LogoLogo
  • Introduction
  • Background
    • The GDPR
    • Data Request Practice
  • Why a Data Request API
    • Security
    • Modularisation
    • Best practices
    • A great user experience
  • Proposal
    • Goals
    • API Formatting
    • Authentication
    • Describing Data
  • Future Considerations
    • Governance
    • API Extensions
    • Certification
    • Security
    • Reference Implementations
    • Data Rights Registry
    • Iconography
Powered by GitBook
On this page
Export as PDF
  1. Future Considerations

Security

Given that the requests concern the entirety of a person's personal information within an organisation, the Open Data Rights API must be secure without question. To support continuous guarantees on security, practices need to be established in this area.

Firstly, the security of the current proposal must be proven. Correspondingly, we strongly encourage a security audit to be completed in the near future. We consider this essential before a definitive v1 release is made. After completion, learnings should be incorporated in the further development process. Further, continuous security audits should be a regular staple of this development process.

Secondly, a process needs to be established where critical vulnerabilities can be (confidentially) accepted and addressed within the smallest frame of time. This goes beyond a GitHub issues checklist for serious security issues. Secure infrastructure for this communication must be setup and monitored. Additionally, manpower must be made available to verify and accommodate these issues.

Thirdly, common implementations on both front- and back-end should be regularly tested and scrutinised for particular implementation or security faults. We encourage the Data Rights API to not only take responsibility for specification, but implementations as well. These practices should increase the security of the ecosystem at large.

PreviousCertificationNextReference Implementations

Last updated 4 years ago