1. JRA3 Introduction Åke Edlund EGEE Security Head
EGEE First Conference, Cork, April 19, 2004
JRA3 Introduction Åke Edlund EGEE Security Head
EGEE is a project funded by the European Union under contract IST
Cork

2. Contents Objectives Milestones Work Breakdown Structure (WBS)
Execution plan
Effort summary
Resource Indicators
Relations to other activities
Initial Risks Assessment
Summary
Cork

3. Objectives JRA3 Overview
EGEE will construct an integrated and scalable infrastructure that will facilitate various types of applications and access patterns, ranging from single transactions to long-lived batch jobs.
Security must be included in the architecture from the start, and not inserted at a later point.
Security considerations must be present in all activities.
The JRA3 security group will define a Security Framework and Architecture and a set of high-level policies that will act as guidance to the other activities. This will ensure consistency and provides one of the more visible value-adding services of the Grid: transparent security and single sign-on.
The security architecture will be based on requirements from both Grid users and suppliers. JRA3 will assist in defining and validating the EGEE security architecture in line with these requirements.
Cork

4. Objectives JRA3 Overview (cont.)
To date, the following areas have been identified as being on the critical
path for large-scale deployment:
Basic Security Policy and Incident Response
CA Trust Establishment and Policy Management
VO Definition, Rights Delegation, and Scalability
OGSA Web Services Security and site service access, control and auditing
Site Usage Control and Budgeting
Secure Credential Storage
Cork

5. The tasks of this activity have one common goal:
Objectives
Scope of the work
The tasks of this activity have one common goal:
Enabling the deployment of production- quality Grid that includes resources and applications that are security-conscious and handle sensitive information.
Cork

6. Milestones
Cork

7. Work Breakdown Structure (WBS)
Cork

8. Execution plan - JRA Overview - GANTT
Cork

9. Execution plan - Overview
The execution plan for the initial period of 9 months:
Project start: To ensure a quick start-up phase, almost all staffing was in place by the start of the project. Also, the initial plans were well advanced at the start of the project.
PM3: the first two milestones are at the end of project month 3: first, a completed users requirements survey will help to further refine the distribution of effort over action lines; and second, the set up of the Policy Management Authority (PMA) for European CAs. The PMA will also liaison with non-European CAs as necessary.
PM6: at the end of project month 6, two more milestones have been met and the first deliverable is completed. The first milestone is a manual with initial recommendations for OGSA SEC services reengineering. The second is a document for security operational procedures and incident handling and a common Grid incident format. The deliverable is the initial Global security architecture document.
Cork

10. Execution plan - Tasks Task 1: User requirements survey
Liaise with European bodies for authentication and PKI
Identify user communities and contact people
Acquire background information on EDG security architecture
Collect and sort security requirements
Perform user survey
Identify authorization requirements
Task 2: Setup of the PMA for European CAs
Write and adopt the EUGridPMA Charter
Operating and sustaining the EUGridPMA
Task 3: OGSA security reengineering recommendations
Liaise with other activities of EGEE such as the Architecture
Requirements collection and categorization
AuthZ and AuthN infrastructure
GGF connection (OASIS+WS)
Cork

11. Execution plan - Tasks (cont.)
Task 4: Global Security Architecture
Security Architecture workshop
Participate in work on Global Architecture
Security Architecture document
Task 5: Security operational procedures
Inventory of incident reporting practices and report formats
Definition of a common incident report format
Task 6: Secure Credential Storage procedures
Task 7: Site access control architecture
Prototyping and refactoring of site access tools for architecture development
Describe site access control architecture in documentation
Cork

12. Execution plan - Recurring Tasks
Recurrent tasks
Support of existing tools and software
Support of new software
Operation of the EUGridPMA
Quality Assurance
Cork

13. Effort summary
Cork

14. Effort summary
Cork

15. Relations to other activities, e.g. JRA1
Cork

16. Initial Risks Assessment
Cork

17. Summary
EGEE Security will enable the deployment of production-quality Grid that includes resources and applications that are security-conscious and handle sensitive information.
The project has started successfully with the intended “hit the ground running” approach.
A number of risks has been identified and are to be discussed during the this kickoff.
Identified collaborations with other activities has been initiated.
(Next slide, LCG Sevice Time-line. Our first application.)
Cork

18. LCG Service Time-line computing service physics
2003
2004
2005
2006
2007
open LCG-1 (achieved) – 15 Sept
Testing, with simulated event productions
LCG-2 - upgraded middleware, mgt. and ops tools
principal service for LHC data challenges
Second generation EGEE middleware prototyping, development
Computing models
LCG-3 – second generation EGEE middleware
validation of computing models
Phase 2 service acquisition, installation, commissioning
TDR* for the Phase 2 grid
Phase 2 service in production
experiment setup & preparation
first data
* TDR – technical design report
Cork