Data portability

The GDPR foresees for an individual the right to receive data connected to them, that is stored or processed, and personal data, which they supplied, in a structured, common, and machine-readable format.

This is supported with the Reporting feature. OneSpan Authentication Server allows you to define and run a wide range of detailed reports. Reporting aspects include desired fields, run-time query options, permissions, templates, and scheduling. You can use pre-defined standard reports, which can be edited, or you can define elements to create your own customized reports. Reports are managed via Administration Web Interface.

GDPR-specific report templates

OneSpan Authentication Server provides specific report templates for GDPR compliance, based on the individual user. These templates allow to create reports that include one of the following:

  • All related static user information, including user properties and attributes.
  • All provisioning, authentication, and signature validation activity.
  • Information about all authenticators currently assigned to a specific user.

To access these templates, navigate to the User Properties page of the relevant user in Administration Web Interface and switch to the Reports tab. From the list of reports, select the required template.

See Table: GDPR compliance – Report templates for a list of the GDPR-specific templates. The table also lists the source fields OneSpan Authentication Server uses by default to generate each of these reports. You can remove source fields and/or add others as required via the Fields tab of the relevant report.

Table: GDPR compliance – Report templates
Template name Description
GPDR Compliance - User Information

This is a Detailed Analysis report template and provides a summary of all static user information for a particular user in machine-readable format. The report grouping level is User, the data source is Users and audit data.

When you run this report with the default settings, i.e. without custom run-time queries, the user ID and domain are set as queries, and the report is generated. It includes all audit messages for the required user, grouped by domain and organizational unit.

OneSpan Authentication Server includes the data from the following source fields to generate the default report:

  • User:Back-End Authentication
  • User:Created time
  • User:Description
  • User:Disabled
  • User:Domain
  • User:Email
  • User:Expiration Date
  • User:Has Digipass
  • User:Last Authentication
  • User:Local Authentication
  • User:Lock Count
  • User:Locked
  • User:Mobile
  • User:Modified time
  • User:Organizational Unit
  • User:Phone
  • User:Status
  • User:User ID
  • User:User Name
  • User Attributes:*
GDPR Compliance - Digipass Information

This is a Detailed Analysis report template and provides a summary of all authenticator information for a particular user in machine-readable format. The report grouping level is User, the data source is Digipass.

When you run this report with the default settings, i.e. without custom run-time queries, the user ID and domain are set as queries, and the report is generated. It includes all audit messages for the required user, grouped by domain and organizational unit.

OneSpan Authentication Server includes the data from the following source fields to generate the default report:

  • Digipass:Application Names
  • Digipass:Application Types
  • Digipass:Backup VDP Enabled
  • Digipass:Backup VDP Expires
  • Digipass:Backup VDP Uses Left
  • Digipass:Description
  • Digipass:Digipass Type
  • Digipass:Expiration Date
  • Digipass:Grace Period End
  • Digipass:Serial Number
  • Digipass:Status
GDPR Compliance - User Activity

This is a Detailed Analysis report template and provides a summary of all activity for a particular user in machine-readable format. The report grouping level is User, the data source is Digipass + Audit Data.

When you run this report with the default settings, i.e. without custom run-time queries, the user ID and domain are set as queries, and the report is generated. It includes all audit messages for the required user, grouped by domain and organizational unit.

OneSpan Authentication Server includes the data from the following source fields to generate the default report:

  • Audit:Application
  • Audit:Back-End Authentication
  • Audit:Category
  • Audit:Characteristics
  • Audit:Client Type
  • Audit:Code
  • Audit:Description
  • Audit:Expiration Date
  • Audit:Fields
  • Audit:Input Details
  • Audit:Local Authentication
  • Audit:Output Details
  • Audit:Policy ID
  • Audit:Reason
  • Audit:Timestamp
  • Audit:Type
  • Audit:User Location

Notable GDPR-relevant report criteria

To obtain more exact reports and obtain GDPR compliance, you can define filter criteria for the reports to include only certain data.

Specify default time period

For the reports you create and run from the USERS > Reports tab, you can specify a default time period. You can configure the reporting period using the following properties in the webadmin.properties file:

com.vasco.webadmin.user.report.defaultTimePeriod=reporting_period

com.vasco.webadmin.user.report.userLifespanReports=comma_separated_report_list

By default, the defaultTimePeriod property is set to Last 6 Months and applies to all reports generated from the USERS > Reports tab, except for reports specified by the userLifespanReports property. All reports listed under userLifespanReports (the report IDs separated by commas) are generated using a reporting period starting at the time the respective user account was created. By default, the userLifespanReports property is set to gdpr_compliance_user_activity.

Specify IP addresses

It is also possible to define filter criteria to include only data for specific client IP addresses in query results (based on audit data). You can use such filter criteria for report queries defined in Web Administration Service and for message filters in the Audit Viewer application. To achieve this, two filter conditions are available—is part of and is not part of—to test whether the client IP address (Audit:IP Address) is within a specific IP address range (specified by the query filter value using IPv4 CIDR notation).

Providing reports in a common, machine-readable format

Reports can be generated in XML, HTML, or PDF format. When defining a report, you can do one of the following:

  • Use the default XML or PDF templates.
  • Provide your own custom template definition.

You define templates when you create a report definition, and then select one from a list when you run the report. Each report definition can have more than one formatting template.

Initially, report data is always generated in XML format. A SQL query retrieves the data that is required for the report. The generation finalization process thereafter depends on the required output format:

  • XML and HTML. OneSpan Authentication Server supports XSLT transformation to produce desired reporting output. The result of the SQL query and the report type are then combined into an XML report. The XML report and the report format template are combined to produce the finished report in the required format (XML or HTML).

  • PDF. The XML data is run through a PDF generator to produce a basic PDF report. This is then combined with the template data (including header, footer, and logo), to provide a finished PDF with bookmarked headline sections. The PDF header, footer, and logo can be customized, or use the standard template.

    Only PDF reports can be generated in the background. As such, running a report with XML or HTML outputs will block the Administration Web Interface until the reporting task completes.

For more information about reporting, refer to the OneSpan Authentication Server Administrator Guide and the OneSpan Authentication Server Administrator Reference.