JRA3 Introduction Åke Edlund EGEE Security Head EGEE First Conference, Cork, April 19, 2004 JRA3 Introduction Åke Edlund EGEE Security Head www.eu-egee.org EGEE is a project funded by the European Union under contract IST-2003-508833 Cork - 2004-04-19 - 1
Contents Objectives Milestones Work Breakdown Structure (WBS) Execution plan Effort summary Resource Indicators Relations to other activities Initial Risks Assessment Summary Cork - 2004-04-19 - 2
Objectives JRA3 Overview EGEE will construct an integrated and scalable infrastructure that will facilitate various types of applications and access patterns, ranging from single transactions to long-lived batch jobs. Security must be included in the architecture from the start, and not inserted at a later point. Security considerations must be present in all activities. The JRA3 security group will define a Security Framework and Architecture and a set of high-level policies that will act as guidance to the other activities. This will ensure consistency and provides one of the more visible value-adding services of the Grid: transparent security and single sign-on. The security architecture will be based on requirements from both Grid users and suppliers. JRA3 will assist in defining and validating the EGEE security architecture in line with these requirements. Cork - 2004-04-19 - 3
Objectives JRA3 Overview (cont.) To date, the following areas have been identified as being on the critical path for large-scale deployment: Basic Security Policy and Incident Response CA Trust Establishment and Policy Management VO Definition, Rights Delegation, and Scalability OGSA Web Services Security and site service access, control and auditing Site Usage Control and Budgeting Secure Credential Storage Cork - 2004-04-19 - 4
The tasks of this activity have one common goal: Objectives Scope of the work The tasks of this activity have one common goal: Enabling the deployment of production- quality Grid that includes resources and applications that are security-conscious and handle sensitive information. Cork - 2004-04-19 - 5
Milestones Cork - 2004-04-19 - 6
Work Breakdown Structure (WBS) Cork - 2004-04-19 - 7
Execution plan - JRA Overview - GANTT Cork - 2004-04-19 - 8
Execution plan - Overview The execution plan for the initial period of 9 months: Project start: To ensure a quick start-up phase, almost all staffing was in place by the start of the project. Also, the initial plans were well advanced at the start of the project. PM3: the first two milestones are at the end of project month 3: first, a completed users requirements survey will help to further refine the distribution of effort over action lines; and second, the set up of the Policy Management Authority (PMA) for European CAs. The PMA will also liaison with non-European CAs as necessary. PM6: at the end of project month 6, two more milestones have been met and the first deliverable is completed. The first milestone is a manual with initial recommendations for OGSA SEC services reengineering. The second is a document for security operational procedures and incident handling and a common Grid incident format. The deliverable is the initial Global security architecture document. Cork - 2004-04-19 - 9
Execution plan - Tasks Task 1: User requirements survey Liaise with European bodies for authentication and PKI Identify user communities and contact people Acquire background information on EDG security architecture Collect and sort security requirements Perform user survey Identify authorization requirements Task 2: Setup of the PMA for European CAs Write and adopt the EUGridPMA Charter Operating and sustaining the EUGridPMA Task 3: OGSA security reengineering recommendations Liaise with other activities of EGEE such as the Architecture Requirements collection and categorization AuthZ and AuthN infrastructure GGF connection (OASIS+WS) Cork - 2004-04-19 - 10
Execution plan - Tasks (cont.) Task 4: Global Security Architecture Security Architecture workshop Participate in work on Global Architecture Security Architecture document Task 5: Security operational procedures Inventory of incident reporting practices and report formats Definition of a common incident report format Task 6: Secure Credential Storage procedures Task 7: Site access control architecture Prototyping and refactoring of site access tools for architecture development Describe site access control architecture in documentation Cork - 2004-04-19 - 11
Execution plan - Recurring Tasks Recurrent tasks Support of existing tools and software Support of new software Operation of the EUGridPMA Quality Assurance Cork - 2004-04-19 - 12
Effort summary Cork - 2004-04-19 - 13
Effort summary Cork - 2004-04-19 - 14
Relations to other activities, e.g. JRA1 Cork - 2004-04-19 - 15
Initial Risks Assessment Cork - 2004-04-19 - 16
Summary EGEE Security will enable the deployment of production-quality Grid that includes resources and applications that are security-conscious and handle sensitive information. The project has started successfully with the intended “hit the ground running” approach. A number of risks has been identified and are to be discussed during the this kickoff. Identified collaborations with other activities has been initiated. (Next slide, LCG Sevice Time-line. Our first application.) Cork - 2004-04-19 - 17
LCG Service Time-line computing service physics 2003 2004 2005 2006 2007 open LCG-1 (achieved) – 15 Sept Testing, with simulated event productions LCG-2 - upgraded middleware, mgt. and ops tools principal service for LHC data challenges Second generation EGEE middleware prototyping, development Computing models LCG-3 – second generation EGEE middleware validation of computing models Phase 2 service acquisition, installation, commissioning TDR* for the Phase 2 grid Phase 2 service in production experiment setup & preparation first data * TDR – technical design report Cork - 2004-04-19 - 18