dsietz / pbd Goto Github PK

View Code? Open in Web Editor NEW

5.0 4.0 0.0 1.4 MB

Privacy by Design SDK

License: Apache License 2.0

Rust 99.85% HTML 0.15%

rust rust-lang sdk privacy privacy-by-design actix-web best-practices pbd pbd-sdk strategies

pbd's Introduction

Linux:

Privacy by Design (PbD) SDK

For software development teams who implement Privacy by Design practices, this PbD SDK provides enablers to help you easily and transparently applying best practices. Unlike other solutions, this SDK maps directly to the Data Privacy strategies to provide a complete tool kit and saves developers time from having to search, derive, or piece together disparate solutions.

Table of Contents

Privacy by Design (PbD) SDK

What's New

Here's whats new in 0.5.0:

We've made breaking changes in this newest version 0.5.0!

For the following reasons, we have dropped the extractor and middleware functionality for the Data Tracker Chain and Data Usage Agreement features. (Resolves Isses #45, #46, and #49)
- focus on remaining a light-weight and flexible SDK
- incompatibility issues with actix-web version ~4
- High vulnerability found in actix-web version 3.3.3
  - https://rustsec.org/advisories/RUSTSEC-2023-0034
- High vulnerability found in actix-rt version 1.1.1
  - https://rustsec.org/advisories/RUSTSEC-2021-0124
- improved Mean Time To Resolve (MTTR) of issues
NOTE: The examples will still provide demonstration of how to implement these features using actix-web without axtractors or middleware.
Updated regex version to fix security vulnerability
💥 New Feature Introduced the concept of a Data Usage Policy as part of the DUA feature. The DUP provides the extended detail that supports a DUA and implements the FidesLang Taxonomy. (Delivers #50)

Features

Data Usage Agreements (dua)
Data Tracker Chain (dtc)
Data Privacy Inspector (dpi)
Data Security Guard (dsg)

Examples

This SDK comes with the executable examples for each of the features. The code for these examples can be found here.

Data Privacy Inspector

From the command line terminal, start the service using: cargo run --example data-privacy-inspector
Then make the following http request

POST / HTTP/1.1
Host: localhost:8088
Content-Type: plain/text
Content-Length: 610

Dear Aunt Bertha,

I can't believe it has already been 10 years since we moved to back to the Colorado. 
I love Boulder and haven't thought of leaving since. So please don't worry when I tell you that we are moving in less than a week.
We will be upgrading to a larger home on the other side of the city on Peak Crest Lane. 
It have a great view of the mountains and we will have a two car garage.

We will have the same phone number, so you can still reach us. But our new address with be 1345 Peak Crest Lane Boulder, Colorado 125468.

Let us know if you ever want to vist us. 

Sincerely,
Robert

Data Security Guard

From the command line terminal, start the service using: cargo run --example data-security-guard
Then make the following http request

GET / HTTP/1.1
Host: localhost:8088
Content-Type: application/json
Content-Length: 1097

{"encrypted_data":[130,37,248,85,153,227,79,249,207,97,173,90,24,95,190,46],"encrypted_symmetric_key":[50,133,49,31,191,107,92,185,73,215,226,59,30,241,210,149,177,158,166,200,98,86,22,245,251,224,49,239,177,245,236,43,255,190,251,162,47,218,206,2,72,253,181,24,143,32,41,233,13,35,195,225,155,110,95,59,223,209,126,134,218,58,45,97,40,184,148,184,188,141,143,235,131,154,76,1,246,8,19,107,226,71,148,231,196,209,197,85,151,36,203,107,125,168,145,93,57,217,188,71,211,239,3,25,230,27,165,65,191,250,178,21,248,49,70,199,34,91,62,22,5,50,50,180,134,31,137,30,155,215,253,109,46,220,209,218,50,98,194,151,63,8,4,164,100,225,94,122,81,93,130,170,255,168,186,76,251,163,179,250,169,167,52,158,223,187,170,101,66,108,22,153,195,140,203,149,243,129,137,161,246,115,156,87,140,96,163,209,169,244,175,34,150,216,43,234,24,7,220,197,87,65,196,43,230,223,61,7,47,171,193,239,121,46,208,245,161,188,113,49,216,205,147,122,233,136,24,58,157,99,54,188,100,14,19,55,11,218,199,148,3,2,74,148,5,174,155,118,136,64,210,182,101,50,168,74],"nonce":[100,109,70,86,87,48,111,104,67,71,78,54,66,74,114,48],"padding":1}

