Deliverable D3.1 describes a security policy that defines three data protection levels: Public, Protected, and Private. Protected provides integrity protection and Private provides both integrity and confidentiality. This deliverable, D4.1, describes the application of this policy to the mF2C use cases, first by identifying two generic patterns of the use cases and then by going through the specifics of each use case individually. We provide a brief analysis of each use case (UC) with details in the Annexes, as well as highlighting the implications on the Platform Manager (PM) (whose responsibilities were listed in D2.6).
The analysis of the UCs shows that additional features are desirable and we make an attempt to list and prioritise them. Message delivery options – how hard the system should try to push a message through – and prioritisation of messages are highlighted as important; the ability to select alternative routes is interesting and should be investigated. In addition, message origin authentication is important for Protected data; this means that it is important not just to assert the integrity of the message but also who asserted the integrity (and/or who sent it – these are usually the same entity).
The analysis further shows that we need rules for processing Private data: while Private data is by definition (see D3.1 section 2) owned by an individual, processing Private data owned by two or more individuals does not necessarily mean they will share it; rather, the ownership would by default be the intersection of their access control lists (which would likely be empty). There is a need to define rules for when data has been sufficiently anonymised – or when there is a situation such as an emergency where normal access control can be overruled. This is likely to be an automated process, so we need a means to define policy and ruleset for determining the ownership, in particular in a way that is not surprising to the original owner of the data, but offers a level of transparency (and perhaps incentive). This is one of the core security targets for the policy feature of the PM.