Slides van Sampo Kellomäki (CTO Synergetics). Datagebruik via Trustplatform en Privacy by Design.
Gepresenteerd tijdens Privacy, Identity & Security (PIDS) seminar van Almere DataCapital, zie www.almeredatacapital.nl.
Scaling API-first – The story of a global engineering organization
Sampo Kellomäki (Synergetics) @ PIDS seminar
1. Data Usage through Trust Platform and
Privacy by Design
Sampo Kellomäki (sampo@synergetics.be)
Privacy, Identity, and Security Seminar
20. September 2012, Almere
03 September 20, 2012
2. Privacy and Trust as Enablers of Data Use
• End users, patients, have to be considered as stake holders
• Their fears must be addressed for wider data use to be accepted
- Privacy concerns (Dutch public has high awareness)
- There can not be trustworthiness and privacy without security
• Proper job in addressing these in the end saves
- No scandals to manage
- No clean up costs from breaches
- No backlash from half hearted approach
• More equitable society and empowerment of the citizen
c 2012 Sampo Kellomäki: Data Usage - Trust Platform and Privacy by Design 2
3. Privacy, Trust, and Security: Generic Enablers
• Absolutely needed in health care
• Mostly needed in employability and many other areas
• If not needed, at least appreciated in consumer market as well
Ergo
• Common privacy, trust, and security architecture: TAS3
- Slightly over engineered so it meets requirements of all areas
–> No need for separate sector specific architectures
- Share development cost and pool expertise
- Allow different sectors eventually to link to a unified whole
c 2012 Sampo Kellomäki: Data Usage - Trust Platform and Privacy by Design 3
4. 3
TAS Is for Ecosystems
c 2012 Sampo Kellomäki: Data Usage - Trust Platform and Privacy by Design 4
5. 3
What TAS Is
• Horizontal solution
• Wire-interoperable Single Sign-On and Secure Web Services
• Mandatory authorization and base policies (to guarantee mini-
mum level - you get to add your own on top of this)
• Mandatory, partially automated, audit to provide accountability
• Governance model, partner vetting, and connection of technol-
ogy to contract and legal framework
and Is Not
• Your business application and business content stay the same
• Every sector (e.g. health care, employment) still needs to stan-
dardize on the payload carried over TAS3
c 2012 Sampo Kellomäki: Data Usage - Trust Platform and Privacy by Design 5
6. 3
TAS : Research to Real Life
• European Commission FP7 Research Project 2008-2011: 10M euro
• Synergetics productized TAS3, enabling realistic trust networks
- Production quality software
- Resiliency and High Availability solutions
- Scalability
- Cloud proof
• Synergetics has legacy integration solution for TAS3
• Synergetics is expanding TAS3 beyond, towards new ecosystem
needs - end2end Trust Assurance
• Develop Business Case why ecosystems should adopt TAS3
c 2012 Sampo Kellomäki: Data Usage - Trust Platform and Privacy by Design 6
7. 3
TAS Overview
• Privacy preserving
- Pair-wise pseudonyms (avoid correlation)
- Minimal disclosure (data pull model)
- Technically feasible "right to be forgotten" (subscribe to delete)
• Secure Single Sign-On and Web Services
• Authorization framework
- Organizational and framework policies
- Personal sticky policies that go with the data
• Audit - ensure accountability
• User inclusion in authorization and audit
• Trustworthy: TAS3 lives up to the promise through technical and
audit safeguards so you do not have to trust it blindly
- Trust is good, control is better
c 2012 Sampo Kellomäki: Data Usage - Trust Platform and Privacy by Design 7
8. c 2012 Sampo Kellomäki: Data Usage - Trust Platform and Privacy by Design 8
9. c 2012 Sampo Kellomäki: Data Usage - Trust Platform and Privacy by Design 9
10. c 2012 Sampo Kellomäki: Data Usage - Trust Platform and Privacy by Design 10
11. c 2012 Sampo Kellomäki: Data Usage - Trust Platform and Privacy by Design 11
12. Personal Data Store: Give Data Back to the User
• Build on TAS3 and take it to the next level
• New user centric paradigm for data use
• Data is kept in PDS under user control, not in silo systems
- User gains more equitable position in ecosystem as she controls
her data and is in position to release it under policies and for
purposes she chooses
• Not just data but the added value services around it
- Dataless service, running entirely off PDS becomes possible
- All users of an ecosystem are potential customers without reg-
istration
- Gain business insight to population that can not be gleaned
from traditional user database
• PDS is gaining momentum worldwide
- TAS3 based PDS to become interoperable across Europe and US
c 2012 Sampo Kellomäki: Data Usage - Trust Platform and Privacy by Design 12
13. c 2012 Sampo Kellomäki: Data Usage - Trust Platform and Privacy by Design 13
14. Network "Who asks" Persona PDS v04 SK 20100909
Accessible Filter Selector
Metadata Pointers Actual data
Interfaces (4pt PEP) Filter
(original format)
CRUD
Interface ?
