JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009

31 Mar 09Kelsey, MWSG Zurich2 JSPG Joint Security Policy Group Prepares and maintains security policy –For EGEE –For WLCG Policies approved and adopted by Grid management Aim for general common policies useable by many Grids (OSG, NDGF, DEISA, Other EU Grids,…) –OSG has played key role here, e.g. Grid AUP Tackle scaling problems of large numbers of sites, and large number of VOs –Single policy applies to VO (at ALL sites)

Aims of Policy Written documents agreed to by all participants (in some cases “signed”) –Users, VOs, Sites, Operations, Security,… This policy gives authority for actions which may be carried out by certain individuals and bodies and places responsibilities on all participants. 31 Mar 09Kelsey, MWSG Zurich3

Interoperability User registers (once) with his/her VO –Must accept Grid AUP Sites willing to delegate registration to VO knowing that VO procedures must follow same VO policy –And that User will have accepted AUP Aim for simple, general and interoperable policies of use to many Grids Common policies –To allow VOs to easily use resources in multiple Grids as move to EGI, for example 31 Mar 09Kelsey, MWSG Zurich4

Security Policy Site & VO Policies Certification Authorities Traceability and Logging Security Incident Response Accounting Data Privacy Pilot Jobs and VO Portals Grid & VO AUPs 5Kelsey JSPG

2008 approved policies 4 approved policies –EGEE TMB meetings in Aug/Sep 2008 Approval of Certification Authorities Traceability and Logging VO Operations Multi User Pilot Jobs 6Kelsey JSPG

Current work 31 Mar 09Kelsey, MWSG Zurich7

Two draft VO Policies Virtual Organisation Registration Security Policy –Version 2.3, 22 Jan 2009 Virtual Organisation Membership Management Policy –Version 3.4, 22 Jan 2009 Clear responsibilities on VO managers –Sites delegate user registration to the VOs procedures must be of appropriate quality –E.g. VO managers must assist in incident response. 11 Mar 2009JSPG - D Kelsey8

User Level Job Accounting Grid Policy on the Handling of User-Level Job Accounting Data (Draft Policy) V0.7, 23 Jan Level_Job_Accounting_Data This document presents the minimum requirements and policy framework for the handling of user-level accounting data created, stored, transmitted, processed and analysed as a result of the execution of jobs on the Grid. 11 Mar 2009JSPG - D Kelsey9

VO Portal Policy New (draft) policy document –Based on Dutch BiG Grid policy –Ideas from the EGEE working group on portals V3.0, 23 Jan Mar 2009JSPG - D Kelsey10

Portals Policy applies to all Portals operated by Virtual Organisations that participate in the Grid infrastructure Defines 4 classes of web portals and 4 classes of User Some general policy plus class dependent statements Addresses private key protection and requires use of Robot certificates in some cases Robot: a software agent performing automatic functions on behalf of real person Robot certificate: Issued to a Robot with private key generated and stored on a secure hardware token (at least FIPS 140-1/2 level 2) 11 Mar 2009JSPG - D Kelsey11

Portal users Four classes of portal users: Anonymous –No unique credentials provided Pseudonymous –Human providing authenticated but non-identifying information to the Portal Identified –Authenticated personal information but not compatible or equivalent to Grid AuthN Strongly Identified –Portal can authenticate to Grid resources with valid Grid credentials belonging to the user 11 Mar 2009JSPG - D Kelsey12

Portal Classes 11 Mar 2009JSPG - D Kelsey13 Portal ClassExecutableParametersInput Simple one click Provided by portal ParameterProvided by portal Choose from limited set Choose from repository vetted by portal Data processing Provided by portal Choose from limited set Provided by user Job management Provided by user

Portal – General policy All portals must comply with VO Operations Policy VO, Portal and Portal manager all held responsible and accountable –Except where user is Strongly Indentified Must –Keep audit logs –Manager/operators must assist in incident response –Be capable of rate limiting job submissions Private keys (proxy or otherwise) –Must not be transferred across network (even if encrypted) –Must not store private keys on behalf of users if these can be used for Grid AuthN after > 1M seconds Data can only be stored in locations agreed between Portal and Resources and only as long as user is associated with portal If user Grid credential used then data may be stored anywhere user has permission 11 Mar 2009JSPG - D Kelsey14

Class specific portal policy See document The more tightly controlled the executable, input and parameters –The fewer requirements there are on quality of user identity management 31 Mar 09Kelsey, MWSG Zurich15

11 Mar 2009JSPG - D Kelsey16 Future JSPG plans Next face to face JSPG meeting is 14/15 May 2009 at CERN Complete Accounting and VO portals policies Revise the Grid User AUP –Some Grids use but have modified our text –Explore why and standardise where possible DEISA, TeraGrid, Australia, EU infrastructures, national Grids, … Revise security incident response policy Revise whole policy set (yet) again in next 12 months –More simple, general and consistent –More applicable to EGI world –Broaden the membership – include more NGIs and other Grids

11 Mar 2009JSPG - D Kelsey17 JSPG Meetings, Web etc Meetings - Agenda, presentations, minutes etc JSPG Web sites and Membership of the JSPG mail list is closed, BUT –Volunteers to work with us are always welcome! Policy documents at andhttp:// security/documents.html