It may be necessary to make a resource available to different degrees in the case of different users. Examples of this are: (i) medical data containing personal information may need to be anonymised for one set of users, but not for (say) the patient’s own doctor(s); (ii) some parts of a thesis may be made available immediately, others only after a certain period has elapsed; (iii) a thesis may contain copyrighted material that cannot be made available, such as extracts of audio, sheet music or lyrics in a music thesis.
It may be required to hide datasets at different levels of granularity: hiding entire datasets, hiding rows, hiding columns. Some grid data management systems allow access control to be defined for individual rows, although this is harder for columns.
A number of project are looking at “marking up” data in some way to define what people can access: ASPiS and iREAD (investigating this in context of iRODS data grids); SPIDER (investigating creation of perimeters around certain subsets of data); AGAST (using RDF to define restrictions).
The metadata may also be subject to access control, both for humans and for machines, for example web crawler robots. EGEE projects such as AMGA can mark up metadata in this way . A special case of this is when even the knowledge that particular material exists is subject to restrictions, for example in the case of certain types of medical material. Consequently, access management needs to be applied to metadata as well as to the resources themselves, and must be taken into account when carrying out (federated) searches.