Data Tracker Chain

From the command line terminal, start the service using: cargo run --example data-tracker-chain
Then make the following http request

GET / HTTP/1.1
Host: localhost:8088
Content-Type: application/json
Data-Tracker-Chain: W3siaWRlbnRpZmllciI6eyJkYXRhX2lkIjoib3JkZXJ+Y2xvdGhpbmd+aVN0b3JlfjE1MTUwIiwiaW5kZXgiOjAsInRpbWVzdGFtcCI6MCwiYWN0b3JfaWQiOiIiLCJwcmV2aW91c19oYXNoIjoiMCJ9LCJoYXNoIjoiMjcyMDgxNjk2NjExNDY0NzczNzI4MDI0OTI2NzkzNzAzMTY3NzgyIiwibm9uY2UiOjV9LHsiaWRlbnRpZmllciI6eyJkYXRhX2lkIjoib3JkZXJ+Y2xvdGhpbmd+aVN0b3JlfjE1MTUwIiwiaW5kZXgiOjEsInRpbWVzdGFtcCI6MTU3ODA3MTIzOSwiYWN0b3JfaWQiOiJub3RpZmllcn5iaWxsaW5nfnJlY2VpcHR+ZW1haWwiLCJwcmV2aW91c19oYXNoIjoiMjcyMDgxNjk2NjExNDY0NzczNzI4MDI0OTI2NzkzNzAzMTY3NzgyIn0sImhhc2giOiI1MDEwNDE0OTcwMTA5ODcwMDYzMjUxMTE0NDEyNTg2NzczNjE5MyIsIm5vbmNlIjo1fV0=

Data Usage Agreement

From the command line terminal, start the service using: cargo run --example data-usage-agreement
Then make the following http request

GET / HTTP/1.1
Host: localhost:8088
Content-Type: application/json
Data-Usage-Agreement: [{"agreement_name":"billing","location":"https://github.com/dsietz/pbd/blob/master/tests/duas/Patient%20Data%20Use%20Agreement.pdf","agreed_dtm": 1553988607}]

About

The intent of the pbd development kit is to enable the implementation of privacy design strategies and tactics by providing the functionality and components for developers to implement best practices in their own software soltuions.

How to Contribute

Details on how to contribute can be found in the CONTRIBUTING file.

License

pbd is primarily distributed under the terms of the Apache License (Version 2.0).

See LICENSE-APACHE "Apache License for details.

pbd's People

Contributors

Stargazers

Watchers

pbd's Issues

Feature to support Fideslang taxonomy

Provide a middleware for Data Tracker Chain

It is helpful to have a middleware that a RESTful service can implement to ensure a Data Tracker Chain is sent in the HTTP header and is a valid chain.

Upgrade actix-rt to 2.x

currently using ~1

PBD modules are not compatible with actix-web 3

Get the following error message when trying to implement a pbd module middleware in a web service using the latest version of actix-web.

example

.wrap(DUAEnforcer::default())

expected struct `actix_web::service::ServiceRequest`, found struct `actix_web::dev::ServiceRequest`

