Information Technology Reference
In-Depth Information
ARCHITECTURE OF A POLICY-
BASED SECURITY FRAMEWORK
FOR PRIVACY-ENHANCING
DATA ACCESS AND USAGE
CONTROL IN GRIDS
Because the use of Grid middleware does
not depend on the existence of an appropriate
inter-organizational contractual framework, it is
impossible to fully automate all privacy relevant
decisions on the technical level. If the organiza-
tions involved in a Grid project decide to form
a VO that becomes a legal entity, managing
privacy preferences can be greatly simplified
by treating the resulting Grid environment like
a single organization. However, the technical
approaches discussed in the previous section do
not fully support the concept of VOs; a solution
is discussed below.
Unless privacy-related contractual agreements
can be arranged for all organizations participating
in a Grid project, such as in VO scenarios, the vi-
sion of a Grid middleware offering total location
transparency to the user is actually contradictory to
the privacy management goal that users get to know
exactly by whom their data is being processed.
Thus, the traditional approach that users can define
privacy preferences on a per-organization basis
must be complemented by means to define what
we call property-based privacy policies (PBPP).
As an example, certain PII such as the user's
email address should only be distributed to SPs
which guarantee to only use it for contacting the
users in case of technical problems, but not for
other purposes such as sending marketing emails.
Hence, this allows modeling the situation that it
would not matter to the user which SP will actu-
ally execute the Grid job, as long as it is assured
that all of the user's privacy preferences are met.
In this regard, PBPPs can be seen as a contribu-
tion for attribute-based access control applied to
organizations (cp. (Kuhn, Coyne, & Weil, 2010)).
We will discuss how previously established
policy-based privacy management approaches
need to be extended and enhanced to fulfill these
new requirements in the next section.
The primary motivation for using a policy-based
privacy management approach in Grids is to
leverage existing identity and privacy manage-
ment infrastructure components, which in turn
is motivated by the goal to reduce the IT service
management overhead and costs of solutions
specific to the Grid domain. The basic suitabil-
ity and applicability of policy-based approaches
for privacy and data protection management has
been pointed out by the previous work referred
to above and is not discussed here, because the
discussed Grid-specific requirements are by no
means fundamental challenges to the policy-based
management paradigm.
In this section, we motivate how policy-based
privacy management can be used in Grids and
demonstrate how the existing approaches can be
extended and enhanced to fulfill the discussed
Grid-specific requirements in a general manner,
with the overall goal of protecting privacy relevant
data from being misused by the SPs. The concrete
application of this methodology to a selected
privacy management architecture is discussed
afterwards. As a first step, we need to consider
that for any transmission of sensitive data, more
than one policy may be relevant; in practice, there
typically are four layers of policies:
1. Users can specify their personal privacy
preferences, i.e., the conditions and obliga-
tions under which they are willing to share
their data with an SP. This is also an effective
way to delegate the management of dynamic
policies to the users in order to reduce the
overhead for home site and SP administra-
tors. However, it also requires adequate,
user-friendly management front-ends for
policy creation, testing, and maintenance;
Search WWH ::
Custom Search