ballerina/privacy module

Module overview

The privacy module acts as the foundation in making the Ballerina a privacy-aware programming language. The module provides the required utility functions that allow pseudonymization, de-pseudonymization, and deletion of Personally Identifiable Information (PII).

A pseudonymized identifier will be issued by the pseudonymize function for a provided PII. The actual PII value will be stored in the selected pluggable PII Store. The issued identifier can be used to represent the particular PII in other locations. The depseudonymize function can be used to obtain the actual PII value and give the pseudonymized `` identifier. PII can be deleted from the store using the delete function.

Samples

import ballerina/h2;
import ballerina/io;
import ballerina/privacy;
import ballerina/sql;

h2:Client testDB = new({
    path: "./H2PIIStore/",
    name: "TestDBH2",
    username: "SA",
    password: "",
    poolOptions: { maximumPoolSize: 1 }
});

final string TABLE_NAME = "PII_STORE";
final string ID_CLOUMN = "id";
final string PII_COLUMN = "pii";

public function main(string pii) returns error? {
    // Creates the database structure in the H2 PII store.
    var creationStatus = testDB->update("CREATE TABLE IF NOT EXISTS PII_STORE (ID VARCHAR(300) NOT NULL, PII VARCHAR(300) NOT NULL, PRIMARY KEY (ID))");
    if (creationStatus is sql:UpdateResult) {
        io:println("PII to be persisted: " + pii);

        // Creates a storage that uses an H2 database to persist Personally Identifiable Information (PII).
        privacy:H2PiiStore piiStore = new(testDB, TABLE_NAME, ID_CLOUMN, PII_COLUMN);

        // Store PII information in the storage and take a pseudonymized identifier (UUID) representing the stored data.
        var pseudonymizedPii = privacy:pseudonymize(piiStore, pii);
        if (pseudonymizedPii is string) {
            io:println("Pseudonymized identifier: " + pseudonymizedPii);

            // Reads the PII by providing the pseudonymized identifier.
            var depseudonymizedPii = privacy:depseudonymize(piiStore, pseudonymizedPii);
            if (depseudonymizedPii is string) {
                io:println("Deseudonymized value: " + depseudonymizedPii);
            } else {
                return depseudonymizedPii;
            }

            // Deletes the PII by providing the pseudonymized identifier.
            var deleteStatus = privacy:delete(piiStore, pseudonymizedPii);
            if (deleteStatus is error) {
                return deleteStatus;
            }
        } else {
            return pseudonymizedPii;
        }
    } else {
        return creationStatus;
    }
}

Module Detail

Objects

Object Description
H2PiiStore

Represents personally identifiable information (PII) storage mechanisum based on H2 database

MySqlPiiStore

Represents personally identifiable information (PII) storage mechanisum based on MySQL database

PiiStore

Represents a storage mechanisum usable to store personally identifiable information (PII)

Functions

Function Description
delete

Delete personally identifiable information (PII) from the PII store

depseudonymize

Depseudonymize the identifier by retrieving the personally identifiable information (PII) from the PII store

pseudonymize

Pseudonymize personally identifiable information (PII) and store PII and the pseudonymized identifier in the PII store

public function delete(privacy:PiiStore store, string id) returns (error?<>)

Delete personally identifiable information (PII) from the PII store

Parameter Name Data Type Default Value Description
store privacy:PiiStore

storage used to persist the PII and the identifier

id string

pseudonymized identifier to be deleted

Return Type Description
error?<>

nil if retrieval was successful, error if retrieval failed

public function depseudonymize(privacy:PiiStore store, string id) returns (string|error<>)

Depseudonymize the identifier by retrieving the personally identifiable information (PII) from the PII store

Parameter Name Data Type Default Value Description
store privacy:PiiStore

storage used to persist the PII and the identifier

id string

pseudonymized identifier to be depseudonymize

Return Type Description
string|error<>

PII if retrieval was successful, error if retrieval failed

public function pseudonymize(privacy:PiiStore store, string pii) returns (string|error<>)

Pseudonymize personally identifiable information (PII) and store PII and the pseudonymized identifier in the PII store

Parameter Name Data Type Default Value Description
store privacy:PiiStore

storage used to persist the PII and the identifier

pii string

PII to be pseudonymized

Return Type Description
string|error<>

36 characters long UUID if storage operation was successful, error if storage operation failed

public type H2PiiStore object

Represents personally identifiable information (PII) storage mechanisum based on H2 database

