Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.

Slides:



Advertisements
Similar presentations
Grid Security Policy GridPP18, Glasgow David Kelsey 21sr March 2007.
Advertisements

Grid Security Policy David Kelsey (RAL) 1 July 2009 UK HEP SYSMAN Security workshop david.kelsey at stfc.ac.uk.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.
Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.
INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Security Policy Group Summary EGI TF David Kelsey 6/28/
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Security Policy Group EGI Technical Forum Sep 2010 David Kelsey.
EGI: SA1 Operations John Gordon EGEE09 Barcelona September 2009.
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
Security Update WLCG GDB CERN, 12 June 2013 David Kelsey STFC/RAL.
Deployment Issues David Kelsey GridPP13, Durham 5 Jul 2005
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
JSPG: User-level Accounting Data Policy David Kelsey, CCLRC/RAL, UK LCG GDB Meeting, Rome, 5 April 2006.
INFSO-RI Enabling Grids for E-sciencE EGEE/LCG Joint Security Policy Group David Kelsey, CCLRC/RAL, UK EGEE.
Responsibilities of ROC and CIC in EGEE infrastructure A.Kryukov, SINP MSU, CIC Manager Yu.Lazin, IHEP, ROC Manager
Security Policy Update LCG GDB Prague, 4 Apr 2007 David Kelsey CCLRC/RAL
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
9-Sep-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 9 September 2003 David Kelsey CCLRC/RAL, UK
UKI ROC/GridPP/EGEE Security Mingchao Ma Oxford 22 October 2008.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE-EGI Grid Operations Transition Maite.
Pilot Jobs John Gordon Management Board 23/10/2007.
LCG Pilot Jobs + glexec John Gordon, STFC-RAL GDB 7 November 2007.
15-Dec-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint Security Policy Group) CERN 15 December 2004 David Kelsey CCLRC/RAL,
9-Oct-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) FNAL 9 October 2003 David Kelsey CCLRC/RAL, UK
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
INFSO-RI Enabling Grids for E-sciencE EGEE SA1 in EGEE-II – Overview Ian Bird IT Department CERN, Switzerland EGEE.
EGEE-III-INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE-III All Activity Meeting Brussels,
Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGI Operations Tiziana Ferrari EGEE User.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) WLCG GDB, CERN 10 Jul 2013.
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
Additional Services: Security and IPv6 David Kelsey STFC-RAL.
EGI-InSPIRE RI EGI EGI-InSPIRE RI Service Operations Security Policy the new generalised site operations security policy.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI SPG future work EGI Technical Forum Lyon, 21 Sep 2011 David Kelsey, STFC/RAL.
EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.
EGEE is a project funded by the European Union under contract IST Roles & Responsibilities Ian Bird SA1 Manager Cork Meeting, April 2004.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE and JSPG activities David Kelsey CCLRC/RAL.
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
Security Policy Update WLCG GDB CERN, 8 Dec 2010 David Kelsey STFC/RAL david.kelsey AT stfc.ac.uk.
Planning for LCG Emergencies HEPiX, Fall 2005 SLAC, 13 October 2005 David Kelsey CCLRC/RAL, UK
Why a Commercial Provider should Join the Academic Cloud Federation David Blundell Managing Director 100 Percent IT Ltd Simple, Flexible, Reliable.
Grid Security Update David Kelsey (RAL) HEPiX, LBNL 28 Oct 2009.
INFSO-RI Enabling Grids for E-sciencE Joint Security Policy Group David Kelsey, CCLRC/RAL, UK 3 rd EGEE Project.
EGI-InSPIRE RI SPG Tasks for Year 2011 Jan 2011 Kelsey/Security Policy Group1.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Questionnaires to Cloud technology providers and sites Linda Cornwall, STFC,
Grid Deployment Technical Working Groups: Middleware selection AAA,security Resource scheduling Operations User Support GDB Grid Deployment Resource planning,
Grid Security Policy: EGEE to EGI David Kelsey (RAL) 16 Sep 2009 JSPG meeting, DFN Berlin david.kelsey at stfc.ac.uk.
PRACE security Jules Wolfrat, SURFsara, The Netherlands April 25, 2013, EGI CSIRT meeting, Linköping, Sweden 10 May Montpellier.
INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK
Cloud Security Session: Introduction 25 Sep 2014Cloud Security, Kelsey1 David Kelsey (STFC-RAL) EGI-Geant Symposium Amsterdam 25 Sep 2014.
Security Policy Update WLCG GDB CERN, 11 June 2008 David Kelsey STFC/RAL
SCI & Sirtfi David Kelsey (STFC-RAL) EGI Conference, Lisbon 19 May 2015.
Bob Jones EGEE Technical Director
David Kelsey CCLRC/RAL, UK
Open Science Grid Consortium Meeting
LCG Security Status and Issues
David Kelsey STFC-RAL 2nd WISE workshop, XSEDE16, Miami 18 July 2016
EGI Security Policy Update
Romain Wartel EGEE08 Conference, Istanbul, 23rd September 2008
Updated (VO) Community Security Policies
Update - Security Policies
David Kelsey (STFC-RAL)
Presentation transcript:

Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk

221 Sep 2009 Kelsey, Security Policy Overview EGEE/WLCG Joint Security Policy Group –Interoperable policies Overview of current JSPG policies New policy framework for EGI era EGI Security Policy Group –Proposed operation

