David Kelsey STFC-RAL 4th WISE workshop, Nikhef 27 March 2017

Slides:



Advertisements
Similar presentations
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
Advertisements

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.
Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.
WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.
Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) WLCG GDB, CERN 10 Jul 2013.
Authentication and Authorisation for Research and Collaboration AARC Plenary, Milano Melanie Imming, LIBER Authentication and Authorisation for Research.
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
Additional Services: Security and IPv6 David Kelsey STFC-RAL.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI SPG future work EGI Technical Forum Lyon, 21 Sep 2011 David Kelsey, STFC/RAL.
Federated Identity Management for Scientific Collaborations The Common Vision David Kelsey (STFC) 3 Nov 2011.
Security Policy Update WLCG GDB CERN, 8 Dec 2010 David Kelsey STFC/RAL david.kelsey AT stfc.ac.uk.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC CORBEL Workshop The AARC Project Paris, 31 May.
Who doesn’t need to be WISE? Bringing into reality global information security collaboration Alessandra Scicchitano GÉANT - Project Development Officer.
PRACE security Jules Wolfrat, SURFsara, The Netherlands April 25, 2013, EGI CSIRT meeting, Linköping, Sweden 10 May Montpellier.
Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Utrecht NA3 Task 4 – Scalable Policy Negotiation.
Cloud Security Session: Introduction 25 Sep 2014Cloud Security, Kelsey1 David Kelsey (STFC-RAL) EGI-Geant Symposium Amsterdam 25 Sep 2014.
SCI & Sirtfi David Kelsey (STFC-RAL) EGI Conference, Lisbon 19 May 2015.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014.
Welcome to 11th FIM4R 11th Meeting, Montréal September 2017
WISE Information Security for Collaborating E-Infrastructures
Mastering the Art of Collaboration for WISEr Global Security
Security Management Geant SIG-SIM – Alf Moens
WISE 2016 WISE: a global trust community where security experts share information and work together, creating collaboration among different e- infrastructures.
Boosting AAI for research and collaboration
The Policy Puzzle Many groups and (proposed) policies, but leaving many open issues AARC “NA3” is tackling a sub-set of these “Levels of Assurance” –
David Kelsey STFC-RAL 2nd WISE workshop, XSEDE16, Miami 18 July 2016
AARC Strategy and Approach
Federated Identity Management for Researchers (FIM4R)
EGI Security Policy Update
Update on FIM4R David Kelsey
Boosting AAI for research and collaboration
Federated Identity Management for Scientific Collaborations
Towards hamonized policies and best practices
The AARC Project Licia Florio (GÉANT) Christos Kanellopoulos (GRNET)
The AARC Project Licia Florio AARC Coordinator GÉANT
Minimal Level of Assurance (LoA)
Hannah Short CERN, Computer Security
Frameworks for harmonized policies and practices
Policy in harmony: our best practice
Towards hamonized policies and best practices
Policy and Best Practice … in practice
AARC Athens AHM meeting – NA3 session
[draft] Conclusions, actions & next steps
Updated (VO) Community Security Policies
Update - Security Policies
AARC Blueprint Architecture and Pilots
Supporting communities with harmonized policy
EUGridPMA Status and Current Trends and some IGTF topics March 2018 APGridPMA ISGC Meeting David Groep, Nikhef & EUGridPMA.
OIDC Federation for Infrastructures
AARC2 JRA1 Update Nicolas Liampotis
David Kelsey (STFC-RAL)
WP3: Policy and Best Practice Harmonisation
David Groep for the entire AARC Policy Team I2TechEX18 meeting
David Groep for the entire AARC Policy Team AARC2 AHM4 meeting
[draft] Conclusions, actions & next steps
WISE Information Security for collaborating e-Infrastructures David Kelsey (STFC-RAL, UK Research and Innovation) ISGC2019, Taipei, 2 April 2019 In collaboration.
Tom Barton (WG Chair) University of Chicago and Internet2
Federated Incident Response
EOSC-hub Contribution to the EOSC WGs
WISE, SCI & policy templates David Kelsey (STFC-RAL, UK Research and Innovation) FIM4R & TIIME, Vienna, 11 February 2019.
Future GridPP Security
Presentation transcript:

David Kelsey STFC-RAL 4th WISE workshop, Nikhef 27 March 2017 WISE SCIV2-WG David Kelsey STFC-RAL 4th WISE workshop, Nikhef 27 March 2017

