Skip to main content

blindnet devkit Architecture

This document specifies the architecture of the blindnet devkit.

note

The current version of this document is based mainly on the HLA. It is expected for this document to evolve, especially once the functional requirements document is available.

Terminology

  • All terms defined in RFC-Lexicon-2 are to be interpreted as described there
  • Any additional precision about the terms defined in RFC-Lexicon-2, as well as additional terms such as Consent and Legal Base, provided in High Level Conceptualization is to be considered normative
  • We use the terms Capture Component, Encryption and Access Management Engine, Privacy Computation Engine, Privacy Compiler, Privacy Request Capture Interface, Schemas and Storage Component as defined in High Level Architecture

Responsibilities

The figure below presents the blindnet devkit architecture.

Each element within the architecture is responsible for a certain set of functions within the blindnet devkit.

Privacy Request Capture Interface, which is a part of Privacy Request Manager as described in HLA, is an end-user interface allowing Data Subjects to submit Privacy Requests. For requests that require it, this component may also initiate Data Subject Authentication, deliver the Privacy Request Response (including the data that may be part of response) and show its status.

Data Consumer Interface, which is a part of Privacy Request Manager as described in HLA, is an end-user interface for Data Consumers which allows them to:

Q3 2022 Scope:

  • Set relevant configurations (e.g., Retention Policies, General Information for TRANSPARENCY requests, Transfers information, desired level of automation of Privacy Request Processing )
  • Manage Privacy Requests (View Privacy Requests, Act upon Privacy Request Response recommendations - grant/deny/transfer requests)

Autumn 2022 Scope:

  • View and manage Data Captures

Web components are front-end, look and feel agnostic components which allow integrations of different blindnet devkit functions into external systems and web sites. Currently, these include:

  • Communication (emailing) component
  • Custom data capture components
  • Data consumption components, i.e., components that allow Data Consumers to view and manage data
  • Privacy Request capture components, i.e., components that allow Data Subjects to submit Privacy requests
  • Privacy settings component, i.e., component that allows Data Consumers to set desired configurations
  • Privacy Request management components, i.e. components that allow Data Consumer to view and manage Privacy Request

Blindnet common is an entry point to blindnet devkit functions. It is imagined as a single element used by developers, which further uses different parts of the blindnet devkit depending on developers' needs.

Different components from the HLA (Capture Component, Encryption and Access Management Engine, Privacy Computation Engine) are implemented through several architectural elements.

The HLA's Capture Component consists of Capture SDK, Capture API, and Capture DB, and it:

Q3 2022 Scope:

  • Generates metadata according to PRIV (whenever a data record is made - from user input or any other data-collection mode e.g. transfer, machine learning etc.), covering everything (including 3rd party consents) needed for Privacy Computation Engine to operate as automatically as possible.

Autumn 2022 Scope:

  • Captures data and metadata for Data Consumers
  • Protects confidentiality of Data Captures (encryption), by relying on Encryption Engine
  • Obtains Legal Bases related to Data Captures
  • Allows capturing Data Captures through Data Fragments
  • Allows capturing Data Captures over multiple time instances
  • Allows multiple Data Submitters to submit a Data Capture
  • Allows managing Data Captures on the Data Fragment level

The HLA's Encryption and Access Management Engine consists of Encryption SDK, Encryption API, and Encryption DB, and it:

  • Encrypts and decrypts data
  • Integrable with external OpenID tools
  • Allows recovery after access is lost

The HLA's Privacy Computation Engine, including Privacy Compiler and Customization API, consists of Privacy SDK, Privacy API, and Privacy DB, and it:

  • Captures Privacy Requests from Data Subjects
  • Captures privacy-related Settings (including mapping between PRIV terms and database schema of the client System)
  • Calculates (explainable) response to Privacy Requests
  • Keeps traces of Privacy Requests decisions and actions
  • Provides proofs of Privacy Requests decisions and actions
  • Registers operations and transfers of Data Captures across Systems
  • Allows Data Subjects to revoke Consents

Storage elements of the architecture (Storage SDK, Storage API, and Cloud Storage) are responsible for storing the data.

Identity elements of the architecture (Identity SDK, Identity API, and Identity Storage) are responsible for creating and managing Users of the blindnet devkit (e.g., Data Subjects, Data Consumers, etc.).

References