The reviewed record of science sign in
Pith

arxiv: 2203.09903 · v1 · pith:CFCSHDGN · submitted 2022-03-18 · cs.CR · cs.CY· cs.DC· cs.SE

Configurable Per-Query Data Minimization for Privacy-Compliant Web APIs

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:CFCSHDGNrecord.jsonopen to challenge →

classification cs.CR cs.CYcs.DCcs.SE
keywords dataminimizationapisjanusconfigurabledata-providinggraphqlimplementing
0
0 comments X
read the original abstract

The purpose of regulatory data minimization obligations is to limit personal data to the absolute minimum necessary for a given context. Beyond the initial data collection, storage, and processing, data minimization is also required for subsequent data releases, as it is the case when data are provided using query-capable Web APIs. Data-providing Web APIs, however, typically lack sophisticated data minimization features, leaving the task open to manual and all too often missing implementations. In this paper, we address the problem of data minimization for data-providing, query-capable Web APIs. Based on a careful analysis of functional and non-functional requirements, we introduce Janus, an easy-to-use, highly configurable solution for implementing legally compliant data minimization in GraphQL Web APIs. Janus provides a rich set of information reduction functionalities that can be configured for different client roles accessing the API. We present a technical proof-of-concept along with experimental measurements that indicate reasonable overheads. Janus is thus a practical solution for implementing GraphQL APIs in line with the regulatory principle of data minimization.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.