SCIV2-WG, 4th WISE workshop Overview SCI version 1 document SCI maturity review WISE SCIV2-WG Aims/mandate Plans for tomorrow’s working group meeting And next couple of months 27Mar17 SCIV2-WG, 4th WISE workshop

Security for Collaborating Infrastructures (SCI) A collaborative activity of information security officers from large-scale infrastructures EGI, OSG, PRACE, EUDAT, CHAIN, WLCG, XSEDE, HBP… Developed a Trust framework Enable interoperation (security teams) Manage cross-infrastructure security risks Develop policy standards Especially where not using identical security policies 27Mar17 SCIV2-WG, 4th WISE workshop

SCIV2-WG, 4th WISE workshop SCI Document – V1 Proceedings of the ISGC 2013 conference http://pos.sissa.it/archive/conferences/179/011/ISGC%202013_011.pdf The document defines a series of numbered requirements in 6 areas 27Mar17 SCIV2-WG, 4th WISE workshop

SCIV2-WG, 4th WISE workshop SCI V1: areas addressed Operational Security Incident Response Traceability Participant Responsibilities Individual users Collections of users Resource providers, service operators Legal issues and Management procedures Protection and processing of Personal Data/Personally Identifiable Information 27Mar17 SCIV2-WG, 4th WISE workshop

SCIV2-WG, 4th WISE workshop SCI Maturity To evaluate extent to which requirements are met, we recommend Infrastructures to assess the maturity of their implementations According to following levels Level 0: Function/feature not implemented Level 1: Function/feature exists, is operationally implemented but not documented Level 2: … and comprehensively documented Level 3: … and reviewed by independent external body We have a spreadsheet to help assess 27Mar17 SCIV2-WG, 4th WISE workshop

SCIV2-WG, 4th WISE workshop Review An example of the info that can be recorded (part of the spreadsheet) 27Mar17 SCIV2-WG, 4th WISE workshop

SCIV2-WG, 4th WISE workshop Review (2) 27Mar17 SCIV2-WG, 4th WISE workshop

SCIV2-WG, 4th WISE workshop Now to the WISE SCIV2-WG 27Mar17 SCIV2-WG, 4th WISE workshop

SCIV2-WG, 4th WISE workshop SCIV2-WG Aims/Mandate Work towards a Version 2 document Involve wider range of stakeholders GEANT, NRENS, Identity federations, … Address conflicts in version 1 for new stakeholders Add new topics/areas if needed security audit/peer review, security risk assessments and software security review Give guidance on the assessment of infrastructures against the SCI requirements We are not an operational security/trust group Not compete with other op sec trust activities But will seek feedback from such groups on our work 27Mar17 SCIV2-WG, 4th WISE workshop

SCIV2-WG, 4th WISE workshop Other work FIM4R and REFEDS work The Security Incident Response Trust Framework for Federated Identity (Sirtfi) https://refeds.org/sirtfi AARC policy work: Scalable Negotiator for a Community Trust Framework in Federated Infrastructures (Snctfi) Close to final draft – not yet public Both of the above are Creative Commons derivatives of SCI v1 In SCI version 3 we should see if we can re-merge But could also include some of the words in SCI V2 perhaps? 27Mar17 SCIV2-WG, 4th WISE workshop

SCIV2-WG, 4th WISE workshop SCIV2-WG Workplan Work done already Self-assessments against Sections 4 (Operational Security) and 5 (Incident Response) of SCI version 1 To decide what guidance is needed and what words need to be changed (completed) Producing draft guidelines for same sections all topics considered and questions discussed (see wiki) https://wiki.geant.org/display/WISE/Guidance+for+SCI+version+1 27Mar17 SCIV2-WG, 4th WISE workshop

SCIV2-WG, 4th WISE workshop Next steps - Tomorrow! Tomorrow’s workshop Start with other sections (not OS nor IR) What to exclude? What is missing? Look at other input Back to Draft wording for OS and IR in version 2 By end of April (we can do it!) Agreed version 2 (final draft) – out to Stakeholders Draft of the V2 guidance document (by end May?) Or perhaps after TNC17 Sign-off at TNC17 (Linz 29 May – 1 June) 27Mar17 SCIV2-WG, 4th WISE workshop

SCIV2-WG, 4th WISE workshop Questions? 27Mar17 SCIV2-WG, 4th WISE workshop

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.