Information Technology Reference
In-Depth Information
INTRODUCTION
is trying to access the data; formally specifying
such policies requires extensive modeling of the
involved roles, the acceptable purposes, and the
available PII itself.
In inter-organizational service usage scenarios,
such as Grid computing, privacy protection be-
comes an even more complicated issue, because
multiple organizations - typically also located in
different countries - are involved and SPs need
to retrieve the required user data from the user's
home organization in an automated manner.
Instead of a single organization's privacy
policy, multiple heterogeneous demands must now
be fulfilled regarding PII handling. For example,
there usually will be Grid-wide privacy policies,
such as those specified by a virtual organization
(VO); they must often be adequately combined
with SP-specific or user home organization spe-
cific policies, as well as policies eventually speci-
fied by the users themselves. Combining policies
requires the handling of conflicting policy parts
in a transparent manner.
In general, privacy management - intention-
ally with a strong focus on the user - becomes a
two-tiered process: First, users must decide which
of their data may be submitted to an SP at all, and
second they must be able to monitor and control
how their data is being used later on.
In the research areas of privacy enhancing
technologies (PET) and federated identity manage-
ment (FIM), various solutions to these issues have
been suggested, with many of them already being
used in production environments by commercial
as well as academic SPs; a short overview will
be given in the next section.
However, these solutions were originally
not suitable for certain characteristics of Grid
environments, such as the concept of VOs, and
cover only the PII of the users themselves; thus,
they neglect sensitive data submitted along with
Grid jobs, such as medical records used as input
data for those programs. In this article, we first
discuss these differences of Grid environments and
Using compute and storage services starts with
selecting an appropriate IT service provider (SP).
Within their terms of use and privacy statements,
SPs define which information about a customer
(and, if the customer is an organization, its users)
they require in order to provide the selected ser-
vice. It also must be specified for which purposes
the collected data will be used, and how long it
will be retained. Typically, customer and user
information is required for accounting and billing
purposes as well as for service personalization.
Generally, it thus includes personally identifiable
information (PII), i.e., data that can be used to
uniquely identify a single person.
In order to prevent any misuse of such sensitive
data, e.g., selling email addresses to marketing
agencies, legislative regulations exist; they restrict
how PII may be used on an organizational level
and must be mapped to technical solutions, which
often have been neglected in the past, resulting
in potential vulnerabilities. Although privacy and
data protection laws differ between countries and
dedicated regulations exist for industrial sectors
such as finance and healthcare, one classic and
common principle is that data must only be used
for purposes which the user has been informed
about and agreed to.
As intra-organizational solutions so-called
privacy management systems have successfully
been implemented and deployed over the past
few years. They are tightly coupled with the IT
services used by the customers as well as with
other management systems, such as billing and
invoice management tools. Whenever a user's or
customer's data is about to be accessed, rule sets
are evaluated to determine whether the current
access attempt is in accordance with the privacy
policy the user has agreed to. Basically, such sys-
tems can be viewed as an extension of traditional
access management systems in order to enforce the
purpose limitation principle: They also take into
consideration
for which specific purpose
someone
Search WWH ::
Custom Search