RESTful Data
Interface
by me
Trust
Negotiat
Audit Dri Data
about
Search
and ISN
Interface
me
Personal
Query and Personal
PDP
ISN Cache Consent,
Policy and
Obligation
Store
c 2012 Sampo Kellomäki: Data Usage - Trust Platform and Privacy by Design 14
15. Appropriate for Healthcare
• Strong foundation
- Everything encrypted approach
- Authorization and audit trail
- Privacy preservation
• Break-the-glass scenario (emergancy room) handled correctly
• Healthcare Ecosystem
- Hospitals
- Private clinics and Labs
- Research insititutes and Universities
- Pharmaceuticals
- Insurance
• PDS hosts the Personal Health Records
• Analytics and data mining across anonymized populations com-
bining data from the PDSes
c 2012 Sampo Kellomäki: Data Usage - Trust Platform and Privacy by Design 15
16. Appropriate for Employability and Learning
• Strong foundation with pseudonymity
- Avoid discrimination: choose candidate objectively
• Delegation handled correctly - Coaching
• Employability Ecosystem
- Employers and HR
- Educational institutes and life long learning
- Matching and Evaluation services
- Coaching
• PDS holds user’s ePortfolio (kind of electronic résumé)
- PDS stays with the user from job-to-job
• Analytics and data mining across anonymized populations
- Compare yourself to others
- Matching of job offers to applicants
- Skills capital at enterprise, regional, and national level
c 2012 Sampo Kellomäki: Data Usage - Trust Platform and Privacy by Design 16
17. Appropriate for Many Other Sectors
• Horizontal solution
• Strong, standardized foundation is helpful in most places
• Many sectors in fact have natural ecosystems
- An enterprise and its subcontractors form an ecosystem
- Even the departments inside an enterprise are an ecosystem
- Use same technology for intranet and extranet
- Supply chain
- Food traceability and security
• Privacy features designed to protect personal data can also pro-
tect enterprise data
- Share sensitive data without competitors getting insight to your
business
• Ecosystems from different sectors will eventually touch each other
and user can use all of them in a seamless way.
c 2012 Sampo Kellomäki: Data Usage - Trust Platform and Privacy by Design 17
18. Appropriate Even For Personal Use
• You can use PDS for storing any data you choose, even data for
sharing with family and friends
- Data vault: confidence that the data is safe (not lost and with
appropriate controls)
- The access control mechanics that may be familiar from personal
health record or ePortfolio will carry over: no need to learn sep-
arate system
- Much stronger privacy and security than Facebook
• Delegation and invitations facilitate sharing
c 2012 Sampo Kellomäki: Data Usage - Trust Platform and Privacy by Design 18
19. Thank You!
Sampo Kellomäki (sampo@synergetics.be)
+351-918.731.007
skype chat: sampo.kellomaki
c 2012 Sampo Kellomäki: Data Usage - Trust Platform and Privacy by Design 19