90 likes | 208 Vues
Activities this trimester. 0.5 revision of Operational Security Plan Independently (from GPO) developing a clearinghouse concept Merging terminology and ideas with Aaron’s very similar formulation of a CH Drafting initial clearinghouse policy/plans/agreement. Operation Security Plan.
E N D
Activities this trimester • 0.5 revision of Operational Security Plan • Independently (from GPO) developing a clearinghouse concept • Merging terminology and ideas with Aaron’s very similar formulation of a CH • Drafting initial clearinghouse policy/plans/agreement INSERT PROJECT REVIEW DATE
Operation Security Plan • The goals (for inter-aggregate issues) • (1) recommend structure of an incident response team, • (2) set forth the basic processes for incident response, • (3) recommend actions to mitigate perceived risks. • Document is a bit ahead of its time • Needs funds to implement & governance to direct its execution • Prioritization of threat mitigations in the final section is relevant now, though. • Could guide funding of future projects & feedback is desired INSERT PROJECT REVIEW DATE
Clearinghouse agreement or policy? • Less of an agreement between parties, more of a policy or directive for how CH will be operated • Depends heavily uponconcept of clearinghouse and federation as proposed here by GPO • Just as the CH is a trusted root, this document meant to be root for other policies or agreements • So Aggregate Provider Agreement is between AAs and clearinghouse (similarly for IdP agreements) • This creates a bridge between AAs, IdPs and users when there is a common set of policies and agreements associated with a common CH INSERT PROJECT REVIEW DATE
Clearinghouse policy format • Definition of clearinghouse • Terms a little out of date with Aaron’s • Description of federation actors and needed agreements • Both existing and needed future agreements • Definition of services provided by CH and QoS • Policies for clearinghouse ops. INSERT PROJECT REVIEW DATE
Needed GENI agreements/policies/plans • ✔Aggregate Provider Agreement • Needs terminology update, but pretty much done. • ✗Identity Provider Agreements • Will need with InCommon, PL, Emulab, etc • ✗Slice Registry Agreements • Might be rolled into IdPagreements? • ✗Project Leader Agreement • ✗Federation Charter • describe the governance structure of GENI and references all the federation agreements/policies INSERT PROJECT REVIEW DATE
Needed GENI agreements/policies/plans • ✗Acceptable Use Policy • Base off of RUP, include opt-in user treatment • ✓Legal, Law Enforcement & Regulatory Plan • Needs a little updating of terminology • Clearinghouse Policy • Several questions still to answer, some must wait till implementation details emerge • Incident Response Plan • Next evolution of the operational security plan. • Loosely based off Open Science Grid • ✗ Certificate Authority Operational Policy • For any service issuing credentials INSERT PROJECT REVIEW DATE
Clearinghouse services • Project registration/creation • Principal registration and revocation • Slice creation, registration & revocation • Resource discovery • Federation resource policy verification • E.g., does a grad student have more resources than some set limit? • Remember, aggregates still make the decision to grant resource requests, but some may only take requests proxied through the clearinghouse which verifies policy INSERT PROJECT REVIEW DATE
Clearinghouse policies covered • Governance, from where does clearinghouse receive its directives and mission • Responsibilities CH has to GENI community • Conflict Resolution Process • E.g., an aggregate or other actor complains that an another aggregate has violated the agreement • Privacy policy for all info collected by CH • User attributes collected from IdPs • Data collected from aggregates • Need to know what allocations were actually granted • Certificate Authority policies INSERT PROJECT REVIEW DATE
CH Policy feedback needed • What resource allocation policies might we have • Determines which attributes must be collected • If a slice was created elsewhere and registered at the clearinghouse, who can determine who has been given rights to act on a slice • Will the architecture allow us to determine anything other than the slice owner and project leader? • Do the definitions of 3 project sizes make sense? • What about the turnaround time for creating projects? • Do we need a committee to vet large projects? • And just general feedback please INSERT PROJECT REVIEW DATE