Information Technology Reference
In-Depth Information
Trust between
domains A and B
Provider Trust Domain B
User Trust Domain A
Data stored
in Provider
Domain
Data stored at
user facilities
Data
Data
Platform/
System
Application
(Operation)
User Client/
System
Data
User
Provider
User Client
trusts provider's
System/Platform
Trust(worthiness)
Security
FIGURE 2.6
Security and trust in data services and infrastructure.
during their whole life cycle. Figure 2.6 illustrates the main actors and their
relations when processing data on a remote system. User or customer and
service provider are the two actors concerned with their own data and con-
tent security and each other's system/platform trustworthiness: The user
wants to be sure that his or her data are secure when processed or stored on
the remote system.
Figure  2.6 illustrates the complexity of trust and security relations even
in a simple use case of the direct user/provider interaction. In clouds, data
security and the trust model need to be extended to a distributed, multi-
domain, and multiprovider environment. In the general case of a multi-
provider and multitenant e-science cooperative environment, the e-SDI
security infrastructure should support on-demand created and dynamically
configured user groups and associations, potentially reusing existing expe-
rience in managing virtual organizations (VOs) and VO-based access control
in computer grids [47, 48].
Data-centric security models, when used in a generically distributed and
multiprovider e-SDI environment, will require policy binding to data and a
fine-grained data access policy that should allow flexible policy definition
based on the semantic data model. Based on our experience, the XACML
(eXtensible Access Control Mark-up Language) policy language can provide
a good basis for such functionality [49, 50]. However, support of the data life
cycle and related provenance information will require additional research
in policy definition and underlying trust management models.
2.7.2 General Requirements for a Federated
Access Control Infrastructure
To support both secure data processing and project based collaboration
of researchers, the future SDI should be supported by a corresponding
 
Search WWH ::




Custom Search