Presentation is loading. Please wait.

Presentation is loading. Please wait.

Grid Security Policy GridPP18, Glasgow David Kelsey 21sr March 2007.

Published byAaron Ford Modified over 10 years ago

Similar presentations

Presentation on theme: "Grid Security Policy GridPP18, Glasgow David Kelsey 21sr March 2007."— Presentation transcript:

1 Grid Security Policy GridPP18, Glasgow David Kelsey D.P.Kelsey@rl.ac.uk 21sr March 2007

2 Kelsey, Security Policy 2 21-Mar-07 Joint Security Policy Group Joint initially was EGEE and LCG –Strong participation by USA Open Science Grid Now Joint = EGEE/OSG/WLCG/NDGF + … Strong links to other security groups –Middleware Security Group –Operational Security Coordination Team –Grid Security Vulnerability Group –EU Grid PMA/IGTF

3 Kelsey, Security Policy 3 21-Mar-07 JSPG membership Application representatives/VO managers Site Security Officers Site/Resource Managers/Security Contacts Security middleware experts/developers CERN Deployment team Now expanded to include other EU Grid projects Other EU Infrastructure projects (may) use our policies –BalticGrid, EELA, EUMedGrid, EUChinaGrid, …

4 Kelsey, Security Policy 4 21-Mar-07 Interoperable Policies Aim to allow applications (VOs) to easily use resources in multiple Grids The simplest approach –Common Policies User AUP Site AUP VO AUP –If not common then at least not conflicting! EU eInfrastructure Reflection Group (eIRG) –EGEE inputs policy for consideration

5 Kelsey, Security Policy 5 21-Mar-07 Grid Security Policy Site & VO Policies Certification Authorities Audit Requirements Incident Response User Registration & VO Management Application Development & Network Admin Guide Grid & VO AUPs

6 Kelsey, Security Policy 6 21-Mar-07 Grid Security Policy New, revised document –Replaces very old LCG Security and Availability Policy –Simpler and more general –Useful to multiple Grids, not LCG-specific https://edms.cern.ch/document/428008/4 V5.4 (December 06) – EGEE milestone MSA1.7 Current draft (V5.5) from last weeks JSPG meeting –Will be distributed for wider comment soon V5.4 already approved by OSG A major simplification will be tackled during 2007

7 Kelsey, Security Policy 7 21-Mar-07 Grid Site Operations Policy Has to be signed by Sites during registration EGEE-II milestone MSA1.3 –https://edms.cern.ch/document/819783https://edms.cern.ch/document/819783 Lots of useful feedback received –Including CERN legal department Close to final –V1.3 agreed at last weeks JSPG meeting Signing will await approval of new top-level policy document –Covering document per Grid also required

8 Kelsey, Security Policy 8 21-Mar-07 Issues for GridPP Security policy in new GridPP Tier 2 MoU Sites say they cannot accept policy that allows others to change this without their approval –Existing GridPP Tier 2 MoU handled this Took snapshot of EGEE policies –Change requires approval of Tier 2 Board But the Grid has to be able to change policies! For EGEE, policy approval process involves full consultation and feedback with Sites –But once approved new policy applies to all

9 Kelsey, Security Policy 9 21-Mar-07 Accounting & Monitoring Data Policy VOs/Grid Ops require access to user-level logs –EU directives and national laws on processing personal data and privacy apply here Dave Kant presented the approach for Accounting yesterday Draft policy document available soon –Will cover accounting and monitoring data Data classification agreed last week (JSPG)

10 Kelsey, Security Policy 10 21-Mar-07 Informed User consent Grid AUP says…(accepted during registration with VO) Logged information, including information provided by you for registration purposes, shall be used for administrative, operational, accounting, monitoring and security purposes only. This information may be disclosed to other organizations anywhere in the world for these purposes. Although efforts are made to maintain confidentiality, no guarantees are given So the User has given informed consent Together with a policy document on personal data management, should be enough to convince sites to allow access to the appropriate logs

