Usage policy: time restricted

Owned by Vineet Singh
May 06, 2021
2 min read

Objectives

To write down the requirement for implementation of a new usage policy class which restricts the usage of data beyond a certain period of time or number of attempts.

User story

A lot of data shared in the agriculture domain is valid for a period of time. One of the use cases being tried out next season (starting June 2021) in the wheat value chain is to send out customized advisory based on soil parameters and climatic conditions. The advisory is different and generated periodically. The data about the farmers that captures farm level activity also keeps getting updated by field workers periodically.

The data providers need following safeguards when sharing data:

  1. Avoid inadvertent use of old data which is considered invalid or stale

  2. Security concerns of data being available in future to create some model that competes with their business

Technical Requirement

  1. Data when shared from a provider connector to a consumer connector is accessible to a containerized application in the consumer connector verified by the SHA256 hash

    1. This part is already done in the previous implementation

  2. Data is only available in memory to avoid getting on disk for the required time as specified by the usage policy thereby achieving a level of obfuscation

  3. After the passage of time as specified in the usage policy:

    1. Data is expunged from the memory

    2. If new data is available from provider side it is available

    3. Data consumer is required to request for new data if not available

  4. The policy class is generic in nature but requires:

    1. Specification of time again when new data is shared after the time has elapsed

    2. Specification of time to happen through a GUI

  5. If the connector/machine at provider or consumer end restarts, the data in memory is lost and the data connection is to be established again

    1. Once the connectors are restarted the data transfer should start taking place if the usage policy has not changed

    2. This maybe a problem if the data is used for monetary transaction as the state is lost

Questions

  • The first requirement is part of the already implemented usage policy. Can the usage policy class of restricting usage for a time period be done without the usage policy class that it is to be used by containerized application?

  • What is the web sequence diagram for implementing a usage policy for time based restriction?