Page 29 - Trust in ICT 2017
P. 29
Trust in ICT 1
issue is redaction. This means that one starts with a document that originally includes data of all sensitivity
levels and then removes any piece of information that has a higher sensitivity level than the pre-determined
redaction level. The end result is a redacted version of the initial document that can be presented to a
person/entity that has the matching authorization level. Persons with lower authorization level are not
authorized to view this particular version of document. The redaction engine can produce multiple versions
of the initial records, where each version corresponds to one redaction level including material at specific
sensitivity level (and lower).
Care must be taken to ensure that only authorized users have access to data. Therefore, the system must
match the redaction level of data with the authorization level and present the proper version of the record
for each actor.
Record for person with
Full authorization
Full
record
Restricted data
Record for person
Moderate data authorized
for moderate data
Unrestricted data
Record for person
authorized
Only for unrestricted data
Figure 4 – An illustration of a process with 2 levels of redaction [113]
The rexdaction engine may reside at a policy control server or at the application server operated by the M2M
application service provider. The policy server may also hold policies on which users get which authorization
level, while an authorization server may be in charge of authenticating each user and assigning her the proper
authorization level.
In a system relying on notifications based on prior subscriptions, data must be examined first to determine
which subscribers should receive notifications and then only those subscribers should be capable to retrieve
the data about which the notification is sent.
21
