Term Meaning

Access Control

Access control is the selective restriction of access to resource (cf. Wikipedia). This resource can be, for example, a physical place or a digital data file. Note that access control decisions are typically binary, i.e., access is granted or denied.


An action labels a certain type of information or control flow in a system (e.g., "open-file", "delete-file", or "create-screenshot"). Abstract actions manifest in concrete events (e.g., "'delete-file' readme.txt at 12.03.2018 3:32pm"). For more details, please refer to our language documentation.


MY DATA Control Technologies supports multiple tenants (typically companies). The basic separation of tenants is implemented on the level of affiliations. So, if two tenant have MY DATA Control Technologies accounts, each of them will be treated as separate affiliations and not see any data of the other tenant.


An anonymization removes personally identifiable information from a data set in an irreversible way. Anonymization is one special type of modification (cf. Wikipedia).

Authorization Decision

The decision the decision service makes with respect to an event occurrence based on the deployed policies. An decision is enforced by the PEP (cf. our language documentation) that intercepted the event. An authorization decision forces an event to be allowed, inhibited, or modified.


Application Programming Interface (cf. Wikipedia)

API Token

A key that deals as an authentication credential to use a REST API protected by oAuth (cf. the oAuth documentation)


Term Meaning


Cardinal aspects inside the conditions of mechanisms (as part of a policies) allow the enforcement of usage rights based on the number of uses in the past. It enables you to specify policies like "Movie 'The Incredibles' must be watched at most 3 times."). Cardinal aspects can be combined with temporal aspects to restrict the number of uses within time frames. An example would be: “Only 30 songs may be streamed within 24 hours with free account.”


A boolean expression that is part of a mechanism within a policy (cf. our language documentation). The fulfillment is the baseline for the enforcement of an Authorization Decision.


Components are PEPs, PXPs, or PIPs that can be registered in a solution of MY DATA Control Technologies.


Term Meaning

Data Types

See our language documentation for a list of supported data types.


Synonym for Authorization Decision.

Decision Enforcer

The decision enforcer is the main component of a PEP that takes an authorization decision and enforces it by means of modification or inhibition of a certain event. Our default decision enforcer works with JsonPath - however you can extend or replace this default implementation.

Decision Service

The decision service is the rule engine (Policy Decision Point PDP) that evaluates the policies based on an event coming from a PEP. The decision services produces one authorization decision per incoming event and may trigger execute actions in addition.


Term Meaning

End Point

A method of a REST API.


An event is an occurance of an action intercepted or monitored by a PEP. It is the tiggering part for the ECA Scheme - the underlying schema of our policies.

An event consists of an action ID which defines the type of the event (e.g., "open-file"), the concrete timestamp the event occurred and a key-value list of event attributes.


The underlying schema of our policies (cf. our language documentation)

Event History

A database of historic events processed by the decision engine (cf. our language documentation). Each event that is relevant for the evaluation of time-based or cardinality-based conditions within mechanisms is stored in the event history for future policy evaluations. For privacy reasons, all attribute values are hashed.

Execute Action

An execute action is a system action triggered by the PDPdecision service through a policy evaluation and executed by a Policy Execution Point.


Term Meaning


Filtering is one special type of modification, where particular data is removed from an event.


Functions represent mappings from input to output variables and are referenced by operators in our policies. Functions can simple boolean functions (like and, or, not), arithmetic functions (like plus, minus) and others (like count, valueChanged). Learn more here.


Term Meaning

Information / Data flow

Data flow talks about the instances and flows of a certain data item inside a system and within systems. For MY DATA Control Technologies, data flow tracking is particularly relevant, as security requirements (implemented by policies) are typically not defined on data (e.g., Invoices), rather than on concrete instances (Invoice_CustomerA_July.pdf). As one particular data item might be stored in different instances (e.g., files, screens), this flow between instances need to be tracked in order to achieve a comprehensive protection of the data.


If an event is inhibited, the PEP prevents the further execution of the event (e.g., access is denied, data flow is stopped). An inhibition is decided by the decision service based on the active policies and communicated to the PEP within an authorization decision.


Ican see the event including its attributes and has the ability to prevent or modify its further flow. This means that monitored events can be allowed, inhibited and modified a PEP based on a policy evaluation of the decision service.


Term Meaning


JsonPath is one of the basic technologies we are using to implement the modifications inside a PEP. It is a tool for analyzing, transforming and selectively extracting data from Json documents. Please refer to the JsonPath project site for the full documentation.


Term Meaning


Masking is one special type of modification (cf. Wikipedia). When data is masked, parts of the data (e.g., one or more attributes of an event) are modified. An example for a data masking is the replacement of the middle digits of an IBAN (“DE786709XXXXXXXXXX4525”).

Management Service

Our management service provides a web-based user interface for the management of Plugins (PEPs, PXPs, PIPs), policies, users, solutions and affiliations (depending on your role).

Click here for the full documentation.


A mechanism is one ECA rule inside a policy.


An event is basically a named key-value (event attributes) list. For example the event "open-file" might contain the name of the user opening the file, and the file itself. Classical access control only allows binary decisions on the event - i.e., the event can be allowed or inhibited. MY DATA Control Technologies additionally allows the values of the event to be modified. This means that event attributes can be replaced, deleted, or altered. For example, all personal related information must be removed from the file before access is granted (in this case the file is not changed itself, but only the reading data stream).


