Add a configurable driver option to add the [is-sensitive="true"] to attributes automatically

Idea ID 2802336

Add a configurable driver option to add the [is-sensitive="true"] to attributes automatically

Add a configurable method to flag attributes as 'is-sensitive' at the driver/shim level before they enter the input or output flow. Currently this can be managed in policy by adding the setting to a given attribute at any point in the channel processing. The initial input of these attributes will still be visible in a level 3 trace before a policy can be applied. It also does not cover attributes that may be returned in response to out of band queries. This can result in sensitive information being made visible in the driver traces at any point. With the growing number of items that are considered sensitive for personal information (Social Insurance Number, Birth Date, etc.) there can be a need to add additional protection to data included in traces, besides the defaults of passwords and encrypted attributes. Having this type of configurable ability would also allow the option to flag octet type attributes, with long values variables, as sensitive to hide them from traces. This can clean up traces that currently have long strings of base-64 encoded data which usually is just a waste of file space.

Wondering if this could be implemented as an extension to the Driver Filter, by adding an option to identify attributes that are to be treated as sensitive, or maybe by adding a new resource object that lists the attributes to be flagged as sensitive. The driver would consume the configuration on startup and pass the information, after translation through the schema map, to a remote loader/driver shim to the connected system so that attributes from the connected application are also returned with the sensitive flag set as well. Maybe just an extension to the Schema Map to flag the selected mapped attributes as sensitive, could cover both vault and application.

1 Comment
Super Contributor.
Super Contributor.

Driver filter option would be most welcome!

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.