1 / 13

Security Area in GridPP2

Security Area in GridPP2. “Proforma-2 posts” overview Deliverables Local Access Local Usage VO Tools Security co-ordination Tier 2 VO and Security posts Future LCG/EGEE Security Work Dissemination. GridPP 2 Posts. 1.0 for Local Access Control (Manchester)

reginaldk
Télécharger la présentation

Security Area in GridPP2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Area in GridPP2 • “Proforma-2 posts” overview • Deliverables • Local Access • Local Usage • VO Tools • Security co-ordination • Tier 2 VO and Security posts • Future LCG/EGEE Security Work • Dissemination

  2. GridPP 2 Posts • 1.0 for Local Access Control (Manchester) • GACL and GridSite Library extensions • 1.0 for Local Usage Control (Manchester) • For sites to control disk use etc • 0.5 for VO Tools (Manchester) • GridSite • 1.0 for Security co-ordination (RAL) • Mostly LCG follow-on from EDG Security Group • 0.5 for Tier-2 VO Operations (Manchester) • 1.0 for Tier-2 Security Officer (RAL)

  3. Deliverables: Task 1 • Task 1 Local Access Control (1.0 FTE) • Month 6 Hardening of GridSite and SlashGrid for bulk file handling • Month 12 Profile for use of XACML policy language • Month 18 XACML and C/C++/Java support via GACL API • Month 24 Updates integrated into SlashGrid and GridSite releases • Month 30 Further performance and robustness requirements/improvements • Month 36 Final release of standards-based GridSite/GACL library

  4. Deliverables: Task 2 • Task 2 Local Usage Control (1.0 FTE) • Month 6 Requirements gathering for Usage Control • Month 12 Prototype application of Usage Control to services • Month 18 Prototype XML representation of Usage Control • Month 24 SlashGrid and GridSite releases with support for Usage Control • Month 30 Co-ordination of standards with GGF etc accounting groups • Month 36 Final release, including reporting usage to Virtual Organization

  5. Deliverables: Task 3 • Task 3 Virtual Organization Tools (0.5 FTE) • Month 6 Integration of VOMS interface to GridSite lightweight groups • Month 12 Improvements to GridSite user interface after users survey • Month 18 Ad-hoc group creation and user tools • Month 24 Prototype usage control/reporting in GridSite • Month 30 Implementation of further requirements after initial deployment • Month 36 Final release of standards-based VO usage administration

  6. Deliverables: Task 4 • Task 4 Security coordination, policies, quality assurance and documentation (1.0 FTE) • M6 Define the relationship of LCG security coordination to JRA3 and SA1 activities in EGEE • M6 Define and agree QA procedures with tasks 1 to 3. • M9 Contribute to the Security Coordination and Policy issues for the LCG TDR • M12 Complete evaluation of the Security Middleware documentation and propose and implement improvements • M24 Produce a Quality Assurance report on all security middleware developments • M30 Coordinate the implementation of LCG security policy and procedures for LCG Phase-2

  7. Deliverables: VO Operations • 0.5 FTE • Quaterly reports to GridPP • Status of services, account of support undertaken and plans for next quarter • Three annual reports • At M12, M24 and M36 • Assessing the virtual organization middleware deployed • Feedback to developers within GridPP and other projects, in light of operational experience

  8. Deliverables: Security Officer • 1.0 FTE • M3 Produce and negotiate Incident Response Procedure • M6 Perform a Security Risk Analysis in collaboration with the Tier 2 • M6 Produce and negotiate a GridPP Security Policy and other rules • M9 Produce an agreed firewall guide for GridPP • M12 Prepare annual summary of security incidents, issues and policy • M15 Investigate the feasibility of a Grid Intrusion Monitoring and Detection service and implement if appropriate • M18 Organise a GridPP security operations workshop • M24 Prepare the second annual summary of GridPP security incidents, issues and policy • M36 Prepare the final summary of GridPP security incidents, issues and policy

  9. Future LCG/EGEE work (1)(slides from David Kelsey) • Authentication • Continue and expand the EDG PKI • Secure credential management: online services, SmartCards • Faster and more robust certificate revocation, e.g. OCSP • Restricted delegation • Confidentiality • Integrate and deploy the proposed solution for the old WP10's applications

  10. Future LCG/EGEE work (2) • Authorization • Fuller use of VOMS AuthZ credentials • Mutual AuthZ: VOs should approve resources and services • Convergence with GGF standards (XACML, SAML, …) • Build on DataGrid design and components for industrial strength • PKI/SSL authentication, standards-based authorization, WS-security,…

  11. GridPP Security dissemination • GridSite and Security Middleware are readily applicable to other projects • All projects need a website • All projects need security • (write access control if nothing else) • We're talking to other projects which are interested in using GridPP security middleware • In particular, MRC projects (HIC, CLEF, PsyGrid) • We intend to submit GridSite to OMII repository • Other possibilities in the pipeline...

  12. “gridsite.org” • Shorthand for making GridSite an Open Source project, with external involvement • We noticed that most of the users installed the software without first asking for help/support • We're trying to encourage this: • Source and binary distributions • User, Admin, Install guides, man pages etc • Publically available CVS + Bugtrack (thanks to EDG and now LCG Savannah) • Public announcement and discussion mailing lists • Pointers to free/cheap/lightweight X.509 CAs

  13. Summary • Middleware concentrates on local access/usage • Some work also on lightweight VO support • Migrating to standards (eg XACML) • Funding to support continued [EDG|LCG] Security Group leadership by David Kelsey • Tier-2 VO and Security Officer posts involved in the programme as on site “customers” • But we need to make more links to other LCG, EGEE, ARDA etc middleware projects

More Related