Privacy in Service Oriented Architectures: SOA Boundary Identity Masking for Enterprises

Sensitive data is increasingly proliferating due to outsourcing, application service provisioning, cloud computing and so on. The control of such data is increasingly crucial for enterprises, because of regulatory scrutiny, data privacy concerns, and so on. One approach to confine storing and processing sensitive data is our Boundary Identity Masking approach [1], in which a key-value token substitution ensures that sensitive data in its clear-text representation is available only within a well-defined boundary. However, the governance of these boundaries and substitution rules is not defined in [1]. This paper introduces a model for defining boundaries for sensitive data in the context of an enterprise. Next, the paper describes how to govern data privacy of services given the boundary model and a Service Oriented Architecture (SOA). Furthermore, we describe how the data structures of our Boundary Identity Masking approach are governed at an enterprise level. This addresses the scaling of our approach with respect to a large number of services and many boundaries.