Support the latest version of actix-web 4

Cannot build middleware for DUA

PS C:\workspace\pbd> cargo test --verbose
Fresh cfg-if v0.1.10
Fresh autocfg v0.1.7
Fresh futures v0.1.29
Fresh iovec v0.1.4
Fresh unicode-xid v0.2.0
Fresh lazy_static v1.4.0
Fresh semver-parser v0.7.0
Fresh winapi-build v0.1.1
Fresh cc v1.0.47
Fresh fnv v1.0.6
Fresh slab v0.4.2
Fresh winapi v0.2.8
Fresh scopeguard v1.0.0
Fresh rand_core v0.4.2
Fresh unicode-xid v0.1.0
Fresh matches v0.1.8
Fresh smallvec v1.0.0
Fresh regex-syntax v0.6.12
Fresh ppv-lite86 v0.2.6
Fresh itoa v0.4.4
Fresh rustc-demangle v0.1.16
Fresh percent-encoding v1.0.1
Fresh copyless v0.1.4
Fresh linked-hash-map v0.5.2
Fresh quick-error v1.2.2
Fresh widestring v0.4.0
Fresh percent-encoding v2.1.0
Fresh either v1.5.3
Fresh dtoa v0.4.4
Fresh language-tags v0.2.2
Fresh sha1 v0.6.0
Fresh mime v0.3.14
Fresh json v0.11.15
Fresh actix-service v0.4.2
Fresh semver v0.9.0
Fresh crossbeam-utils v0.6.6
Fresh tokio-sync v0.1.7
Fresh thread_local v0.3.6
Fresh lock_api v0.3.2
Fresh rand_core v0.3.1
Fresh unicode-normalization v0.1.11
Fresh unicode-bidi v0.3.4
Fresh c2-chacha v0.2.3
Fresh lru-cache v0.1.2
Fresh winapi v0.3.8
Fresh libc v0.2.66
Fresh byteorder v1.3.2
Fresh proc-macro2 v1.0.6
Fresh log v0.4.8
Fresh rustc_version v0.2.3
Fresh maybe-uninit v2.0.0
Fresh tokio-executor v0.1.9
Fresh proc-macro2 v0.4.30
Fresh memchr v2.2.1
Fresh rand_isaac v0.1.1
Fresh rand_xorshift v0.1.1
Fresh rand_hc v0.1.0
Fresh getrandom v0.1.13
Fresh idna v0.1.5
Fresh idna v0.2.0
Fresh crc32fast v1.2.0
Fresh bytes v0.4.12
Fresh num_cpus v1.11.1
Fresh net2 v0.2.33
Fresh rand_jitter v0.1.4
Fresh rand_os v0.1.3
Fresh socket2 v0.3.11
Fresh winutil v0.1.1
Fresh winreg v0.6.2
Fresh ryu v1.0.2
Fresh time v0.1.42
Fresh base64 v0.10.1
Fresh httparse v1.3.4
Fresh encoding_rs v0.8.20
Fresh bitflags v1.2.1
Fresh quote v1.0.2
Fresh rand_pcg v0.1.2
Fresh rand_chacha v0.1.1
Fresh num-traits v0.2.10
Fresh indexmap v1.3.0
Fresh smallvec v0.6.13
Fresh ws2_32-sys v0.2.1
Fresh kernel32-sys v0.2.2
Fresh quote v0.6.13
Fresh aho-corasick v0.7.6
Fresh tokio-timer v0.2.12
Fresh tokio-current-thread v0.1.6
Fresh rand_core v0.5.1
Fresh backtrace-sys v0.1.32
Fresh url v1.7.2
Fresh brotli-sys v0.3.2
Fresh miniz-sys v0.1.12
Fresh tokio-io v0.1.12
Fresh threadpool v1.7.1
Fresh http v0.1.21
Fresh string v0.2.1
Fresh url v2.1.0
Fresh hostname v0.1.5
Fresh ipconfig v0.2.1
Fresh syn v1.0.11
Fresh rand v0.6.5
Fresh num-integer v0.1.41
Fresh miow v0.2.1
Fresh syn v0.15.44
Fresh regex v1.3.1
Fresh rand_chacha v0.2.1
Fresh backtrace v0.3.40
Fresh tokio-codec v0.1.1
Fresh brotli2 v0.3.2
Fresh flate2 v1.0.13
Fresh h2 v0.1.26
Fresh parking_lot_core v0.6.2
Fresh mio v0.6.21
Fresh synstructure v0.12.3
Fresh proc-macro-hack v0.5.11
Fresh serde_derive v1.0.103
