Presentation is loading. Please wait.

Presentation is loading. Please wait.

David Kelsey STFC-RAL 2nd WISE workshop, XSEDE16, Miami 18 July 2016

Published byMelinda Evans Modified over 6 years ago

Similar presentations

Presentation on theme: "David Kelsey STFC-RAL 2nd WISE workshop, XSEDE16, Miami 18 July 2016"— Presentation transcript:

1 David Kelsey STFC-RAL 2nd WISE workshop, XSEDE16, Miami 18 July 2016
WISE SCIV2-WG David Kelsey STFC-RAL 2nd WISE workshop, XSEDE16, Miami 18 July 2016

2 Overview A short history of the SCI group WISE SCIV2-WG
The Version 1 document WISE SCIV2-WG Aims Workplan Next steps 18July16 SCIV2-WG,

3 David Kelsey (STFC-RAL, UK)
A Trust Framework for Security Collaboration among Infrastructures (SCI Version 1) David Kelsey (STFC-RAL, UK)

4 Authors of the 1st SCI paper
K. Chadwick (FNAL) I. Gaines (FNAL) D. Groep (Nikhef) U. Kaila (CSC) C. Kanellopoulos (GRNET) D. Kelsey (STFC) J. Marsteller (PSC) R. Niederberger (FZ-Juelich) V. Ribaillier (IDRIS) R. Wartel (CERN) W. Weisz (University of Vienna) J. Wolfrat (SURFsara) 18July16 SCIV2-WG,

5 Early days of Grid Security Policy
Joint (WLCG/EGEE) Security Policy Group (JSPG) In 2005 EGEE, OSG, WLCG agreed a common version of the Grid Acceptable Use Policy Accepted by all users during registration with a VO And used by many other (Grid) Infrastructures EGI and WLCG in general continue to use the same Security Policies Often not easy to agree on identical policy words 18July16 SCIV2-WG,

6 Build a new Trust Framework
Several large-scale production e-Infrastructures Grids, Clouds, HPC, HTC, … Each has their own resources, users, policies and procedures BUT subject to many common security threats Common technologies Common users (spreading infections) Security incidents can spread rapidly Need to share information and work together on security operations 18July16 SCIV2-WG,

7 Security for Collaborating Infrastructures (SCI)
A collaborative activity of information security officers from large-scale infrastructures EGI, OSG, PRACE, EUDAT, CHAIN, WLCG, XSEDE, HBP… Developed a Trust framework Enable interoperation (security teams) Manage cross-infrastructure security risks Develop policy standards Especially where not able to share identical security policies 18July16 SCIV2-WG,

8 SCI Document – V1 Proceedings of the ISGC 2013 conference
The document defines a series of numbered requirements in 6 areas 18July16 SCIV2-WG,

9 SCI: areas addressed Operational Security Incident Response
Traceability Participant Responsibilities Individual users Collections of users Resource providers, service operators Legal issues and Management procedures Protection and processing of Personal Data/Personally Identifiable Information 18July16 SCIV2-WG,

10 SCI Assessment To evaluate extent to which requirements are met, we recommend Infrastructures to assess the maturity of their implementations According to following levels Level 0: Function/feature not implemented Level 1: Function/feature exists, is operationally implemented but not documented Level 2: … and comprehensively documented Level 3: … and reviewed by independent external body 18July16 SCIV2-WG,

11 Further info Security for Collaborating Infrastructures SCI meetings
SCI meetings Sirtfi – Started from SCI V1 18July16 SCIV2-WG,

12 Now to the WISE SCIV2-WG 18July16 SCIV2-WG,

13 SCIV2-WG Aims Work towards a Version 2 document
Involve wider range of stakeholders GEANT, NRENS, Identity federations, … Address conflicts in version 1 for new stakeholders Add new topics/areas if needed Give guidance on the assessment of infrastructures against the SCI requirements We are not an operational security/trust group Not compete with other op sec trust activities But will seek feedback from such groups on our work 18July16 SCIV2-WG,

14 SCIV2-WG Workplan Self-assessments against Sections 4 (Operational Security) and 5 (Incident Response) in SCI version 1 To decide what guidance is needed and what words need to be changed. (completed) Produce draft guidelines for sections 4 and 5. all topics considered and questions discussed (see wiki) Tune words of sections 4 and 5. (before WISE3 at DI4R) And write the guidance for those sections Move on to other sections. (after WISE3 at DI4R) Aim for version 2 of the SCI document by the 12-month anniversary of the group (May 2017) After version 2 produced consider re-merging text with Sirtfi and Snctfi work (AARC and REFEDS) 18July16 SCIV2-WG,

15 Meetings & Next steps To date we have held 4 one-hour meetings
All by video conference Work also can be done via the group mail list Next meeting early/mid September (tbd) Work during August and September will concentrate on tuning the words of sections 4 and 5. And to write the guidance for those sections Drafts of both of these for WISE3 at DI4R 27 Sep 2016 in Krakow, Poland 18July16 SCIV2-WG,

16 Final words We have plenty of room for more people in the working group Please volunteer Contact one of the two chairs (David Kelsey, Adam Slagell) Join the WG mail list 18July16 SCIV2-WG,

17 Questions? 18July16 SCIV2-WG,

Download ppt "David Kelsey STFC-RAL 2nd WISE workshop, XSEDE16, Miami 18 July 2016"

Similar presentations

Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.

Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.
INFSO-RI-508833 Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK

INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI Security Policy Group Summary EGI TF David Kelsey 6/28/2015 1.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Security Policy Group Summary EGI TF David Kelsey 6/28/
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.

Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.

Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.

Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.
WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.

WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.
Security Policy Update LCG GDB Prague, 4 Apr 2007 David Kelsey CCLRC/RAL

Security Policy Update LCG GDB Prague, 4 Apr 2007 David Kelsey CCLRC/RAL
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
9-Sep-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 9 September 2003 David Kelsey CCLRC/RAL, UK

9-Sep-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 9 September 2003 David Kelsey CCLRC/RAL, UK
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
15-Dec-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint Security Policy Group) CERN 15 December 2004 David Kelsey CCLRC/RAL,

15-Dec-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint Security Policy Group) CERN 15 December 2004 David Kelsey CCLRC/RAL,
9-Oct-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) FNAL 9 October 2003 David Kelsey CCLRC/RAL, UK

9-Oct-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) FNAL 9 October 2003 David Kelsey CCLRC/RAL, UK
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.

Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.

Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.
Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.

Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.

Similar presentations

Ads by Google