Databases Reference
In-Depth Information
Enterprise
Applications
Policy
Creator
GUI
User
Preference
GUI
User Data
Collection
Preference
Parser
Policy
Translator
Policy-Preference
Negotiator
Data Collection
Servlet
Database Interface
HDB Active Enforcement Engine
Installed Policies
and Preferences
Database
User Data
Fig. 1.
HDB Active Enforcement Architecture
the system may then provide the individual with opt-in or opt-out choices
concerning use and disclosure of their information. These choices are recorded
in the database and enforced at the time of query processing. Successful pref-
erence negotiation confirms the terms of agreement between the parties.
In the
application data retrieval stage
, the active enforcement compo-
nent intercepts and transforms an incoming query to comply with applicable
privacy policies. The database runs the transformed query and retrieves only
policy-compliant information. In this way, the system transparently enforces
cell-level disclosure controls based upon the requestor's authorization, the
purpose of access, the intended recipient, and individual opt-in and opt-out
choices. Purpose and recipient information can either be inferred from the ap-
plication or directly specified by the requestor issuing the query. This ensures
that applications retrieve all information that a requestor is entitled to access
for a particular purpose and intended recipient,
The current implementation of HDB active enforcement operates in an
agnostic middleware layer above a relational database using any SQL compli-
ant interface. Figure 2 shows the HDB Active Enforcement implementation
as a Java Database Connectivity (JDBC) driver, which is a wrapper over a
native JDBC driver (e.g., DB2's native JDBC driver). The JDBC application,
shown at the top of the figure, connects to the HDB driver instead of the native
driver and thereafter submits queries and commands as it would have done
using the native driver. Using JDBC, queries are submitted with the execute-
Query method, which accepts the query string as its argument. The submitted
