EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Coordination Group Linda Cornwall CCLRC (RAL) FP6 Security workshop at NEC, Sankt Augustin, Germany, 8-9 th June 2006

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, SCG mandate The Security Coordination Group (SCG) is responsible for ensuring the overall EGEE security coordination, including -architecture, -operations, -deployment, -standardisation and -cross-project collaboration. The goal is to ensure the relationship between the various security related work items inside EGEE do not -adversely overlap (leading to duplication of effort) or -leave gaps that could be exploited.

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, SCG involved groups EUGridPMA Joint Security Policy Group MiddleWare Security Group Policies Architecture gLite Security Trust anchor IGTF chair Grid Security Vulnerability Group Operational Security Coordination Team Operations

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, Members of SCG Ake Edlund  Security Head EGEE, Chair SCG Dave Kelsey  Chair Joint Security Policy Group (JSPG)  Security Head EGEE deputy Olle Mulmo  Chair Middleware Security Group (MWSG) David Groep  Chair EUGridPMA liaison (EUGridPMA) Linda Cornwall  Chair Grid Vulnerability Security Group (GSVG) Ian Neilson  Chair Security Operations Coordination Team (OSCT)

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, MWSG The MiddleWare Security Group Main Objective –Co-ordinate the evolving and deployed security architectures with other grid initiatives and standardization efforts Chairs –Ake Edlund (EGEE) –Bob Cowles (Open Science Grid) OSG Members –Core security representatives from EGEE, OSG, Fermilab (USA) and Stanford Linear Accelerator (USA) –Representatives from the Applications/Development Clusters in EGEE –Representatives from DILIGENT, SEEGRID and GRIDCC, DEISA, NAREGI, UINICORE

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, MWSG output so far Middleware security issues and release plans in EGEE –Security Architecture –gLite (EGEE software) Security Module work and release planning Main forum for integration of security into other gLite Middleware EGEE and OSG interoperability EGEE/OSG/Naregi Meeting Interoperability work in GGF

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, Ongoing and future work OSG, EGEE collaboration –GSI (Grid Security Infrastructure) /SSL Authentication –Authorization Attributes –Delegation –Proxy renewal –Authorization Policy statements –What is needed for auditing –What is needed for Accounting Service Specification –All service interfaces should have written specifications  Internal to service – documented with service  Internal to project – documented with project  Grid interoperation - GGF

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, MWSG meetings so far MWSG1, May 5-6 ‘04, Gap Analysis - “MWSG kick-off” MWSG2, June ‘04, gLite Release Plan MWSG3, Aug 25 ‘04, Security Architecture v1.0 MWSG4, Oct 15 ‘04, gLite development focus MWSG5, Feb ‘05, Workplan update MWSG at 3rd EGEE, EGEE/OSG/Naregi meeting MWSG6, Sept ‘05, OSG and EGEE formalizing the collaboration on security MWSG at 4th EGEE, April ‘05 MWSG7, Dec ‘05, New members, UNICORE presentation, Shib in EGEE MWSG8, March 7-8 ‘06, GSVG, glexec on WN, VO naming, TONIC MWSG9 at SLAC, June 5-6 ‘06, 1st OSG held MWSG meeting Meetings are a mix of presentations, updates of current status, technical discussions aiming at solving security issues and to produce decisions regarding the evolving security architecture. All presentations available from

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, Joint Security Policy Group The Joint Security Policy Group Creates/maintains security policy and procedures –For use in EGEE, Large Hadron Collider Grid (LCG) and elsewhere Strong participation by USA Open Science Grid Growing participation by other EU Grid projects –DEISA, Diligent, SEE-Grid, … –BalticGrid, EELA, EUMedGrid, EUChinaGrid Aim for short, simple, interoperable policy documents Membership includes –Site Security Officers –Site/Resource Managers/Security Contact –Security middleware experts/developer –Deployment experts –Application representatives/VO managers

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, EGEE/LCG Policy Security & Availability Policy Grid Acceptable Use Policy Certification Authorities Audit Requirements Incident Response User Registration & VO Management Application Development & Network Admin Guide picture from Ian Neilson VO Acceptable Use Policy

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, JSPG Meetings, Web etc Meetings - Agenda, presentations, minutes etc JSPG Web site Policy documents at All policy documents are currently being revised –To make simpler, more general and interoperable

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, EUGridPMA This is the EU Grid Policy Management Authority The International organisation to co-ordinate the trust fabric for e-Science Grid Authentication in Europe

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, Current SCG activity -In parallel with the overall SCG work, the SCG is to coordinate a new security auditing activity This activity will monitor both operations and middleware for security issues and report periodically on status and progress of the issues identified -The security audit will coordinate with the work done by the Grid Security Vulnerability Group -In addtion to the ongoing collaborations (see table below) we have industrial partners installing gLite internally, applying internal security audits reporting back to EGEE. E.g. CNAF (French Space Agency). -Current status: agreed plan due end on June; ongoing discussions with partners ActivityPartner Security audits, tools, policy documents review BARC - India Ethical hacking auditsPriceWaterhouseCoopers - Switzerland Additional input on middleware security, policy and organization Non-EGEE members in the joint security groups (MWSG, JSPG - mainly OSG input) Security Service Challenges testing the ability to operationally respond to incidents EGEE: Pal Anderssen (SA1) is coordinating the Security Service Challenges

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, Links and events SCG related links –SCG web page: –SCG and MWSG meetings: –JSPG: –EGEE web page: –gLite web page: SCG related events in June 2006 –9th MWSG meeting, June 5-6, SLAC, USA –EGEE Workshop on Management of Rights in Production Grids at HPDC-15, June 19, Paris, France –SCG meeting on Security Auditing coordination, June