section header ind2uce

More and more business models require the exchange and processing of business-critical data. The legislator considers personal data to be particularly worthy of protection. MYDATA Control Technologies (short: MYDATA) offers both business partners and citizens more transparency and self-determination in the use of their data. Many existing technologies do not offer a practical solution to these challenges. They only enable simple yes/no decisions (i.e., "allow access" or "deny access") and do not provide enough flexibility for the definition of complex usage control restrictions (e.g., "allow access, but only in anonymized form", "yes, but delete data after 3 days").

mydata flexibility
Figure 1. Flexible decision making and enforcement with MYDATA

MYDATA closes this gap: The data owner can define his individual requirements with regard to data security and privacy, which are then technically enforced by our technology. MYDATA is a software solution for the evaluation, enforcement and management of security and privacy rules. For the technical realization, MYDATA intercepts data flows and offers comprehensive control options. Data in motion can be masked and filtered in fine granular form, for example to make it anonymous. The modular and component-based structure of MYDATA allows a simple integration into existing systems.

mydata
Figure 2. MYDATA Control Technologies

In the following, you will learn how to integrate and use MYDATA.

Policy Enforcement

section header enforcement

MYDATA intercepts events or data flows and enforces a security decision based on policies. This process is highly customizable by different kinds of plugins to provide full flexibility for all use cases.

Event Monitoring, Filtering and Masking: MYDATA monitors, filters or masks data usages and requests based on the active rule set. This is done by so-called "Policy Enforcement Points", which can modify (Json serialized) data on the fly. Policy Enforcement Points are highly flexible and customizable. Example modifications could be:

  • Removing all customer addresses

  • Anonymizing person names

  • Coarsing GPS locations

  • Adding copyright notice to a text

Execution of Actions: MYDATA executes (compensatory or additional) actions based on the active rule set. This execution is done by so-called "Policy Execution Points", which you can register in our system. Policy Execution Points might for example

  • send E-Mail notifications

  • create log entries

  • trigger a business process

Connecting to External Information Sources: MYDATA integrates all kinds of information sources, e.g., location data, directory information. This execution is done by so-called "Policy Information Points", which you can register in our system. Policy Information Points can, for example be used to

  • check a user role via LDAP

  • check the user’s context (e.g., "traveling" or "in the office")

  • check if the weather is nice in Berlin

Policy Language

section header language

The MYDATA policy language is designed to express restrictions on data usage. It is an XML-based language, providing the following features:

  • boolean logic

  • arithmetics

  • temporal information based on an event history

  • policy evaluation based on push (event-triggered) or pull (timer-triggered)

  • connection to external systems for information retrieval (via PIP plugins)

  • enforcement by data modification using JsonPath (via PEP modifier plugins)

  • enforcement by execution of actions (via PXP plugins)

Central Services

section header management

Depending on the use case, purely local policy evaluation reaches its limits. For these cases, we offer central and highly scalable services for policy evaluation and management that you can easily integrate into your IT infrastructure.

In order to use our central services, you can communicate with our services via REST interfaces.

Resources

section header resources
  • JavaDocs are available for our Core, SDK and Spring SDK.

  • Release notes are available here.

  • Migration Guides are available here.

  • Glossary is available here.