MidPrivacy

Goal of midPrivacy project is to develop open source privacy-enhancing identity management solution on top of midPoint.

Identity management systems are fundamentally data management engines. Therefore they are in excellent position to implement data protection and privacy mechanisms. This insight leads to midPrivacy project as an initiative to enhance existing midPoint platform with support for data protection and privacy-enhancing capabilities.

Goals

Long-term goal of this project is to place user in control of personal data managed by organizations. For example we envision an employee to use midPoint user interface to review personal data usage by the employer, a customer using midPoint GUI to review personal data use of the merchant, review origins of the data, target systems where copies of the data are stored and so on. The goal is to place user in control.

Approach

One of the basic principles of personal data protection is control over the flow and usage of data. Personal data will be shared one way or another and it is a known fact that secrecy is not, by itself, a solution to data protection issues. Our approach takes a different direction: we try to make sure that data are used properly, especially that they are used in a legal way and in accord with user’s wishes. Identity management systems are in control of data usage in most large-scale organizations. Therefore we propose concept of a privacy-enhancing identity management solution.

Identity management (IDM) and identity governance systems are common tools used in variety of organizations – medium to large enterprises, universities, government institutions and so on. IDM systems are used to provision user accounts, apply policies, evaluate compliance, keep audit trails and implement variety of other data management functions. IDM systems are already in the right position to govern data protection. There are just few obstacles that prohibit IDM systems to reach full data protection potential.

Phases

Phase 0: Experimental data protection features in midPoint (2017-2018)

Several experimental features were developed for midPoint as a functionality preview. This was a prototyping phase, to make sure than midPoint is a suitable platform for data protection features.

Phase 1: Data provenance prototype (2020)

Project phase that aimed at providing fundamental foundation for data protection: data provenance. MidPoint was extended to keep metadata about every data value that specifies where the value came from and how it was processed. Design and implementation of Axiom data modeling language was part of this project phase. There also was some interesting work and discoveries on metadata schemas.

Please see the pages dedicated to individual phases for more details.

Future Phases

We plan more phases for the project. However, specific plans for next phases depend on funding, which was not secured yet. Possible follow-up phases that we are considering:

Data protection for engineers

Data protection may be a confusing topic, especially for identity management professionals. Data protection is usually described in legal language that is difficult to understand by engineers. We would like to extend the first chapter of midPoint book with introduction to data protection for engineers.

Metadata and provenance productization

Phase 1 of midPrivacy initiative delivered a very successful protoype of metadata and data provenance functionality. But it is still just a prototype. Further work will be needed to fully productize the prototype and bring the code to production quality.

Sovereignty and data portability

MidPoint has ideal position to support digital sovereignty for organizations. MidPoint is completely open source, it can be deployed under full control of the organization, it can be customized without dependencies on any service provider and lock-ins. However, the capabilities of midPoint for a user to control its own identity and related identities are currently somehow limited. We would like to extend this functionality with:

  • Improved ability to control user profile and data, ideally including information about data provenance and bases for data proessing

  • Supporting data portability, especially on "inbound" side. I.e. midPoint should be able to receive identity from a foreign system, properly manage (link) that identity, support erasure (unlink) and so on.

  • Manage relations to other users, e.g. making "friends", managing student-parent relation and so on.

  • Manage ad hoc groups such as workgroups, student groups and research initiatives. Manage formal teams and clubs and so on.

Management of basis for data processing (including consent)

According to data protection principles, the data cannot be processed unless there is a valid basis for data processing. Management of the bases for data processing is usually done in a manual way "on paper". Such method is only feasible for very simple cases where large user populations are subject to simple and consistent policies. However, the world around is getting complex and more dynamic. User populations are often mixed, user data are acquired from variety of sources. In addition to that, users are using technologies such as identity federations and social login that have serious implications on data protection. Manual management of basis for data processing does not work in such cases, the "paper" is not dynamic enough to keep up. Our experiments in phase 0 and further work in phase 1 of midPrivacy initiative suggest that midPoint can provide a solution. MidPoint can be used as a platform for precise management of basis for data protection, including management of consent.

Documents

See also individual project phases for more detailed and phase-specific documents.

Project Progress And Funding

The ultimate goal of midPrivacy is privacy and data protection. We know that both privacy and data protection are necessary and fundamental features. But these are inherently qualitative features and it is very difficult to "sell" them. Commercial companies do not emphasize data protection. In fact, many companies see data protection as a problem, rather than something that should be desired. Therefore it was very hard to get commercial funding for data protection.

We have experimented with data protection features in midPoint since 2017. However, there was zero commercial interest in data protection features, despite the fact that GDPR was about to become enforceable. Therefore we had to look for alternative sources of funding.

We are fully committed to the concept of privacy and data protection. We understand why it is necessary and even desirable. We know that data protection is the right thing to do. And we believe that data protection will provide significant value for everybody in the long run. Therefore we have created midPrivacy initiative - to raise awareness, but also to get funding for the work that needs to be done.

The midPrivacy initiative will progress as fast as the funding allows. Which may be quite slow at times. But privacy and data protection is crucial for everybody. Therefore we will not quit. We will go on. We will prove that data protection is possible and that it brings significant benefits to everybody in the long run.

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under the NGI_TRUST grant agreement no 825618.