Unknown macro: {next_previous_link3}
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 18 Next »

This content is only valid for DAS 3.2.0.


WSO2 Data Analytics Server is evaluated for the General Data Protection Regulation(GDPR) requirement - Right to be forgotten. The primary focus is to implement the right to be forgotten concept without affecting the core logic of the system.

Right to be forgotten

In WSO2 DAS, event streams specify the schema for events to be selected into the DAS event flow to be processed. This schema can include user IDs and other information that you want to be hidden when DAS persists events for batch analytics.  This can be done via the Forget-me Tool.

To demonstrate this, consider an example where there are two streams as given below.

Stream NameAttribute List
org.wso2.gdpr.students
  • username
  • email
  • dateOfBirth
org.wso2.gdpr.students.marks
  • username
  • marks

In the above streams, the user name, email and the date of birth are considered PII (Personally Identifiable Information) that need to be hidden. To do this, follow the steps given below.

Step 1: Configure the streams.json file

In order to identify the streams and the stream attributes with PII, you need to create this file with definitions of the relevant streams and each attribute that contains PII (Personally Identifiable Information). This file must be placed in the <DAS_HOME>/repository/components/tools/identity-anonymization-tool-x.x.x/conf/streams directory. 

The following is the sample streams.json file for this scenario.

{
    "streams": [
        {
            "streamName": "org.wso2.gdpr.students",
            "attributes": ["username", "email", "dateOfBirth"],
            "id": "username"
        },
        {
            "streamName": "org.wso2.gdpr.students.marks",
            "attributes": ["username"],
            "id": "username"
        }
    ]
}

This file must include the following information as shown in the sample above:

The above configuration includes the following:

  • Stream Name: The name of the stream.
  • Attributes: The list of attributes that contain PII.
  • id: The ID attribute that needs to be replaced with the value of pseudonym argument when executing the tool.

Step 2: Configure the config.json file

In order to identify the streams and the stream attributes with PII, you need to create this file with definitions of the relevant streams and each attribute that contains PII (Personally Identifiable Information). This file must be placed in the <DAS_HOME>/repository/components/tools/identity-anonymization-tool-x.x.x/conf directory. 

The analytics-streams processor needs to be added to the configuration file of the Forget-Me tool as shown on the sample below.

{
    "processors": [
        "analytics-streams"
    ],
    "directories": [
        {
            "dir": "analytics-streams",
            "type": "analytics-streams",
            "processor": "analytics-streams"
        }
    ]
}

Step 3: Execute the Forget-me tool

To execute the Forget-me tool, issue the following command pointing to the <DAS_HOME> directory.

forget-me -U <USERNAME> -d <CONF_DIR> -carbon <DAS_HOME>

In addition to the above, you can also delete references to deleted user information of WSO2 DAS via the Forget-me tool. For detailed information, see WSO2 Administration Guide - Removing References to Deleted User Identities in WSO2 Products.

The following is the complete of properties that can be used with the Forget-me tool.

Command Line OptionDescriptionRequiredSample Value
UThe name of the user whose identity references you want to remove.Yes-U john.doe
dThe configuration directory to use when the tool is run.
If you do not specify a value for this option, the <DAS_HOME>/repository/components/tools/identity-anonymization-tool-x.x.x/conf directory (which is the default configuration directory of the tool) is used.		No-d <TOOL_HOME>/conf
T

The tenant domain of the user whose identity references you want to remove.

If you specify a tenant domain via this option, use the TID option to specify the ID of which the references must be removed.

No

-T acme-company

The default value is carbon.super

TID

The tenant ID of the user whose identity references you want to remove.

It is required to specify a tenant ID if you have specified a tenant domain via the TID option.

No-TID 2346
DThe user store domain name of the user whose identity references you want to remove.No

-D Finance-Domain

The default value is PRIMARY.

puThe pseudonym with which the user name of the user whose identity references you want to remove should be replaced. If you do not specify a pseudonym when you run the tool, a random UUID value is generated as the pseudonym by default.No

-pu “123-343-435-545-dfd-4”

carbon

The CARBON HOME. This should be replaced with the variable $CARBON_HOME in directories configured in the main configuration file.

No-carbon “/usr/bin/wso2das/wso2das3.2.0
  • No labels
Unknown macro: {next_previous_links2}