Abstract

A method and system for performing dynamic field-level access control in streaming data systems includes receiving a streaming data event comprising a plurality of fields and an associated data access request from a consumer, and determining attributes and context associated with the consumer including role information, trust relationships, and runtime conditions. The method includes accessing a predefined typed-edge authorization graph comprising nodes representing consumers, fields, attributes, and context, and typed edges defining access evaluation rules wherein each edge type independently defines how access is judged. For each field, the method includes determining whether a valid authorization path exists by traversing the graph from the consumer towards the field and applying edge-based conditions along the path, generating field-level access decisions, filtering the streaming data event by removing or masking fields for which access is denied, and providing the filtered streaming data event to the consumer in real time.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.

Share

COinS