About MYDATA Control Technologies

section header ind2uce

More and more business models require the exchange and processing of business-critical data. The legislator considers personal data to be particularly worthy of protection. MYDATA Control Technologies (short: MYDATA) offers both business partners and citizens more transparency and self-determination in the use of their data. Many existing technologies do not offer a practical solution to these challenges. They only enable simple yes/no decisions (i.e., "allow access" or "deny access") and do not provide enough flexibility for the definition of complex usage control restrictions (e.g., "allow access, but only in anonymized form", "yes, but delete data after 3 days").

mydata flexibility
Figure 1. Flexible decision making and enforcement with MYDATA

MYDATA closes this gap: The data owner can define his individual requirements with regard to data security and privacy, which are then technically enforced by our technology. MYDATA is a software solution for the evaluation, enforcement and management of security and privacy rules. For the technical realization, MYDATA intercepts data flows and offers comprehensive control options. Data in motion can be masked and filtered in fine granular form, for example to make it anonymous. The modular and component-based structure of MYDATA allows a simple integration into existing systems. It provides a highly scalable cloud service for policy evaluation and management, as well as a Software Development Kit for easy integration into your system.

mydata
Figure 2. MYDATA Control Technologies

In the following, you will learn how to integrate and use MYDATA based on our three main product features: Policy Enforcement, Policy Language and Policy Management.

MYDATA Control Enforcement

section header enforcement

MYDATA intercepts events or data flows and enforces a security decision based on policies. This process is highly customizable by different kinds of plugins to provide full flexibility for all use cases.

Event Monitoring and Manipulation

MYDATA monitors and manipulates data usages and requests based on the active rule set. This manipulation is done by so-called "Policy Enforcement Points", which can modify the (Json serialized) data on the fly. Policy Enforcement Points are highly flexible and customizable. Example modifications could be:

  • Removing all customer addresses

  • Anonymizing person names

  • Coarsing GPS locations

  • Adding copyright notice to a text

Execution of Actions

MYDATA executes (compensatory or additional) actions based on the active rule set. This execution is done by so-called "Policy Execution Points", which you can register in our system. Policy Execution Points might for example

  • send E-Mail notifications

  • create log entries

  • trigger a business process

Connecting to External Information Sources

MYDATA integrates all kinds of information sources, e.g., location data, directory information. This execution is done by so-called "Policy Information Points", which you can register in our system. Policy Information Points can, for example be used to

  • check a user role via LDAP

  • check the user’s context (e.g., "traveling" or "in the office")

  • check if the weather is nice in Berlin

MYDATA Control Policies

section header language

The MYDATA policy language is designed to express restrictions on data usage. It is an XML-based language, providing the following features:

  • boolean logic

  • arithmetics

  • temporal information based on an event history

  • policy evaluation based on push (event-triggered) or pull (timer-triggered)

  • connection to external systems for information retrieval (via PIP plugins)

  • enforcement by data modification using JsonPath (via PEP modifier plugins)

  • enforcement by execution of actions (via PXP plugins)

MYDATA Control Management & Evaluation

section header management

There are two ways you can interact with our system: Via a cloud-based user interface, or via a RESTful web API.

User Interface

The user interface mainly offers different overviews on the system state, a comprehensive user management and a powerful policy editor with a lot of specification support.

API

In order to use MYDATA, you can communicate with our services via REST interfaces. We differentiate two main API endpoints:

  • The management endpoint allows you to manage (especially regsiter) plugins, as well as policies.

  • The decision endpoint allows you to evaluate security relevent events, which are the base for the security enforcement.

Resources

section header resources

Our Software Development Kit is provided as Open Source Software under Apache 2 License.