Skip to content
/ purpl Public
forked from PEngG7/purpl

gRPC interceptor for purpose limitation and data minimisation using JWTs

link.springer.com/chapter/10.1007/978-3-031-62362-2_15
2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

PrivacyEngineering/purpl

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
purpl.png
purpl.png
 
 
purposelimiter.go
purposelimiter.go
 
 

Repository files navigation

This Go module implements a server-side gRPC interceptor designed for purpose-limiting data minimization, ensuring that only the necessary data as dictated by a JWT policy is exposed to service consumers. It dynamically modifies the gRPC response based on the permissions and data handling rules (allowed, generalized, noised, reduced) specified in the JWT claims. This approach enhances privacy by applying differential privacy techniques, generalizing, reducing, or suppressing fields as required. The interceptor leverages RSA public keys for JWT validation, ensuring secure and trustworthy communication.

Citation

To cite the the paper in the Proceedings of the 24th International Conference on Web Engineering (ICWE 2024), use the following BibTeX entry:

@inproceedings{10.1007/978-3-031-62362-2_15,
	title        = {Hook-in Privacy Techniques for gRPC-Based Microservice Communication},
	author       = {Loechel, Louis and Akbayin, Siar-Remzi and Gr{\"u}newald, Elias and Kiesel, Jannis and Strelnikova, Inga and Janke, Thomas and Pallas, Frank},
	year         = 2024,
	booktitle    = {Web Engineering},
	publisher    = {Springer Nature Switzerland},
	address      = {Cham},
	pages        = {215--229},
	isbn         = {978-3-031-62362-2},
	editor       = {Stefanidis, Kostas and Syst{\"a}, Kari and Matera, Maristella and Heil, Sebastian and Kondylakis, Haridimos and Quintarelli, Elisa}
}

purpl: PURPose Limitation

To use this Go module run:

go get -u github.com/louisloechel/purpl

and add this imprt statement to yout Go file:

import (purposelimiter "github.com/louisloechel/purpl")

Usage

The interceptor is called when starting a grpc Server & takes the path to the public key as an argument.

The public key is used to verify the signature of the token.

The token is expected to be a JWT in the metadata of the grpc request.

// path to public key
keyPath := "server/key.pem"

s := grpc.NewServer(
		grpc.UnaryInterceptor(purposelimiter.UnaryServerInterceptor(keyPath)), 
)

JWT generation

For JWT generation use the purpl-jwt-go-rsa or purpl-jwt-go-ecdsa libraries.

Examples

About

gRPC interceptor for purpose limitation and data minimisation using JWTs

link.springer.com/chapter/10.1007/978-3-031-62362-2_15

Resources

Readme
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages

  • Go 100.0%