Fresh resolv-conf v0.6.2
Fresh chrono v0.4.10
Fresh actix-web-codegen v0.1.3
Fresh derive_more v0.99.2
Fresh derive_more v0.15.0
Fresh rand v0.7.2
Fresh enum-as-inner v0.2.1
Fresh actix-codec v0.1.2
Fresh parking_lot v0.9.0
Fresh failure_derive v0.1.6
Fresh serde v1.0.103
Fresh tokio-reactor v0.1.11
Fresh actix-threadpool v0.1.2
Fresh failure v0.1.6
Fresh const-random-macro v0.1.6
Fresh actix-utils v0.4.7
Fresh serde_urlencoded v0.6.1
Fresh serde_json v1.0.42
Fresh actix-router v0.1.5
Fresh tokio-tcp v0.1.3
Fresh actix-rt v0.2.6
Fresh tokio-udp v0.1.5
Fresh const-random v0.1.6
Fresh tokio-signal v0.2.7
Fresh trust-dns-proto v0.7.4
Fresh actix-server-config v0.1.2
Fresh ahash v0.2.18
Fresh trust-dns-resolver v0.11.1
Fresh hashbrown v0.6.3
Fresh actix-server v0.6.1
Fresh actix-connect v0.2.5
Fresh actix-testing v0.1.0
Fresh actix-http v0.2.11
Fresh awc v0.2.8
Fresh actix-web v1.0.9
Compiling pbd v0.0.5 (C:\workspace\pbd)
Running rustc --edition=2018 --crate-name pbd src/lib.rs --color always --emit=dep-info,link -C debuginfo=2 --test --cfg "feature=\"actix-service\"" --cfg "feature=\"actix-web\"" --cfg "feature=\"default\"" --cfg "feature=\"dua\"" --cfg "feature=\"futures\"" -C metadata=0667f0ee1fa84130 -C extra-filename=-0667f0ee1fa84130 --out-dir C:\workspace\pbd\target\debug\deps -C incremental=C:\workspace\pbd\target\debug\incremental -L dependency=C:\workspace\pbd\target\debug\deps --extern actix_service=C:\workspace\pbd\target\debug\deps\libactix_service-1dcfc6ec16eb3f49.rlib --extern actix_web=C:\workspace\pbd\target\debug\deps\libactix_web-466a7ba96850b333.rlib --extern derive_more=C:\workspace\pbd\target\debug\deps\derive_more-5cb3f38138626b63.dll --extern futures=C:\workspace\pbd\target\debug\deps\libfutures-f1ccab95d45bb78a.rlib --extern json=C:\workspace\pbd\target\debug\deps\libjson-6278b4686ad762e5.rlib --extern log=C:\workspace\pbd\target\debug\deps\liblog-2582979dc0b6c114.rlib --extern serde=C:\workspace\pbd\target\debug\deps\libserde-9372dbb0aae3bab4.rlib --extern serde_derive=C:\workspace\pbd\target\debug\deps\serde_derive-41e331770bc6a48a.dll --extern serde_json=C:\workspace\pbd\target\debug\deps\libserde_json-8b1b54242e35e92c.rlib -L native=C:\workspace\pbd\target\debug\build\brotli-sys-5585bc576321d369\out -L native=C:\workspace\pbd\target\debug\build\miniz-sys-fc0859ff5c24974e\out
error[E0277]: the trait bound dua::middleware::actix::DUAEnforcer: dua::extractor::actix_service::IntoTransform<_, dua::extractor::actix_web::app_service::AppRouting> is not satisfied
--> src\dua\middleware\actix.rs:115:19
|
115 | .wrap(DUAEnforcer)
| ^^^^^^^^^^^ the trait dua::extractor::actix_service::IntoTransform<_, dua::extractor::actix_web::app_service::AppRouting> is not implemented for dua::middleware::actix::DUAEnforcer

