Hi all, To cater the requirements related to [1], we are planing to implement a set of utility classes to mange privacy of privacy concerned objects (Eg: User).
All the objects that are with privacy concerned attributes will be wrapped inside a privacy insulator object. Duty of the privacy insulator is to prevent the misuse of privacy related attributes. It will hide the attributes that are related to object's privacy and provide a hash or id as a pseudonym to represent the attribute instead of the real value. Furthermore, classes can be marked as confidential as well. All confidential classes should provide the pseudonym to represent there privacy concerned attribute. So whenever using a confidential object, pseudonym will be used instead of the underlying real value. There will be separate ID manager to map the related ID with the underlying actual value. So wherever the actual value should be needed, (Eg: Display the users username in a UI) ID manager can retrieve it and used. But this should be used only in places where pseudonym can't be used. Please provide your thoughts. [1] [Architecture] GDPR - Pseudonyms For Username *Jayanga Kaushalya* Senior Software Engineer Mobile: +94777860160 WSO2 Inc. | http://wso2.com lean.enterprise.middleware
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
