Information Technology Reference
In-Depth Information
furthermore, trainings or introductory
courses should be provided.
2. The user's home site (IDP) has privacy
policies in place which typically provide
default settings for all of its users. These
defaults must be crafted carefully and are
primarily intended to protect the privacy
of the lesser privacy concerned users (see
Berendt, Günther, and Spiekermann (2005)
for an analysis of privacy-related user clas-
sifications). In general, these policies can
be re-used for several Grid projects, VO
memberships, and other external services.
3. Also each SP has its own privacy policies,
which are not necessarily Grid-specific. For
example, many academic supercomputing
centers restrict access to their computing
resources to users from selected countries.
Thus, they can offer their service only to
users whose nationality is revealed. If a
user is unwilling to share her nationality,
she will not be allowed to use the service.
Similar to the home site policies, these SP
policies can be re-used for external users
from different Grid projects, VOs, or other
inter-organizational collaborations.
4. Grid projects and VOs may have privacy
policies which must be honored by all par-
ticipating organizations and applied to all
users (Schiffers et al., 2007), i.e., the imple-
mentation and management is delegated to
the organizations participating in the project
or VO.
release. In practice, sufficiently disjoint policies
are ensured only on the same layer, usually by
user-friendly management front-ends; thus, for
example, administrators on the SP side are forced
to formulate consistent SP policies. However,
conflict resolution across the layers is often subject
to a scenario-specific configuration, i.e., it can-
not be defined in general whether, for example,
user-specified policies override VO-wide policies
or vice versa. Once such priorities have been
defined, however, policy conflict resolution can
be automated using PDP engines.
As discussed above, we must distinguish be-
tween privacy policies for PII and for Grid jobs
on the user layer:
•
The user's personal privacy preferences
will usually stay the same over a certain
period of time and are independent of the
submitted Grid jobs to a certain (usually
high) degree.
•
While it must be possible to configure pri-
vacy policies for individual Grid jobs, there
often is the situation that multiple Grid jobs
belong to the same research project or are
otherwise closely related. Thus, to reduce
the management overhead, privacy poli-
cies must be applicable to groups of Grid
jobs, which may arbitrarily be submitted
sequentially or in parallel. Furthermore,
if multiple Grid users are involved in the
same research project, an additional Grid
project policy layer contributes to simpli-
fying the sharing of policies among all us-
ers submitting related Grid jobs.
In most approaches and implementations, the
number of layers may vary with scenario-specific
requirements, such as additional service-specific
policies on top of SP-wide policies. There can be
multiple policies in each layer, and it needs to be
determined for each individual data request which
policies are relevant. There may be conflicting
policies, e.g., if an SP's privacy policy requires
a user attribute such as the nationality when the
user's personal privacy preference prohibits its
However, the inter-organizational sharing of
policies adds yet another layer of complexity and
thus can often only be realized in later project
stages. Enabling users to specify their privacy
preferences locally at their home site usually is a
good starting point.
Figure 3 shows the resulting modular privacy
management architecture for the user's Grid
Search WWH ::
Custom Search