Would we have any interest in standards-related discussion relative to server log data anonymization? See below for some new work starting up on this topic in IETF.
Dave David M. Oliver | david@g <[email protected]>uardianproject.info | http://g <http://olivercoady.com>uardianproject.info | @davidmoliver | +1 970 368 2366 ---------- Forwarded message --------- From: Shivan Kaul Sahib <[email protected]> Date: Mon, Nov 4, 2019 at 5:57 PM Subject: [Pearg] Fwd: New Version Notification for draft-rao-pitfol-00.txt To: <[email protected]> Cc: <[email protected]>, <[email protected]> Hi all, Sandeep Rao from Grab, Ryan Guest from Salesforce and I have been discussing log data classification shortly after Ryan's presentation on log data privacy at the IETF 104 PEARG meeting. This draft is a first attempt at exploring ways in which applications can tag log fields as containing personal information for further anonymization/processing. Sandeep will be presenting this draft at the upcoming IETF Singapore PEARG meeting. ---------- Forwarded message --------- From: <[email protected]> Date: Mon, Nov 4, 2019 at 2:44 PM Subject: New Version Notification for draft-rao-pitfol-00.txt To: Ryan Guest <[email protected]>, Sandeep Rao < [email protected]>, Shivan Sahib <[email protected]> A new version of I-D, draft-rao-pitfol-00.txt has been successfully submitted by Shivan Sahib and posted to the IETF repository. Name: draft-rao-pitfol Revision: 00 Title: Personal Information Tagging for Logs (PITFoL) Document date: 2019-11-04 Group: Individual Submission Pages: 6 URL: https://www.ietf.org/internet-drafts/draft-rao-pitfol-00.txt Status: https://datatracker.ietf.org/doc/draft-rao-pitfol/ Htmlized: https://tools.ietf.org/html/draft-rao-pitfol-00 Htmlized: https://datatracker.ietf.org/doc/html/draft-rao-pitfol Abstract: Software applications typically generate a large amount of log data in the course of their operation in order to help with monitoring, troubleshooting, etc. However, like all data generated and operated upon by software systems, logs can contain information sensitive to users. Personal data identification and anonymization in logs is thus crucial to ensure that no personal data is being inadvertently logged and retained which would make the logging application run afoul of laws around storing private information. This document focuses on exploring mechanisms to specify personal or sensitive data in logs, to enable any server collecting, processing or analyzing logs to identify personal data and thereafter, potentially enforce any redaction. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat -- Pearg mailing list [email protected] https://www.irtf.org/mailman/listinfo/pearg
_______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
