Presentation is loading. Please wait.

Presentation is loading. Please wait.

WISE, SCI & policy templates David Kelsey (STFC-RAL, UK Research and Innovation) FIM4R & TIIME, Vienna, 11 February 2019.

Published byClarence Baldwin Modified over 4 years ago

Similar presentations

Presentation on theme: "WISE, SCI & policy templates David Kelsey (STFC-RAL, UK Research and Innovation) FIM4R & TIIME, Vienna, 11 February 2019."— Presentation transcript:

1 WISE, SCI & policy templates David Kelsey (STFC-RAL, UK Research and Innovation) FIM4R & TIIME, Vienna, 11 February 2019

2 Contents The WISE community
Security for Collaborating Infrastructures (SCI) AARC2 Policy Development Kit AARC2/WISE Baseline AUP Kelsey/WISE/SCI Trust Framework 11 Feb 2019

3 The WISE Community & Security for Collaborating Infrastructures (SCI)
Note: WISE has several different activities – not just SCI For example Risk Assessment working group has published draft risk assessment spreadsheets for use by others, see The WISE Community & Security for Collaborating Infrastructures (SCI) The SCI activity was a co-founder, together with TERENA/GEANT SIG-ISM (2015) More details on SCI: Trusted CI Webinar – D Kelsey (24 Sep 2018) Next WISE Community meeting – Kaunas, Lithuania, April 2019 – all welcome! Kelsey/WISE/SCI Trust Framework 11 Feb 2019

4 WISE meetings (Oct 2015, Feb & Aug 2018) – others not shown!
Barcelona, Spain Abingdon, UK Alexandria, VA, USA Kelsey/WISE/SCI Trust Framework 11 Feb 2019

5 Security for Collaborating Infrastructures (SCI)
A collaborative activity of information security officers from large- scale infrastructures EGI, OSG, PRACE, EUDAT, CHAIN, WLCG, XSEDE, … Grew out of JSPG(EGEE/EGI/WLCG) and IGTF – from the ground up ( ) We developed a Trust framework Enable interoperation (security teams) Manage cross-infrastructure security risks Develop policy standards Especially where not able to share identical security policies Kelsey/WISE/SCI Trust Framework 11 Feb 2019

6 SCI version 1 (2013) - children
Both separate derivatives of SCI version 1 REFEDS Sirtfi - The Security Incident Response Trust Framework for Federated Identity requirement in FIM4R version 1 paper AARC/IGTF Snctfi – The Scalable Negotiator for a Community Trust Framework in Federated Infrastructures For scalable policy – Research Services behind a SP/IdP proxy Kelsey/WISE/SCI Trust Framework 11 Feb 2019

7 WISE SCI Version 2 Aims SCI Version 2 was published on 31 May 2017
Involve wider range of stakeholders GEANT, NRENS, Identity federations, … Address any conflicts in version 1 for new stakeholders Add new topics/areas if needed (and indeed remove topics) Revise all wording of requirements Simplify! SCI Version 2 was published on 31 May 2017 Kelsey/WISE/SCI Trust Framework 11 Feb 2019

8 SCI Version 2 – published 31 May 2017
Kelsey/WISE/SCI Trust Framework 11 Feb 2019

9 Endorsement of SCI Version 2 at TNC17 (Linz)
1st June 2017 Infrastructures endorse the governing principles and approach of SCI, as produced by WISE, as a medium of building trust between infrastructures, to facilitate the exchange of security information in the event of a cross-infrastructure incident, and the collaboration of e-Infrastructures to support the process. These Infrastructures welcome the development of an information security community for the Infrastructures, and underline that the present activities by the research and e-Infrastructures should be continued and reinforced Endorsements have been received from the following infrastructures; EGI, EUDAT, GEANT, GridPP, MYREN, PRACE, SURF, WLCG, XSEDE, HBP infrastructures.aspx Kelsey/WISE/SCI Trust Framework 11 Feb 2019

10 SCI–WG in 2018/19 (Nearly) complete
Joint work AARC2/EOSC-hub on Policy Development Kit Produce WISE Baseline AUP v1.0 (Prepared by AARC2) Work in progress Maturity (self) Assessments against SCI v2 Assessment spreadsheet/FAQ/Guidelines – how to satisfy SCI V2? Kelsey/WISE/SCI Trust Framework 11 Feb 2019

11 AARC2 (Uros Stevanovic & NA3 policy team) Policy development kit
Establishing an Infrastructure (or Community) requires clear rules for security, membership management, data protection, etc. Rules  Policies Policies provide: Trust Manage and govern Infrastructure Legal compliance AARC (and WISE) providing templates, instructions, trainings

