also required for subsequent data releases, as it is the case when data are provided using query-capable Web APIs. Data-providing Web APIs, however, typically lack sophisticated data minimization features, leaving the task open to manual and all too often missing implementations. In this paper, we address the problem of data minimization for data-providing, query-capable Web APIs. Based on a careful analysis of functional and non-functional requirements, we introduce Janus, an easy-to-use, highly configurable solution for implementing legally compliant data minimization in GraphQL Web APIs. Janus provides a rich set of information reduction functionalities that can be configured for different client roles accessing the API. We present a technical proof-ofconcept along with experimental measurements that indicate reasonable overheads. Janus is thus a practical solution for implementing GraphQL APIs in line with the regulatory principle of data minimization.

show abstract

“…Cloud native architectures, in turn, need a machine-readable representation and additional tooling for processing said transparency information in order to describe the multitude of services in real-time. TILT [25] and TIRA [26], as technical mechanisms, address this issue being explicitly tailored to large-scale cloud native infrastructures, agile development practices, and the legal requirements. Consequently, the proposed policy language and programming toolkit of TILT, and the OpenAPI extension and dashboard of TIRA address transparency, accountability, and lawfulness on many different levels.…”

Section: E Grünewald 3 Dimensions Of Cloud Native Privacy Engineeringmentioning

confidence: 99%

“…For the security dimension one would, e.g., choose the encryption cipher suite. When focusing on transparency, all personal data indicators [26] would be documented (which also streamlines auditability) or manual instrumentation for logging and monitoring tools would be added []. Basically, this phase is crucial for every processing activity.…”

Section: Devprivops: Privacy Engineering In Practicementioning

confidence: 99%

Cloud Native Privacy Engineering through DevPrivOps

Grünewald

2021

Preprint

View full text Add to dashboard Cite

Cloud native information systems engineering enables scalable and resilient service infrastructures for all major online offerings. These are built following agile development practices. At the same time, a growing demand for privacy-friendly services is articulated by societal norms and policy through effective legislative frameworks. In this paper, we identify the conceptual dimensions of cloud native privacy engineering and propose an integrative approach to be addressed in practice to overcome the shortcomings of existing privacy enhancing technologies. Furthermore, we propose a reference software development lifecycle called DevPrivOps to enhance established agile development methods with respect to privacy. Altogether, we show that cloud native privacy engineering advances the state of the art of privacy by design and by default using latest technologies.

show abstract

TIRA: An OpenAPI Extension and Toolbox for GDPR Transparency in RESTful Architectures

Cited by 17 publications

References 22 publications

Users are the North Star for AI Transparency

Users are the North Star for AI Transparency

Configurable Per-Query Data Minimization for Privacy-Compliant Web APIs

Cloud Native Privacy Engineering through DevPrivOps

Contact Info

Product

Resources

About