Security Policy Update WLCG GDB CERN, 8 Dec 2010 David Kelsey STFC/RAL david.kelsey AT stfc.ac.uk

Overview Security Policy work in EGI WLCG Security meeting at FNAL (8 Nov 2010) 8 Dec 20102Sec Policy - D Kelsey

EGI SPG Terms of Reference See... SPG Purpose and Responsibilities Develop and maintain Security Policy –For use by EGI and NGIs –Defines expected behaviour of NGIs, Sites, Users and others –To facilitate the operation of a secure and trustworthy DCI 8 Dec 20103Sec Policy - D Kelsey

Terms of Ref (2) Where possible SPG should prepare simple and general policies –Of use to other Grids and DCIs (global) –Adoption of common policies eases interoperability SPG does not formally approve policy –EGI.eu Executive Board –And management bodies of NGIs 8 Dec 20104Sec Policy - D Kelsey

Terms of Ref (3) SPG Membership Each NGI and EIRO member of EGI.eu is entitled to appoint one voting member In addition, SPG should aim to include expertise in its deliberations from other stakeholders –Site security officers, Site sys admins, operations experts, middleware experts, VRCs, other DCIs... –These are determined by Chair in consultation with EGI management 8 Dec 20105Sec Policy - D Kelsey

ToR (4) SPG Meetings As often as the work requires At least twice per year –Once during Technical Forum Face to face or phone/video –Face to face at least once per year To define future plans and discuss policy Editorial sub-groups created as required to work on policy documents –Leader of this to decide how this meets 8 Dec 20106Sec Policy - D Kelsey

SPG Procedures To produce a new/revised policy (EGI-InSPIRE MS209) Tasks: –Write internal draft (editorial team) –Discuss within SPG –Prepared updated external draft –Consult stakeholders –Prepare updated final call draft –SPG agrees version for approval –Policy approval 8 Dec 20107Sec Policy - D Kelsey

Consultation Important to consult widely and take all feedback into account SPG will distribute external draft for comment to: –SPG itself (members to distribute on) –EGI-CSIRT –VRC contacts –NGI contacts (NGI distributes to Sites) Or should we distibute to all Security Contacts –All EGI Boards 8 Dec 20108Sec Policy - D Kelsey

WLCG Security Meeting FNAL 8 Nov 2010 OSG and EGI Agenda –Update to Grid AUP –JSPG evolution in the post-EGEE era –New security policy framework - standards for collaborating Grids, e.g. OSG, TeraGrid and EGI –Security Incident Response standards in the new framework. 8 Dec 2010Sec Policy - D Kelsey9

More details Grid (User) AUP –New version EGEE/WLCG in April/May 2010 – –OSG will consider adopting this not just for WLCG users JSPG evolution –Presented the status and plans of EGI SPG 8 Dec 2010Sec Policy - D Kelsey10

Details (2) For global collaboration on security policies –Work towards a framework of standards JSPG used to be good location for this work –EGI SPG is more EGI-focussed Start with WLCG work on Incident Response Policy standards –Work will start early in 2011 More general collaboration via the Infrastructure Policy Group (meets at OGF meetings) s.ipg/wiki/HomePagehttp://forge.gridforum.org/sf/wiki/do/viewPage/project s.ipg/wiki/HomePage 8 Dec 2010Sec Policy - D Kelsey11