opengdpr / opendsr Goto Github PK
View Code? Open in Web Editor NEWA common framework enabling companies to work together to protect consumers' privacy and data rights.
Home Page: https://www.opengdpr.org
License: Other
A common framework enabling companies to work together to protect consumers' privacy and data rights.
Home Page: https://www.opengdpr.org
License: Other
Interesting proposal. One thing that isn't clear (sorry if I missed it) is how the processor can communicate the host that serve the endpoints (/discovery, etc) it has provide. From the example, all Host HTTP request headers are for what appear to be the root domain of the processor, but that may not be the best place to expose subject request workflows.
Take a processor that has a public-facing website at example.com. They may have a separate domain for measurement collection, say example-analytics.com (Google Analytics does this). It would make sense for some processors to have a separate host, say subjectrequests.example-analytics.com, to expose the API.
The question then becomes is how to communicate this. I suggest using the /.well-known/ path on example-analytics.com (and possibly also example.com) to communicate this. See RFC5785 for the details, and the DNT spec for an example of how it can work.
The definition of data subject seems to be too narrow. It is supposed to be an individual, identified or identifiable (etc). This could be for instance a resident outside of Europe whose data is processed by any entity upstream based in Europe (the controller or any data processor along the chain).
Hi,
we are currently in pre-decision process and we might use the OpenGDPR specification.
I got one question: Are there reasons for not providing an GET endpoint on /opengdpr_requests/?
Besides the authentication issue. You somehow need to make sure that the request has the right to see the response.
If there no reasons against it, I would add it to the specification and create a PR for it.
At the moment the spec only says that data controllers mustn't log or store the encoded_request value. Presumably it must serve some purpose, otherwise it wouldn't be included in the API - but what purpose does it have?
First, a big initiative to start a community-maintained GDPR management project! Transparency by design.
Is there any plan to make a simple service - a Dockerfile (and image), a Postman collection - available to show how the OpenGDPR workflow proposition works, here at repository?
It is foreseeable that processors will encounter some scenarios where because of an administrative or technical reason it is unable to fulfill a request.
There are currently only four states a request can be in:
Would it be reasonable to add unsatisfiable
and failed
to this list?
Are there any guide lines for fair use of the OpenGDPR logo?
Thank you!
Looks like this project may be obsolete. Is that true?
I'd like to pick up some of the work done in the OpenDSR specification at the very least - which doesnt seem to be a problem given its Apache - but I'm curious if anyone else is working in this space.
I want to gather a group of interested open source developers and MIT Media Lab researchers to do some rapid prototyping with OpenGDPR as part of our GDPR “Sunrise Eve” Hack Day on May 24, 2018. It would be really helpful if someone familiar with this project and codebase could demo or talk through how it works and the roadmap. We can bring you in via hangout or welcome you in person if you are nearby Boston.
Event info at: http://gdprhackday.org/
Let me know if someone can present or if you have any questions at: http://law.mit.edu/contact
Is there a plan to fold in communication over deadlines for responses?
Or is this supposed to be handled purely through SLAs?
{
"subject_request_id":"a7551968-d5d6-44b2-9831-815ac9017798",
"subject_request_type":"erasure",
"submitted_time":"2018-10-02T15:00:00Z",
"subject_identities":[
{
"identity_type":"email",
"identity_value":"[email protected]",
"identity_format":"raw"
}
],
"api_version":"0.1",
"property_id":"123456",
"status_callback_urls":[
"https://example controller.com/opengdpr_callbacks"
]
}
The request id should be generated by the processor/controller and sent back in the response. The create request itself shouldn't have the request id.
Hello,
How does this work, if the user makes an erasure request on the website of a publisher - who then needs to propagate that request to various partners, however the publisher does not have a mapping of the cookie value / identifier for this user of the partners.
Thanks,
Dennis
Hi --
I wanted to share a server / framework implementation of the OpenGDPR specification in this repository I wrote in the in the Go programming language. Because this standard isn't finalized yet and there are a few issues I need to open related to the spec, it is not 100% compliant with your specifications.
Perhaps we could add a list of libraries / frameworks that implement the standard on the readme? So far I have not found any other existing implementations.
I hope that this library will be helpful to someone looking to build services that are compliant with GDPR.
https://github.com/greencase/go-gdpr
Thanks!
Hi,
Can I get a sample request/response for the /discovery endpoint. Also I'd like to know about the signing of request for other gdpr requests. Are we expecting some HMAC type algo to do this? Is signing mandatory?
Hi,
The spec mentions 3 endpoints: discovery
, status
and requests
(the endpoint to submit a new DSR) . Then there is the callback coming from the data processor to the data controller.
The requests
and status
endpoints both provide a header X-OpenDSR-Signature
in the response. My question are:
What is the purpose of that signature in the response of these 2 endpoints? Is it about accountability/auditing purposes?
Should the controller validate those signatures (the same way it should validate the signature in the callback)? This is unclear in the spec as far as I am aware.
Thank you!
The create request api accepts array of _ subject_identities[]_. Is there any limit specified for no. of records?