Field Name Data Type Default Value Description
clientEndpoint h2:Client

reference to H2 database client endpoint

tableName string

table name used to store PII

idColumn string

column name used to store pseudonymized identifier

piiColumn string

column name used to store PII

  • <H2PiiStore> __init(h2:Client clientEndpoint, string tableName, string idColumn, string piiColumn)

    Create personally identifiable information (PII) storage mechanisum based on H2 database

    Parameter Name Data Type Default Value Description
    clientEndpoint h2:Client

    reference to H2 database client endpoint

    tableName string

    table name used to store PII

    idColumn string

    column name used to store pseudonymized identifier

    piiColumn string

    column name used to store PII

  • <H2PiiStore> pseudonymize(string pii) returns (string|error<>)

    Pseudonymize personally identifiable information (PII) and store PII and the pseudonymized identifier

    Parameter Name Data Type Default Value Description
    pii string

    PII to be pseudonymized

    Return Type Description
    string|error<>

    36 characters long UUID if storage operation was successful, error if storage operation failed

  • <H2PiiStore> depseudonymize(string id) returns (string|error<>)

    Depseudonymize the identifier by retrieving the personally identifiable information (PII)

    Parameter Name Data Type Default Value Description
    id string

    pseudonymized identifier to be depseudonymize

    Return Type Description
    string|error<>

    PII if retrieval was successful, error if retrieval failed

  • <H2PiiStore> delete(string id) returns (error?<>)

    Delete personally identifiable information (PII)

    Parameter Name Data Type Default Value Description
    id string

    pseudonymized identifier to be deleted

    Return Type Description
    error?<>

    nil if retrieval was successful, error if retrieval failed

public type MySqlPiiStore object

Represents personally identifiable information (PII) storage mechanisum based on MySQL database

Field Name Data Type Default Value Description
clientEndpoint mysql:Client

reference to H2 database client endpoint

tableName string

table name used to store PII

idColumn string

column name used to store pseudonymized identifier

piiColumn string

column name used to store PII

  • <MySqlPiiStore> __init(mysql:Client clientEndpoint, string tableName, string idColumn, string piiColumn)

    Create personally identifiable information (PII) storage mechanisum based on MySQL database

    Parameter Name Data Type Default Value Description
    clientEndpoint mysql:Client

    reference to H2 database client endpoint

    tableName string

    table name used to store PII

    idColumn string

    column name used to store pseudonymized identifier

    piiColumn string

    column name used to store PII

  • <MySqlPiiStore> pseudonymize(string pii) returns (string|error<>)

    Pseudonymize personally identifiable information (PII) and store PII and the pseudonymized identifier

    Parameter Name Data Type Default Value Description
    pii string

    PII to be pseudonymized

    Return Type Description
    string|error<>

    36 characters long UUID if storage operation was successful, error if storage operation failed

  • <MySqlPiiStore> depseudonymize(string id) returns (string|error<>)

    Depseudonymize the identifier by retrieving the personally identifiable information (PII)

    Parameter Name Data Type Default Value Description
    id string

    pseudonymized identifier to be depseudonymize

    Return Type Description
    string|error<>

    PII if retrieval was successful, error if retrieval failed

  • <MySqlPiiStore> delete(string id) returns (error?<>)

    Delete personally identifiable information (PII)

    Parameter Name Data Type Default Value Description
    id string

    pseudonymized identifier to be deleted

    Return Type Description
    error?<>

    nil if retrieval was successful, error if retrieval failed

public type PiiStore object

Represents a storage mechanisum usable to store personally identifiable information (PII)

  • <PiiStore> pseudonymize(string pii) returns (string|error<>)

    Pseudonymize personally identifiable information (PII) and store PII and the pseudonymized identifier

    Parameter Name Data Type Default Value Description
    pii string

    PII to be pseudonymized

    Return Type Description
    string|error<>

    36 characters long UUID if storage operation was successful, error if storage operation failed

  • <PiiStore> depseudonymize(string id) returns (string|error<>)

    Depseudonymize the identifier by retrieving the personally identifiable information (PII)

    Parameter Name Data Type Default Value Description
    id string

    pseudonymized identifier to be depseudonymize

    Return Type Description
    string|error<>

    PII if retrieval was successful, error if retrieval failed

  • <PiiStore> delete(string id) returns (error?<>)

    Delete personally identifiable information (PII)

    Parameter Name Data Type Default Value Description
    id string

    pseudonymized identifier to be deleted

    Return Type Description
    error?<>

    nil if retrieval was successful, error if retrieval failed