Information Technology Reference
In-Depth Information
Figure 4. Example XACML Grid job policy to allow code optimization
INTEGRATION OF THE SECURITY
FRAMEWORK'S PRIVACY
MANAGEMENT COMPONENTS ON
THE SERVICE PROVIDER SIDE
Such a policy must be complemented by
other policies for restricting the selection of suit-
able SPs and excluding other usage purposes in
practice, which usually is a home site administra-
tor task to be performed for all local users as a
whole. Whether only few but complex, or many
simple policies are used, depends on the manage-
ment user interface; in real-world application,
intuitive usability and the re-use of modular
policies have so far proven to be of higher relevance
than performance issues: Given the overall low
number of policies and the average run-time of
Grid jobs, evaluating the described policies does
not cause any latency which the user would notice,
and thus performance optimizations are cur-
rently not a priority, because more than sufficient
scalability is already achieved.
While the integration of privacy management
components into the user's home site is straight-
forward, especially if an privacy-enhancing
identity management system is already in use, the
adaptation of Grid SPs is a challenging task. It also
must be kept in mind that especially in scientific
Grids, such as the European DEISA consortium
(Niederberger & Alessandrini, 2004), often all
involved organizations are both, home site and SP.
The use of FIM protocols, which are also typi-
cally being used for other aspects of user man-
agement, e.g., authentication and authorization,
ensures that personal and Grid job data is only
distributed to Grid SPs that are suitable from the
privacy management perspective. Thus, privacy
management on the SP side primarily pursues
three goals:
Search WWH ::




Custom Search