Hi --
I want to clarify the expected process for generating a response signature is and ensure I understand it correctly. To illustrate I've included some Go code from the library I am writing.
package main
import (
"encoding/json"
"fmt"
"time"
"github.com/greencase/go-gdpr"
)
func main() {
// A new OpenGDPR request
request := &gdpr.Request{
ApiVersion: gdpr.ApiVersion,
SubjectRequestId: "request-1234",
SubjectRequestType: gdpr.SUBJECT_ERASURE,
SubmittedTime: time.Now(),
SubjectIdentities: []gdpr.Identity{
gdpr.Identity{
Type: gdpr.IDENTITY_EMAIL,
Format: gdpr.FORMAT_RAW,
Value: "[email protected]",
},
},
StatusCallbackUrls: []string{
"http://controller.com/opengdpr_callbacks",
},
}
// Create a new response based on the request
response := &gdpr.Response{
SubjectRequestId: "request-1234",
ControllerId: "controller-1234",
ReceivedTime: time.Now(),
ExpectedCompletionTime: time.Now().Add(5 * time.Minute),
EncodedRequest: request.Base64(), // <-- JSON encoded body of the request encoded as base64
}
// Encode the response as JSON bytes
responseBody, _ := json.Marshal(response)
// Generate a new Signer from a private key file.
signer := gdpr.MustNewSigner(&gdpr.KeyOptions{KeyPath: "./key.pem"})
// Generate a new signature based on the private key
signature, _ := signer.Sign(responseBody)
fmt.Println(signature)
fmt.Println(string(responseBody))
// Verify the JSON responseBody matches the signature
verifier := gdpr.MustNewVerifier(&gdpr.KeyOptions{KeyPath: "./cert.pem"})
err := verifier.Verify(responseBody, signature)
fmt.Println(err == nil)
}
The program above will generate the following output:
go run main.go
NahB+ejBv5gCKtoa27D2uWKTsBs00WHhCSVeDD0rGhP8IfKZCaLZJj0UaKB0zIRZ00JcKpTt5+4z6buKkgHAKNgCmKuaW6CSixraMKhKP3kFW9gKzzF7D6LM34UjvhR2NtUBdnU03SU2C1s2yc2sGfi/PNVJukvRb6i1pHrTKaw=
{
"controller_id": "controller-1234",
"expected_completion_time": "2018-05-30T18:18:59.67344807+01:00",
"received_time": "2018-05-30T18:13:59.673447987+01:00",
"encoded_request": "eyJzdWJqZWN0X3JlcXVlc3RfaWQiOiJyZXF1ZXN0LTEyMzQiLCJzdWJqZWN0X3JlcXVlc3RfdHlwZSI6ImVyYXN1cmUiLCJzdWJtaXR0ZWRfdGltZSI6IjIwMTgtMDUtMzBUMTg6MTM6NTkuNjczNDQ3NDQ0KzAxOjAwIiwiYXBpX3ZlcnNpb24iOiIwLjEiLCJzdGF0dXNfY2FsbGJhY2tfdXJscyI6WyJodHRwOi8vY29udHJvbGxlci5jb20vb3BlbmdkcHJfY2FsbGJhY2tzIl0sInN1YmplY3RfaWRlbnRpdGllcyI6W3siaWRlbnRpdHlfdHlwZSI6ImVtYWlsIiwiaWRlbnRpdHlfZm9ybWF0IjoicmF3IiwiaWRlbnRpdHlfdmFsdWUiOiJ1c2VyQGRvbWFpbi5jb20ifV0sImV4dGVuc2lvbnMiOm51bGx9",
"subject_request_id": "request-1234"
}
true
My understanding is that the signature is expected (the first line of output) is intended to be placed in the X-OpenGDPR-Signature
header on each response from the processor. The section on response properties mentions a processor_signature
field but the example doesn't include it and only shows the header.
The specification links to a DSS document which includes several types signature algos (DSA,RSA, & ECDSA), should implementations support ALL of these or is just one (RSA) sufficient? The spec seems fairly vague here.
Thank you!
Is there a goal of this project to also address joint controller situations?
It would be nice to add a (generic) processor_id
field as a new Identity Type Key. Almost every mobile SDK I'm familiar with generates an UID when the SDK is first initialized / app installed. Sometimes the Controller stores this Identifier in its own database 1. to handle logged-out users 2. to avoid sending an internal logged-in user Identifier (controller_customer_id
) to its vendor.
We at Batch.com have a generated Installation ID. It's an anonymous Identifier, not shared with other apps or devices but still, the Controller could attach user attributes / properties that contains PPI (eg: user's name) and we should be able to handle GDPR requests with that ID as the entry point.
I lookup OpenGDPR founding vendors API references and found similar Identifiers:
Note : I had a similar thought about other Identifiers like the APNS push token or FCM/GCM registration ID but I don't know if it should be considered as an Identity key / entry point.
I do not know the industry well enough, so this is a question.
Is there a risk of violating data minimisation principles here?
How can the n-th actor in the chain know that they should pass some subset of identities and only those to the (n+1)-th actor? Should this involve a conversation with that next processor? Will this depend on the particular n-th -- (n+1)th pair?
Hey all,
I noticed that the README.md says that it is possible to send a property named property_id on the request POST /opengdpr_requests
, but when looking at OpenGDPR_specification.md it is not documented there.
Both files were changes 14 days ago. Which one contains the correct form ?
Hey,
This is a great spec - I am wondering if there are any expansion plans? I would love to see this implemented by a lot of companies so that the data subject request process is as smooth as possible.
Andrew.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.