80 likes | 342 Vues
Joint Security Policy Group EGEE 2 nd Project Conference Den Haag, 25 November 2004. David Kelsey CCLRC/RAL, UK d.p.kelsey@rl.ac.uk. Joint (EGEE/LCG) Security Policy Group (JSPG). Mandate
E N D
Joint Security Policy GroupEGEE 2nd Project ConferenceDen Haag, 25 November 2004 David KelseyCCLRC/RAL, UKd.p.kelsey@rl.ac.uk
Joint (EGEE/LCG) Security Policy Group (JSPG) Mandate • To advise and make recommendations to the Grid Deployment Manager, (EGEE ROC Managers), LCG GDB on all matters related to Security • Policies are agreed and adopted by LCG GDB & PEB’s • To produce and maintain • Policies and procedures on Registration, Authentication, Authorization and Security • Where necessary recommend the creation of focussed task-forces made-up of appropriate experts • Task force on LCG User Registration • EGEE Operational Security Coordination Team With strong links to • EGEE JRA3/MWSG • Open Science Grid David Kelsey, JSPG & Security Policy
JSPG (active) membership • Application representatives/VO managers • Joel Closier (LHCb), Anders Waananen (ATLAS) • Vacancies for other applications/VOs • Site Security Officers • Bob Cowles (SLAC), Denise Heagerty (CERN), Dane Skow (FNAL) • Bob and Dane also represent Grid3/Open Science Grid • Site/Resource Managers • Dave Kelsey (RAL) – Chair • Vacancies • Security middleware experts/developers • Joni Hahkala (JRA3), David Groep (JRA3), Andrew McNab (GridPP) • CERN Deployment team • Maria Dimou, Ian Neilson (Security Officer) David Kelsey, JSPG & Security Policy
JSPG Meetings, Web etc • Agenda, presentations, minutes etc http://agenda.cern.ch/displayLevel.php?fid=68 • JSPG Web site http://proj-lcg-security.web.cern.ch/ • Meetings • Started in April 2003 • Meet monthly • phone conference and face to face • Report to the monthly LCG GDB meetings http://agenda.cern.ch/displayLevel.php?fid=3l181 • Now need to include EGEE ROCs-CICs David Kelsey, JSPG & Security Policy
EGEE/LCG Policy GOC Guides picture from Ian Neilson Incident Response Certification Authorities Audit Requirements Usage Rules Security & Availability Policy Application Development & Network Admin Guide User Registration & VO Management http://cern.ch/proj-lcg-security/documents.html David Kelsey, JSPG & Security Policy
Reminder – current policy • Audit Requirements See https://edms.cern.ch/document/428037/ • Every site must keep logs • for at least 90 days • Need to be preserved over system re-installs • Also requirements for accounting • Agreement on Incident Response See https://edms.cern.ch/document/428035/ See this afternoon’s discussions… David Kelsey, JSPG & Security Policy
Work in progress • All policy documents need revision • First versions still mention “LCG-1” • Currently working on • User Registration • Site Registration • VO Registration • User Rules/Acceptable Use Policy • May need to remove some • e.g. SLA, Self Audit? • Wherever possible make policy general • “Grid” not “EGEE” • Offer to other projects • And input to EU eIRG activities • We will revisit the Risk Analysis and Risk Management • And prioritise efforts on the basis of this David Kelsey, JSPG & Security Policy
Final words • We have some vacancies • RC’s, ROC’s, other VO’s • Volunteers very welcome! • We need good discussion and feedback • Policy needs to be agreed and accepted by all • JSPG mail list is closed • but may request to join • Suggestions always welcome David Kelsey, JSPG & Security Policy