12 Which policies? SCI paper (A Trust Framework for Security Collaboration among Infrastructures) SNCTFI (Scalable Negotiator for a Community Trust Framework in Federated Infrastructures) Top level policy Operational Security Membership management Data protection Consider current best practices (EGI, CERN, ELIXIR, TrustedCI, etc.) Policies start from EGI versions Some other policies (Infrastructure-related) will need to be handled by WISE/EOSC-hub

13 Slides of Ian Neilson - A common AUP - motivation
To make a recommendation for the content of an Acceptable Use Policy (AUP) to act as a baseline policy (or template) for adoption by research communities To facilitate - a more rapid community infrastructure ‘bootstrap’ ease the trust of users across infrastructures provide a consistent and more understandable enrolment for users. Adoption of a policy preferred to template

14 2018 study of existing AUPs AARC2 NA3 policy (Ian Neilson)
For details see: Looked at AUPs from 11 infrastructures Then considered clause by clause in a spreadsheet: xHQxfxM/edit#gid= Kelsey/WISE/SCI Trust Framework 11 Feb 2019

15 How will this Baseline AUP used?
Forms part of the information shown to a user during registration with his/her community AUP provides information on expected behaviour and restrictions "baseline" text can, optionally, be augmented with additional, community or infrastructure specific, clauses as required, but the numbered clauses should not be changed The registration point where the user is presented with the AUP may be operated directly by the user's research community or by a third party on the community's behalf Other information shown to user during registration Privacy Notice - information about the processing of their personal data together with their rights under law regarding this processing Service Level Agreements - information about what the user can expect from the service in terms of quality such as reliability and availability (Optional) Terms of Service Kelsey/WISE/SCI Trust Framework 11 Feb 2019

16 WISE Baseline Acceptable Use Policy & Conditions of Use
Has been sent to WISE steering committee for approval (n.b. consultation has ended) The 10 AUP policy statements are: You shall only use the Services in a manner consistent with the purposes and limitations described above; you shall show consideration towards other users including by not causing harm to the Services; you have an obligation to collaborate in the resolution of issues arising from your use of the Services. You shall only use the Services for lawful purposes and not breach, attempt to breach, nor circumvent administrative or security controls. You shall respect intellectual property and confidentiality agreements. You shall protect your access credentials (e.g. passwords, private keys or multi-factor tokens); no intentional sharing is permitted. You shall keep your registered information correct and up to date. You shall promptly report known or suspected security breaches, credential compromise, or misuse to the security contact stated below; and report any compromised credentials to the relevant issuing authorities. Reliance on the Services shall only be to the extent specified by any applicable service level agreements listed below. Use without such agreements is at your own risk. Your personal data will be processed in accordance with the privacy statements referenced below. Your use of the Services may be restricted or suspended, for administrative, operational, or security reasons, without prior notice and without compensation. If you violate these rules, you may be liable for the consequences, which may include your account being suspended and a report being made to your home organisation or to law enforcement.

17 Questions? And discussion …. Kelsey/WISE/SCI Trust Framework
11 Feb 2019

Download ppt "WISE, SCI & policy templates David Kelsey (STFC-RAL, UK Research and Innovation) FIM4R & TIIME, Vienna, 11 February 2019."

Similar presentations

Grid Security Users, VOs, Sites OSG Collaboration Meeting University of Washington Bob Cowles August 23, 2006 Work supported.

Grid Security Users, VOs, Sites OSG Collaboration Meeting University of Washington Bob Cowles August 23, 2006 Work supported.
INFSO-RI-508833 Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK

INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.

Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Moving Forward With the African Dialogue Cross-Border Principles By Mary Gurure Manager, Legal Services and Compliance COMESA Competition Commission Lilongwe,

Moving Forward With the African Dialogue Cross-Border Principles By Mary Gurure Manager, Legal Services and Compliance COMESA Competition Commission Lilongwe,
WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.

WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.

Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.
Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.

Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.

A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) WLCG GDB, CERN 10 Jul 2013.

A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) WLCG GDB, CERN 10 Jul 2013.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.

JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.

Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
June 6, 2006OSG - Draft VO AUP1 Open Science Grid Trust as a Foundation June 6, 2006 Keith Chadwick.

June 6, 2006OSG - Draft VO AUP1 Open Science Grid Trust as a Foundation June 6, 2006 Keith Chadwick.
Additional Services: Security and IPv6 David Kelsey STFC-RAL.

Additional Services: Security and IPv6 David Kelsey STFC-RAL.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI SPG future work EGI Technical Forum Lyon, 21 Sep 2011 David Kelsey, STFC/RAL.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI SPG future work EGI Technical Forum Lyon, 21 Sep 2011 David Kelsey, STFC/RAL.

Similar presentations

Ads by Google