Hi Shan, Along with these detail we save in these tables, we need to keep a mapping > to what each PII category means to WSO2 server.
With our current implementation in Identity Server we maintain a scope-claim mapping in the registry level. For a scope a single or multiple claims can be mapped and we can define any custom or scope or claim. So IIUC here we can map PII category with scope. So indirectly we can map PII category with claims. But at the moment we don't store those scope - claim mapping in our database. So if we are to map PII category with the scopes we need to store the scopes in the db level. Thanks, Hasanthi Dissanayake Software Engineer | WSO2 E: hasan...@wso2.com M :0718407133| http://wso2.com <http://wso2.com/> On Wed, Sep 20, 2017 at 9:09 AM, Pushpalanka Jayawardhana <la...@wso2.com> wrote: > Hi Shan, > > Along with these detail we save in these tables, we need to keep a > mapping to what each PII category means to WSO2 server. > In that case we can think of a PII category as a collection of claims. > > In IS we already have this concept of collection of claims, where we > categorize them into a scope. WSO2 APIM already make use of these scopes to > provide role based access to resources. We can try to make use of scopes in > the place of PII category to establish this mapping with server claims > which are actually PII keys. In the 'PII_CATEGORY' table we can keep track > of this. > > Thanks, > > On Wed, Sep 13, 2017 at 2:45 PM, Shan Jayathilaka <sh...@wso2.com> wrote: > >> There is a new regulation called the EU General Data Protection >> Regulation (GDPR) which replaces the Data Protection Directive 95/46/EC and >> was designed to harmonize data privacy laws across Europe. GDPR was passed >> as a regulation on 27th April 2016 and will be effective from 25th May >> 2018. Regarding to this regulation any organization who is collecting user >> data must collect data according to the user's consent. Also if an user >> request about his/her consents about the user data, the data collecting >> organization must provide those consents regarding to the user. In here we >> have to record what are the consents of the user to a database. I designed >> an [1]ER diagram for the database which collects the user consent. Also I >> attached [2] GDPR Regulation document ,[3] a blog to understand the GDPR >> and [4] Kantara Consent Receipt Management to this email. I hope they will >> be helpful to all. >> >> *Brief explanation about the database tables* >> >> >> - TRANSACTION_DETAILS: Contains details about the consent receipt id >> and user identification. >> >> >> - DATA_CONTROLLER: Contains details about the organization which >> collects the user data. >> - SERVICES: Contains details about the services provided to the user >> data. >> - PURPOSES: Contains details about the purposes to collect the user >> data. >> - THIRD_PARTY: Contains details about the third party organizations >> which take the user data shared by the data controllers. >> - PII_CATEGORY: Contains details about the personally identifiable >> information (pii) categories. >> >> [1] >> project_gdpr_new_erd.png >> <https://mail.google.com/mail/ca/u/1/?ui=2&ik=2b82ec457b&view=att&th=15e7a6f581a803f6&attid=0.1&disp=safe&realattid=f_j7ise0000&zw> >> (140K) >> <https://mail.google.com/mail/ca/u/1/?ui=2&ik=2b82ec457b&view=att&th=15e7a6f581a803f6&attid=0.1&disp=safe&realattid=f_j7ise0000&zw> >> >> [2] >> http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679 >> >> [3] >> https://medium.facilelogin.com/understanding-gdpr-9201e1356418 >> >> [4] >> https://kantarainitiative.org/confluence/display/infosharing >> /Consent+Receipt+Specification?preview=/76447870/90604248/ >> DRAFT%20Recommendation%20Consent%20Receipt%20Specification%201_0_0.docx >> >> Appreciate your feedback. >> >> Regards, >> >> Shan Chathusanda Jayathilaka >> Software Engineer (Intern) >> WSO2 >> >> Mobile : +94702062877 <070%20206%202877> >> Email : sh...@wso2.com >> LinkedIn : www.linkedin.com/in/shanchathusanda/ >> > > > > -- > Pushpalanka. > -- > Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). > Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ > Mobile: +94779716248 > Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/ > pushpalanka/ | Twitter: @pushpalanka > >
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