error: aborting due to previous error

For more information about this error, try rustc --explain E0277.
error: could not compile pbd.

Caused by:
process didn't exit successfully: rustc --edition=2018 --crate-name pbd src/lib.rs --color always --emit=dep-info,link -C debuginfo=2 --test --cfg "feature=\"actix-service\"" --cfg "feature=\"actix-web\"" --cfg "feature=\"default\"" --cfg "feature=\"dua\"" --cfg "feature=\"futures\"" -C metadata=0667f0ee1fa84130 -C extra-filename=-0667f0ee1fa84130 --out-dir C:\workspace\pbd\target\debug\deps -C incremental=C:\workspace\pbd\target\debug\incremental -L dependency=C:\workspace\pbd\target\debug\deps --extern actix_service=C:\workspace\pbd\target\debug\deps\libactix_service-1dcfc6ec16eb3f49.rlib --extern actix_web=C:\workspace\pbd\target\debug\deps\libactix_web-466a7ba96850b333.rlib --extern derive_more=C:\workspace\pbd\target\debug\deps\derive_more-5cb3f38138626b63.dll --extern futures=C:\workspace\pbd\target\debug\deps\libfutures-f1ccab95d45bb78a.rlib --extern json=C:\workspace\pbd\target\debug\deps\libjson-6278b4686ad762e5.rlib --extern log=C:\workspace\pbd\target\debug\deps\liblog-2582979dc0b6c114.rlib --extern serde=C:\workspace\pbd\target\debug\deps\libserde-9372dbb0aae3bab4.rlib --extern serde_derive=C:\workspace\pbd\target\debug\deps\serde_derive-41e331770bc6a48a.dll --extern serde_json=C:\workspace\pbd\target\debug\deps\libserde_json-8b1b54242e35e92c.rlib -L native=C:\workspace\pbd\target\debug\build\brotli-sys-5585bc576321d369\out -L native=C:\workspace\pbd\target\debug\build\miniz-sys-fc0859ff5c24974e\out (exit code: 1)

Have DUA Middleware validate DUAs

Have the middleware validate the DUAs in the HTTP header

Upgrade to actix-service 2.0

Currently using version ^1

migrate to the latest actix releases

actix-web
actix-service

implement actix-web extractor for dtc

Convert DUA functions to an actix-web middleware

Reference Actix Web documentation for building Middleware
https://actix.rs/docs/middleware/

Add actix-web Extractor Data Usage Agreement from the HttpRequest

Add digital signature to DUA

Consider using https://crates.io/crates/ring

Add the Data Security Guard feature

Add functionality that will secure data for transfer and make it readable on the other side.

implement automated CI/CD

Data Tracker Chain - MarkerChain

Add a new module that manages Data Tracking using the blockchain model.

privacy design strategies and tactics link is broken

The link privacy design strategies and tactics in the pbd lib documentation is broken.

Design the Micro Privacy Agreement Object that the Data Usage Agreement references.

The Micro Privacy Agreement is currently a written legal agreement (e.g.: PDF) that the software developer has to interoperate. By treating it as an object with child objects we can convert it into a programmatic configuration object.
Micro Privacy Agreement
-> UID
-> Version
-> Data Life Cycle
----> Collection
----> Use
----> Disclosure
----> Retention
----> Destruction
-> Symbol
----> icon (.png)
-> Legal Document
----> pdf
-> Data Classification
----> confidential, PII, NPPI, PCI, restricted
-> FAIR Risk Level
----> Frequency
----> Magnitude
-> Related Data Fields (array)
----> Field
--------> Field ID (e.g.: 100010)
--------> Field Name (First Name)

Improve DTC - previous hash should be part of MarkerIdnetifier

The previous hash in the Marker should be located in the MarkerIdentifier so it is part of the hash for the current block.

Resolve Deprecated warnings in the Error traits

Resolve the Deprecated warnings in the following traits:

pbd::dpi::error::Error
pbd::dsg::error::Error
pbd::dtc::error::Error
pbd::dua::error::Error

The impacted methods are the following:

description(&self) -> &str
Deprecated since 1.42.0: use the Display impl or to_string()
cause(&self) -> Option<&dyn Error>
Deprecated since 1.33.0: replaced by Error::source, which can support downcasting