Skip to content

gRPC interceptor for purpose limitation and data minimisation using JWTs

Notifications You must be signed in to change notification settings

PrivacyEngineering/purpl

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

This Go module implements a server-side gRPC interceptor designed for purpose-limiting data minimization, ensuring that only the necessary data as dictated by a JWT policy is exposed to service consumers. It dynamically modifies the gRPC response based on the permissions and data handling rules (allowed, generalized, noised, reduced) specified in the JWT claims. This approach enhances privacy by applying differential privacy techniques, generalizing, reducing, or suppressing fields as required. The interceptor leverages RSA public keys for JWT validation, ensuring secure and trustworthy communication.

Citation

To cite the the paper in the Proceedings of the 24th International Conference on Web Engineering (ICWE 2024), use the following BibTeX entry:

@inproceedings{10.1007/978-3-031-62362-2_15,
	title        = {Hook-in Privacy Techniques for gRPC-Based Microservice Communication},
	author       = {Loechel, Louis and Akbayin, Siar-Remzi and Gr{\"u}newald, Elias and Kiesel, Jannis and Strelnikova, Inga and Janke, Thomas and Pallas, Frank},
	year         = 2024,
	booktitle    = {Web Engineering},
	publisher    = {Springer Nature Switzerland},
	address      = {Cham},
	pages        = {215--229},
	isbn         = {978-3-031-62362-2},
	editor       = {Stefanidis, Kostas and Syst{\"a}, Kari and Matera, Maristella and Heil, Sebastian and Kondylakis, Haridimos and Quintarelli, Elisa}
}

purpl: PURPose Limitation

To use this Go module run:

go get -u github.com/louisloechel/purpl

and add this imprt statement to yout Go file:

import (purposelimiter "github.com/louisloechel/purpl")

Usage

The interceptor is called when starting a grpc Server & takes the path to the public key as an argument.

The public key is used to verify the signature of the token.

The token is expected to be a JWT in the metadata of the grpc request.

// path to public key
keyPath := "server/key.pem"

s := grpc.NewServer(
		grpc.UnaryInterceptor(purposelimiter.UnaryServerInterceptor(keyPath)), 
)

JWT generation

For JWT generation use the purpl-jwt-go-rsa or purpl-jwt-go-ecdsa libraries.

Examples

About

gRPC interceptor for purpose limitation and data minimisation using JWTs

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Go 100.0%