PAAS API

This project contains the API specification for PAAS, the PEP Authorisation API Service (or Pseudonymization as a Service). It specifies interaction between PAAS servers and PAAS clients.

PAAS forms a REST API around libpep for homomorphic pseudonymization. Using multiple PAAS transcryptors, it is possible to blindly convert encrypted pseudonyms, encrypted by clients, into different encrypted pseudonyms for different clients, in a distributed manner. As long as 1 transcryptor is not compromised, the pseudonymization is secure, meaning that nobody can link pseudonyms of different clients together.

Each transcryptor is able to enforce access control policies, such as only allowing pseudonymization for certain domains or contexts. This way, using PAAS, you can enforce central monitoring and control over unlinkable data processing in different domains or contexts.