In modern networked computer systems, computing resources may be allocated dynamically based on business needs. The physical location of the resources can vary widely, and data is not necessarily stored on local data storage.
In such networked computer systems confidential computer information can be transferred widely. However, it is important to ensure that confidential information can only be accessed by suitable users, which may be determined geographically, by business function, or in many other ways.
Thus, some form of privacy management may be required.
However, as networked computer systems are increasingly based on dynamic processing assumptions privacy management based on static assumptions will no longer be adequate.
For example, EP 1 220 510 describes context aware computing. Devices and methods are provided that are context aware, in an example location aware, so that policies are evaluated as a function of context. EP 1 220 510 is particularly concerned with a way of encoding locations in a uniform way.
US 2003/0163431 describes a secure computing system for enforcing a secure handling and control chain.
Resource protection in distributed system is addressed in U.S. Pat. No. 6,658,573. The system use name resolution reducing direct access to a resource and controls the name resolution process for indirect access to a resource. An interception manager can prevent the resolution of some symbolic names in appropriate cases.
However, this approach only addresses the question of accessing resources not selecting resources to carry out tasks on a system with distributed processing and storage capacity and validating that those resources are authorised to carry out that processing.