Information Technology Reference
In-Depth Information
attributes for access decisions specii c to VO-resources is another model.
As noted previously, VOMS has traditionally been used for access to and
usage of HPC resources using LCMAPS/LCAS and not specii cally for
i ne-grained security access to services. The JISC-funded Integrating
VOMS and PERMIS for Superior Grid Authorization (VPman) project [23]
is exploring these issues. Through enhancements to the grid standards
and implementation of technologies allowing for the pushing or pulling
of attributes needed for access to a range of grid services (including ser-
vices using the Globus/OMII middleware), a range of authorization sce-
narios have been demonstrated. These are described in detail in [24] along
with the advantages and disadvantages of centralized versus decentral-
ized security models. These scenarios show, for example, how VOMS
attributes can be passed (pushed) and used to enforce access control (by
PERMIS) on access to and usage grid services providing clinical data.
Other scenarios focus on showing how VOMS attributes can be pulled
and used to decide upon access control (by PERMIS) on access and usage
of restricted electronics applications.
12.5
The vision of the grid in seamlessly accessing and using a range of
resources is a compelling one, but one that depends on supporting tech-
nologies. Single sign-on to resources is one of the fundamental require-
ments to the realization of this vision. As noted, different domains will
have their own requirements and needs on how this is achieved and in
turn on the kinds of security infrastructures and associated policies that
need to be enforced. Arguably, the domain that places greatest emphasis
on security is the life sciences, especially when dealing with personal
clinical and genetic datasets.
In the post-genomic era, data are growing exponentially. Numerous pub-
lic genomic, proteomic, and metabolomic resources are arising for research-
ers interested in different organisms (humans rats, arabidopsis, etc.),
different diseases (cancer, diabetes, etc.), different biochemical and cell sig-
naling pathways, among numerous other areas. Linkage of individual
genetic data with clinical data, including, for example, a given patient or
family medical history, can be used to detect early onset of hereditary dis-
eases, to suggest to patients ways of decreasing the likelihood of certain
diseases arising, or even to treat patients in a personalized manner
where different drugs can be targeted—not just to demographic/pheno-
typic descriptions of people where, for example, a young male might be
given a different drug than an older grandmother for a similar disease, but
actually on the genetic differences of the individuals themselves.
Case Studies in User-Oriented Grid Security
Search WWH ::
Custom Search