Application Privacy Monitoring for JDBC
A technology preview providing a Java library for adding privacy policy enforcement to existing Web applications that use JDBC/SQL.
Date Posted: May 20, 2004
|
|
 |
|
|
What is Application Privacy Monitoring for JDBC?
Application Privacy Monitoring for JDBC (APM4JDBC) is a technology preview providing a Java™ library for adding privacy policy enforcement to existing Web applications that use JDBC/SQL.
Privacy monitoring technology in information technology systems is now necessary in order to ensure compliance with stated privacy policies, especially in the customer information management systems in enterprises such as Customer Relationship Management (CRM). Privacy policies allow organizations to control the use of personally identifiable information (PII) according to individual choices. The IBM® Tivoli® Privacy Manager (TPM) provides server support for creating, deploying, and administering privacy policies as well as for checking conformance to policies and for logging auditable data on data accesses. However, applications using TPM must use an agent that is able to intercept each access of PII and interact with a TPM server for auditing and enforcement. This is the function of a privacy monitor.
APM4JDBC is a Java/SQL Privacy Monitoring library for the TPM. APM4JDBC provides privacy monitoring functions for applications running on a WebSphere Application Server and connecting to IBM DB2® by using JDBC. The idea is to wrap the JDBC connection class by adding the privacy monitoring and enforcement functions so that when an application calls JDBC to retrieve PII data, (1) the request SQL is analyzed, (2) a privacy conformance check request is sent to the TPM server to evaluate the privacy policies, and (3) the SQL ResultSet table is modified based on the privacy conformance check results and is returned to the application.
APM4JDBC will also support a results cache mechanism for optimizing conformance checks. This is effective for SQL statements that access the data of several people at one time. This version of APM4JDBC does not record the auditable logs when using a cache.
How does it work?
APM4JDBC works with Web applications running on a WebSphere® Application Server and connecting to IBM DB2 by using JDBC. The parts of the application code that needs to be modified are the JDBC-related class calls. Since APM4JDBC provides a wrapper class for JDBC, the original JDBC class calls are replaced with the wrapper class calls. The wrapper classes have the same interface, so a simple name replacement will work. Some properties files for the settings of APM4JDBC and for the monitored database's schema are needed.
APM4JDBC requires a privacy policy service product that supports definition and enforcement of privacy policies. The product is Tivoli Privacy Manager for e-business 1.2 product. APM4JDBC can use the ContextStore module for the Web application to keep the context information related to the privacy policy conformance check. This is basically built on the technology of PrivacyContext, which is contained in the Declarative Privacy Monitoring. Since ContextStore is optional, APM4JDBC can work without ContextStore.
|
|
|
| | About the technology author(s):
Masayuki Numao is a researcher at the Tokyo Research Laboratory, IBM. He is leading a project on ID and privacy management. His team was involved in the design and development of privacy-protected CRM for a leading customer in Japan. Mr. Numao's past projects include work on XML access control language (XACML), Internet procurement protocol with time-key service, and SET-based credit payment protocol with smartcard authentication.
Yuji Watanbe is a researcher at the Tokyo Research Laboratory, IBM. He is working on enterprise privacy technologies and security management for the distributed ID management. He is the architect and author of the monitor and enforcement code for APM4JDBC.
Madoka Yuriyama is a researcher at the Tokyo Research Laboratory, IBM. She is working on enterprise privacy technologies and security management for the distributed ID management. Ms. Yuriyama is the architect and author of the SQL analysis and provisioning code for APM4JDBC.
Takeo Yoshizawa is a researcher at the Tokyo Research Laboratory, IBM. He is working on enterprise privacy technologies and security management for the distributed ID management. He is the author of the APM4JDBC interface and packaging code.
Calvin Powers is a senior software engineer in IBM's Tivoli Security Systems Division. He is product architect for IBM's Tivoli Privacy Manager and works with IBM Research and IBM Global services on emerging privacy technologies. His past projects include work on secure messaging systems, public key infrastructure, and firewall technologies. Mr. Powers worked with the TRL team from the early stages of the privacy-protected CRM project.
Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
IBM, DB2, Tivoli, and WebSphere are trademarks of IBM Corporation in the United States, other countries, or both.
Other company, product, or service names may be trademarks or service marks of others.
|
|
|
| |
