[midPoint] Blog: Introducing MidPrivacy Initiative

[Radovan Semancik]

Dear midPoint community,

Ladies and gentlemen, please welcome midPrivacy 
<https://docs.evolveum.com/midpoint/midprivacy/>, our data protection 
initiative. Identity management and data protection go hand in hand, one 
cannot really reach its full potential without the other. However, most 
identity management systems were a bit short on the data protection 
side. Therefore we have decided that it is the right time to do 
something about it.

MidPoint is a second-generation identity management platform. Unlike 
most IDM systems designed in 2000s, midPoint was designed with data 
protection in mind. We know quite well that data protection is not just 
the legal requirement, it is the right thing to do. We have been 
experimenting with some data protection prototypes in 2017 during the 
GDPR countdown, hoping that the industry will pick up data protection 
features. It looks like we were a bit early with that. However, we think 
that /now/ is the right time to roll it out.

Even tough we have been working on data protection for some time, we 
have figured that it is the right time to give this initiative a name 
and visibility. /MidPrivacy/ aims at turning midPoint into 
/privacy-enhancing/ identity management platform. This is obviously a 
long-term goal that has to be divided to smaller steps.

The first step of midPrivacy initiative is implementation of data 
provenance 
<https://docs.evolveum.com/midpoint/midprivacy/phases/01-data-provenance-prototype/> 
features. Simply speaking, data provenance is about knowing the origin 
of data. We need to know where the data came from and how they were 
processed. This can give us indication whether the data were processed 
in accord with the policies or whether we have no right to process the 
data and they should be erased. Data provenance is essential for 
accountability and transparency of data processing.

But data provenance is much deeper that that. It is also just a first 
step, one of the foundation stones of other data protection features. We 
plan to extend midPoint functionality in many ways. Data protection is 
quite complex topic, but data protection concepts need to be presented 
to ordinary users. Therefore good user experience is quite a challenge. 
We would like to tackle data portability issues. Data protection system 
needs to be secure and we have already made a lot of effort 
<https://evolveum.com/midpoint-went-through-eu-fossa2-bug-bounty/> to 
make midPoint secure. But when it comes to security there is always need 
for improvements. We would also like to improve the documentation, make 
recommendations, document best practice, provide examples. And of 
course, there are really attractive pieces such as “holistic” consent 
management.

There is much to do to make this dream a reality. And of course, it all 
depends on funding. We will invest part of our profits to fund this 
initiative. However, these are strange and difficult times. We have to 
look for other opportunities for funding. We are extremely happy that we 
were able to secure funding for the data provenance phase of midPrivacy 
from the NGI_TRUST program. I would like to express my dearest thanks 
for everyone involved in the NGI programs, this made a huge difference 
for us. We hope to secure more funding for at least a couple additional 
phases of midPrivacy initiative. But any kind of funding is more than 
appreciated. We will be grateful for subscription money, sponsoring or 
donations. We strongly believe that data protection and privacy are 
worthy goals and we will do our best to achieve them.

This project has received funding from the European Union’s Horizon 2020 
research and innovation programme under the NGI_TRUST grant agreement no 
825618.

(Reposted from Evolveum blog 
<https://evolveum.com/introducing-midprivacy-initiative/>)

-- 
Radovan Semancik
Software Architect
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200422/2be417e8/attachment.htm>