Messaging with Purpose Limitation -- Privacy-Compliant Publish-Subscribe Systems

TL;DR

This paper introduces a purpose-based access control extension for MQTT messaging systems to ensure privacy compliance by limiting data use to declared purposes, addressing a gap in communication privacy solutions.

Contribution

It proposes and evaluates a novel PBAC extension for MQTT brokers, enabling purpose limitation for data-in-transit in message-driven architectures.

Findings

Extended MQTT broker with purpose limitation functionality

Demonstrated privacy compliance in IoT messaging scenarios

Enhanced privacy control in event-driven enterprise architectures

Abstract

Purpose limitation is an important privacy principle to ensure that personal data may only be used for the declared purposes it was originally collected for. Ensuring compliance with respective privacy regulations like the GDPR, which codify purpose limitation as an obligation, consequently, is a major challenge in real-world enterprise systems. Technical solutions under the umbrella of purpose-based access control (PBAC), however, focus mostly on data being held at-rest in databases, while PBAC for communication and publish-subscribe messaging in particular has received only little attention. In this paper, we argue for PBAC to be also applied to data-in-transit and introduce and study a concrete proof-of-concept implementation, which extends a popular MQTT message broker with purpose limitation. On this basis, purpose limitation as a core privacy principle can be addressed in enterprise IoT and message-driven integration architectures that do not focus on databases but event-driven communication and integration instead.