A modifier is a plugin of a PEP that extends the PEP’s capabilities of the modification of event attributes. Modifiers are registered by the PEP and are than available in the policy specification. Example modifiers are "delete" (delete certain parts of an event) and "replace" (replace certain parts of the event). PEPs can be extended by additional modifiers via plugins.


If an event is monitored (and not intercepted), the PEP can only see the occurrence of an event, but not prevent its further flow. This means that monitored events can only be allowed - a modification or inhibition by a policy is not possible. However, the policy evaluation of a monitored event can enforce the execution of compensating actions in a PXP.


Term Meaning


oAuth 2.0 is a protocol we use for authentication of REST requests to our management service and decision service. Learn more on the oAuth project site and our developer documentation of the management service and decision service.


An operator is a reference to a function inside our policy language.


Term Meaning


The usage of our decision service is limited. You can choose between different pricing models (plans), according to your needs. In particular, the number of request per month is limited (quota). The range goes from 225,000 requests per month (in the "Free" plan) until 7,500,000 requests per month (In the "Gold" plan). If you need more, the "Platinum" plan offers a negotiable pricing.


A policy is a set of mechanisms (rules) that technically implement security requirement(s). They are used to configure our decision service at run-time and are the baseline for the enforcement by PEPs and PXPs. Policies are atomic. This means that a policy can be deployed (all contained mechanisms are active) or revoked (all contained mechanisms are inactive). Our policy format is XML and based on our policy language.

Policy Editor

A policy editor is the user interface for the specification of a policy. MY DATA Control Technologies provides an XML-based policy editor for developers. It supports specification by auto-completion, hints and a beginner mode for novice developers. More information can be found here.

Policy Enforcement Point (PEP)

The PEP is a component which monitors or intercepts events (e.g., a access or usage request to a resource), makes decision requests to the decision service for obtaining decisions and enforces the received decision. In terms of MY DATA Control Technologies, a PEP can allow, inhibit or modify events. PEPs can be dynamically registered and used using our SDK.

Policy Execution Point (PXP)

The PXP is a component that can execute actions based on policy evaluations.. For example, a PXP can be used to send e-mail notifications, write log entries or delete data. In the XACML reference architecture, the PXP is part of the PEP. However, as the type of enforcement and the abstraction layer might significantly differ, we decided to make this explicit. PXPs can be dynamically registered and used using our SDK.

Policy Information Point (PIP)

The PIP is a component that acts as a source of attribute values. This means that the purpose of a PIP is to provide any kind of information that is needed for the policy evaluation - but is not already contained in the event itself. For example, PIPs can be used to connect MY DATA Control Technologies to a directory service in order to check user roles, or to resolve information about the current weather. PIPs can be dynamically registered and used using our SDK.


Term Meaning


The usage of our decision service is limited depending on the plan you have purchased. In particular, the number of request (decisions) per month is limited (quota). If you exceed your quota (i.e., you consumed more requests than you purchased), further request will be blocked (free plan) or charged (payed plans).


Term Meaning

Reactive (Rx) PEP

A PEP implementing the reactive programming paradigm - i.e., working asynchronously.


Representational State Transfer (cf. Wikipedia)


Our management service supports three kinds of user roles that regulate their permissions.

Solution Developer: A Solution Developer only has access to the solutions he has been assigned to by an administrator. He has access to the dashboard, components and policies of assigned solutions.

Affiliation Administrator: An Affiliation Adminstrator has access to all solutions of his affiliation. He thus has access to the dashboard, components and policies of all solutions of his affiliation. Additionally, he can create and assign users for his affiliation. This role fully subsumes the Solution Developer.

MY DATA Control Technologies Administrator: A MY DATA Control Technologies Administrator has all read and write access to all affiliations, solutions and users. If hosted on premise, the MY DATA Control Technologies Administrator is the central administrator of the overall MY DATA Control Technologies system. This role fully subsumes the Affiliation Administrator and Solution Developer.

Software Development Kit (SDK)

Our SDK is a set of tools and libraries that allow you to integrate and use MY DATA Control Technologies in your software. Primarily, it includes two Java Libraries - one for plain Java, one for Spring. The SDK allows you to implement PEPs (including the modifiers), PIPs, and PXPs and takes care about the component registration with our service.


Term Meaning


A solution is an application or service of an affiliation that is protected by MY DATA Control Technologies. You register components and specify policies exclusively for one solution. Component and policy identifiers contain a solution identifier.


Term Meaning


Cardinal aspects inside the conditions of mechanisms (as part of a policy) allow the enforcement of usage rights based on past events. It enables you to specify policies like "if event A happened within the last 5 days" or "event B happened every day for the last 5 years").


Policy evaluations may be triggered by two reasons. The first one is the decision request by a PEP after an event interception. The second is the triggering based on a timer. In some use cases, it is necessary to evaluate a policy periodically and independently of an event. In order to do this, you can specify timers that "simulate" an event to a given time based on the cron syntax. These events are treated like "normal" events by PEPs and thus do not break the ECA scheme. Obviously, only execute actions can be enforced in such a policy, but no authorization decision.


Term Meaning

Usage Control

In addition to Access Control, usage control regulates what must (not) happen to data after access has been granted.


A human person using our management service (has one of the defined roles).