Information Technology Reference
In-Depth Information
The user controls job submission via some job
description, e.g., using a Job Submission Descrip-
tion Language (JSDL), which describes the bi-
nary to execute on the compute element and input
files. In addition, the job description can specify
a specific cluster, or resource requirements, to be
matched with available Grid resources prior to
scheduling. Running jobs can access files that the
job's owner is authorized to access. In some
cases, the Grid middleware pre-fetches required
input files using the job's credentials prior to job
execution.
Figure 1 also shows a File Catalog that pro-
vides a mapping between Grid 'logical file names'
and the underlying physical files, which may be
replicated on different storage systems on the
Grid. Additionally, an SRB may also maintain
a metadata service (not shown). Since metadata
and file names may contain privacy sensitive
information, both services should be managed
by a trusted domain.
a minimality principle exists, which states that
only the minimum information for the required
purpose may be collected. Furthermore, there has
to be transparency of personal data processing
and collection, implying that the data subject is
informed of data collection (opt-in or opt-out)
and that the data subject has a right to access the
information. Finally, the regulations require that
information is accurate, which implies that the
information must be kept up-to-date.
Two Dutch laws (WGBO, 1994; WMO, 1998)
formalize what may be done with data collected
from a patient in the course of treatment. In general,
usage of patient information outside the scope of
the patient's treatment is not allowed, unless there
is considerable public interest or similar neces-
sity to do so. Medical scientific research is often
considered such an exception (Herveg, 2006).
If a patient explicitly consents with usage of
his data for medical research, that data is purpose-
bound to a specific medical research activity. The
data may not be disclosed beyond this activity. The
physician or medical researcher who determines
the purpose and means of processing is legally
responsible for ensuring an appropriate level of
security to protect data.
The restrictions described above only apply to
personal data. In some situations, the data can be
de-personalized to circumvent these restrictions,
e.g., as done in (Kalra et al., 2005; Montagnat
et al., 2007; Erberich et al., 2007). However,
complete de-identification is hard to get right,
and re-identification is often possible (Sweeney,
2002; Malin, 2002). For this reason, de-identified
information should be considered confidential,
and appropriate distribution and access control
mechanisms are required.
LEGAL REQUIREMENTS
The European Union (EU) has produced legisla-
tion on handling personal information and privacy
(EC, 1995). This section focusses on EU and
selected Dutch regulations. Countries outside the
EU have adopted or are adopting legal measures
to allow exchange of personal data with the EU
countries (e.g., U.S. Safe Harbor Framework).
For more information about other countries see
(Fischer-Huebner, 2001; EC; Herveg, 2006; U.S.
Congress, 1996).
EU regulations can be seen as leading guide-
lines for handling personal data (Fischer-Huebner,
2001). The data protection regulations can be
summarized as follows. First, there must be a ne-
cessity for data collection and processing. Related
to that, for each data collection, there has to be
a clear purpose binding which specifies what is
done with the information. Usage of data beyond
this specified purpose is not allowed. In addition,
BASIC GRID SECURITY
INFRASTRUCTURE
The Grid Security Infrastructure (GSI) (Foster,
Kesselman, Tsudik and Tuecke, 1998) is the de-
Search WWH ::
Custom Search