This CLARUS proxy main process can also handle inter-proxy communication. In this context, we consider that communication between 2 proxies is secured by using for instance a VPN connection. Two cases are to be handled:

  • The proxy is deployed between the client application and a remote proxy. In this case, this proxy will relay/forward the communication without any modification. Indeed, all the obfuscation / de-obfuscation task in delegated to the remote proxy that owns the data.
  • The proxy is deployed between a first proxy and the CSP. In this case, the first proxy will be considered as the client application of the main proxy that will treat the first proxy as a technical user.


The data owning CLARUS proxy – in this case, CLARUS Proxy 2 – manages the data access for all external CLARUS proxies in the Inter-proxy communication module. For each external CLARUS proxy a key is used to encrypt the requested data with, so that the external proxy can decrypt the data. The policy management defines the access levels for external CLARUS proxies analogue to the intra-proxy policies. The Inter-proxy communication module creates access policies for external CLARUS proxies and stores them in the Access Policy DB.

The first Proxy 1 forwards the user requests to the Proxy 2 by changing the identity of the user to a technical user and forwards later the answer of Proxy 2 to the user like a classical proxy. Notice that the proxy 1 has a security policy that does not protect any confidential data. All the protection mechanism is supported by Proxy 2.

Notice that the communication between the two proxies is done through a secure channel such as VPN so that this communication also satisfies all requirements for secure communication. The proxy 1 is running with an “empty” security policy where all the data to be protected is empty (i.e. tag <data/>).