Information Technology Reference
In-Depth Information
may be accessed. Because many scheduling sys-
tems are proprietary or not available as open
source, usually simple wrapping mechanisms have
to be implemented; they can also be used to trig-
ger obligation handling actions after the execution
of a Grid job. To this extent, it is important to
distinguish between the successful execution of
a Grid job and errors (e.g., machine or job crash).
The same mechanism can be used to extend the
available components with site-specific addi-
tional workflows.
For the fulfillment of Grid-specific obliga-
tions, additional functionality is required within
the local obligation monitor (OM). So far, the
OMs in place have mostly been used to purge
outdated user records from relational database
management systems or enterprise directories,
and to send emails to users or administrators to
notify them about the status of their obligations.
With privacy relevant data no longer stored only
in databases and enterprise directories, additional
workflow mechanisms are required to delete
Grid job components from the involved compute
platforms, including local as well as global or
Grid-wide file systems. As this obligation handling
typically requires site-specific implementation
efforts, it is a good starting point to accept Grid
jobs only without obligations first, and then add
obligation support later on.
While the overall framework clearly has a
preventive character, i.e., privacy policy violations
shall be averted before they actually happen, there
is also a demand for detecting irregularities and
appropriately reacting to them. However, granting
the users reliable insight into how their data has
been used by the SP as a first step is still challeng-
ing: Grid users presently typically have terminal
access via GridSSH or can manage their job files
through Grid web portals. Both ways provide a
suitable feedback channel, which can be used to
make, for example, SP log file excerpts available
to the user. However, there still is no guarantee
that the logged information is sound and complete.
The complexity to technically ensure that all data
access is being logged and to prevent even admin-
istrators from tampering with the logs is incom-
parably higher than for single-SP services. Thus,
until secure and trusted operating systems are
used for Grid resources, the user's informational
self-determination can already be supported, but
the guaranteed enforcement of privacy policies
cannot be verified in an absolute objective manner.
Besides such information requests performed by
the users themselves, there also must be an internal
auditing and reporting process that checks the SP
infrastructure for privacy policy violations on a
regular basis in a pro-active manner. This process
can often be supported and automated to a large
degree with the available PMS, logfile correlation
engines, or security information and event manage-
ment systems. Reports should include, e.g., the
number of successfully fulfilled privacy policies,
detected policy conflicts, unfulfilled obligations,
etc. The resulting figures are important feedback
for different enterprise roles, such as privacy
officers, policy writers, and service administra-
tors. In general, selected events, such as policy
violations, should also be used to trigger real-time
alerting mechanisms. Policy violations and other
undesired behavior should also be considered to
serve as key performance indicators (KPIs) and,
e.g., their maximum number per reporting period
may become a service level parameter in contracts
between home sites and SPs. They also should be
used as a basis to identify and plan further security
and privacy measures as a part of a continuous
improvement process.
Given the number of additional components
required at both the home sites and the SPs, suitable
measures for ensuring the infrastructure availabil-
ity and reliability must be taken. Because standard
components are used on both sides, integration
into existing monitoring systems is a tedious, but
straight-forward task. For a better overview of the
Grid-wide status, Grid Information Systems based
monitoring solutions can be adopted as suggested
by (Baur et al., 2009).
Search WWH ::
Custom Search