11 Kelsey, Security Policy 11 21-Mar-07 Logged data classification Private –Contains sensitive personal data –Grid Operations does not create, store or handle such data Personal –Name, Institute, e-mail address, X.509 DN Non-public –To be kept confidential within site and/or VO Security considerations, confidentiality Public –World readable – no stipulations Grid needs to have policy for two in red –VOs and applications are responsible for their own data handling

12 Kelsey, Security Policy 12 21-Mar-07 EGEE security operations Operational Security Coordination Team –Romain Wartel (CERN) – Security Officer –Weekly operational rota –Security Service Challenges –New GridPP Security Officer Grid Security Vulnerability Group –Linda Cornwall (RAL) –Risk Assessment Team handles issues –Full responsible public disclosure now approved

13 Kelsey, Security Policy 13 21-Mar-07 IGTF International Grid Trust Federation –3 regional PMAs, including EU Grid PMA Number of classic CAs continues to grow –Africa now starting to join EU PMA New Authentication profiles –Short-Lived Cert Service (SLCS) SWITCH Shibboleth CA now approved –Member Integrated Cert Service (MICS) Close to agreement

14 Kelsey, Security Policy 14 21-Mar-07 JSPG future plans Approval of current draft documents New draft of Audit Policy VO Operations Policy –Signed by VO during registration Grid Service Operations Policy –Obligations of anyone running a Grid service, e.g. VObox In EGEE-III –Move towards EGI with national Grids –Scaling problems of one VO and many Grids –Work with NGIs, e.g. NGS and Grid Ireland

15 Kelsey, Security Policy 15 21-Mar-07 JSPG Meetings, Web etc Meetings - Agenda, presentations, minutes etc http://agenda.cern.ch/displayLevel.php?fid=68 JSPG Web site http://proj-lcg-security.web.cern.ch/ Policy documents at http://cern.ch/proj-lcg-security/documents.html

Download ppt "Grid Security Policy GridPP18, Glasgow David Kelsey 21sr March 2007."

Similar presentations

5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK

5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK
LCG/EGEE/OSG Security Incident Response Grid Operations workshop CERN, 2 November 2004 David Kelsey CCLRC/RAL, UK

LCG/EGEE/OSG Security Incident Response Grid Operations workshop CERN, 2 November 2004 David Kelsey CCLRC/RAL, UK
Grid Security Policy David Kelsey (RAL) 1 July 2009 UK HEP SYSMAN Security workshop david.kelsey at stfc.ac.uk.

Grid Security Policy David Kelsey (RAL) 1 July 2009 UK HEP SYSMAN Security workshop david.kelsey at stfc.ac.uk.
Last update 01/06/2014 03:23 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD Site Registration policy & procedures https://edms.cern.ch/document/503198/

Last update 01/06/ :23 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD Site Registration policy & procedures
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Security - the Grid View The Good, the Bad.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security - the Grid View The Good, the Bad.
Grid Security Users, VOs, Sites OSG Collaboration Meeting University of Washington Bob Cowles August 23, 2006 Work supported.

Grid Security Users, VOs, Sites OSG Collaboration Meeting University of Washington Bob Cowles August 23, 2006 Work supported.
Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.

Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.
INFSO-RI-508833 Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK

INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI Security Policy Group Summary EGI TF David Kelsey 6/28/2015 1.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Security Policy Group Summary EGI TF David Kelsey 6/28/
Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.

Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.

Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI Security Policy Group EGI Technical Forum Sep 2010 David Kelsey.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Security Policy Group EGI Technical Forum Sep 2010 David Kelsey.
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
EGEE ARM-2 – 5 Oct 2004 - 1 LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.

EGEE ARM-2 – 5 Oct LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.
GGF12 – 20 Sept 2004 - 1 LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.

GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Deployment Issues David Kelsey GridPP13, Durham 5 Jul 2005

Deployment Issues David Kelsey GridPP13, Durham 5 Jul 2005
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
JSPG: User-level Accounting Data Policy David Kelsey, CCLRC/RAL, UK LCG GDB Meeting, Rome, 5 April 2006.

JSPG: User-level Accounting Data Policy David Kelsey, CCLRC/RAL, UK LCG GDB Meeting, Rome, 5 April 2006.

Similar presentations

Ads by Google