321 Sep 2009 Kelsey, Security Policy Policy Interoperability Wherever possible, JSPG aims to –prepare simple and general policies –applicable to the primary stakeholders, but –also of use to other Grid infrastructures (NGI's etc) The adoption of common policies by multiple Grids eases the problems of interoperability (and scaling) Users, VOs and Sites all accept the same policies during their (single) registration (with Grid or VO) Other participants then know that their actions are already bound by the policies –No need for additional negotiation, registration or agreement

4 Overview of current JSPG Policies 21 Sep 2009 Kelsey, Security Policy

521 Sep 2009 Kelsey, Security Policy Security Policy Site & VO Policies Certification Authorities Traceability and Logging Security Incident Response Accounting Data Privacy Pilot Jobs and VO Portals Grid & VO AUPs JSPG Security Policies

621 Sep 2009 Kelsey, Security Policy Recent JSPG work Five recently approved and adopted policies Virtual Organisation Registration Security Policy Virtual Organisation Membership Management Policy Grid Policy on the Handling of User-Level Job Accounting Data VO Portal Policy Security Incident Response Policy

7 Ongoing revisions Site Registration Security Policy –Remove EGEE-specific procedures –Use same simple style as the VO Registration Security Policy Grid AUP –Some Grids use it but have modified our text –Some infrastructures do not have VOs –Revise to include these modifications 21 Sep 2009 Kelsey, Security Policy

8 From EGEE to EGI 21 Sep 2009 Kelsey, Security Policy

9 Problems with current Policies Many different documents –Overlaps and inconsistencies Includes operational issues as well as security-related issues Participants find it difficult to know which policy applies to them Many policies are rather EGEE-specific 21 Sep 2009 Kelsey, Security Policy

10 New policy framework for EGI A framework to enable interoperation of collaborating Grids –aimed at managing cross-Grid operational security risks Identify policy components to help trust building between Grids Not imposing a single policy for all –But Grids can use JSPG policies if they wish Present the current set of JSPG policies –Taking high-level view to identify those components which are necessary Other components are either too EGEE-specific or are operational rather than related to security – separate them Each Grid will have security policies consisting of the framework components and their own Grid-specific components 21 Sep 2009 Kelsey, Security Policy

11 Framework (2) Specifies the issues that need to be addressed in a Grid's security policy At this stage does not define minimum standards or requirements –Standards (may) come later Aimed at Grids preparing or revising security policies, not at end users, sites, application communities etc. As an aside... we found it very useful to have been through the whole JSPG "experience" to identify those issues which need to be addressed! 21 Sep 2009 Kelsey, Security Policy

Policy Framework: Participants 21 Sep 2009 Infrastructure Includes Grid Operations Security Officer Sec Operations Users Includes Grid users VOs Application Communities Providers Includes Grid Sites Resource Providers Service Providers, e.g. VO running services

Policy Components 21 Sep 2009 Infrastructure Includes Incident Response Vulnerability Handling Patching Data protection Registration etc Users Includes AUP Traceability VO Management Data protection Incident response Data protection Registration etc Providers Includes Traceability Incident Response Access control Registration etc

Policy Framework: Functions 21 Sep 2009 Incident Response Traceability Data Protection Registration Etc etc etc We have considered and deliberately excluded: IPR, liability, software licensing, copyright.

Security Policy Framework 21 Sep 2009 InfrastructureUsersProviders Incident Response Traceability Data Protection Policy Components (numbered) at matrix intersections etc etc etc

16 An example component: Security Incident Response Infrastructure (component #1) –Contact details to report incidents –Incident response procedure for Sites –Ensure they are quickly investigated –Collaborate with others Grids & NREN CSIRTs Users & Providers (component #2 and #3) –Must participate in Incident Response –Must keep audit logs 21 Sep 2009 Kelsey, Security Policy

17 Framework – Next steps During next few months –JSPG will finalise the draft framework –Ensure nothing is missing Then before end of EGEE-III –Create generic description of the policy components In EGI first year –Consult many more stakeholders and tune framework Beyond EGI year one –Work on minimum policy standards and common wording 21 Sep 2009 Kelsey, Security Policy

18 Security Policy Group SPG – initial plans (feedback very welcome!) –Development and maintenance of security policies –Advice on any security policy issue –Primary stakeholders: NGIs, Sites, Application communities and include other infrastructures for interoperation –Build on JSPG work 21 Sep 2009 Kelsey, Security Policy

19 EGI SPG(2) Membership: NGI reps, Sites, VOs, middleware, security ops Participate in EUGridPMA, IGTF, OGF, TERENA federations, Middleware etc policy discussions Small editorial team to prepare policies –Meet face to face Full consultation by (all stakeholders) Annual face to face meeting if possible Coordination with other security activities and informing everyone are both important 21 Sep 2009 Kelsey, Security Policy

2021 Sep 2009 Kelsey, Security Policy JSPG Meetings, Web etc Meetings - Agenda, presentations, minutes etc JSPG Web sites and Membership of the JSPG mail list is closed, BUT –Volunteers to work with us are always welcome! Policy documents at andhttp:// security/documents.html

2121 Sep 2009 Kelsey, Security Policy Where are JSPG security policies? security/documents.htmlhttp://proj-lcg-security.web.cern.ch/proj-lcg- security/documents.html

21 Sep 2009Kelsey, Security Policy Discussion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.