David Kelsey STFC-RAL 2nd WISE workshop, XSEDE16, Miami 18 July 2016

Slides:



Advertisements
Similar presentations
Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.
Advertisements

INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Security Policy Group Summary EGI TF David Kelsey 6/28/
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.
WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.
Security Policy Update LCG GDB Prague, 4 Apr 2007 David Kelsey CCLRC/RAL
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
9-Sep-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 9 September 2003 David Kelsey CCLRC/RAL, UK
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
15-Dec-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint Security Policy Group) CERN 15 December 2004 David Kelsey CCLRC/RAL,
9-Oct-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) FNAL 9 October 2003 David Kelsey CCLRC/RAL, UK
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.
Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) WLCG GDB, CERN 10 Jul 2013.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
Additional Services: Security and IPv6 David Kelsey STFC-RAL.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI SPG future work EGI Technical Forum Lyon, 21 Sep 2011 David Kelsey, STFC/RAL.
Federated Identity Management for Scientific Collaborations The Common Vision David Kelsey (STFC) 3 Nov 2011.
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
Security Policy Update WLCG GDB CERN, 8 Dec 2010 David Kelsey STFC/RAL david.kelsey AT stfc.ac.uk.
INFSO-RI Enabling Grids for E-sciencE Joint Security Policy Group David Kelsey, CCLRC/RAL, UK 3 rd EGEE Project.
LCG User, Site & VO Registration in EGEE/LCG Bob Cowles OSG Technical Meeting Dec 15-17, 2004 UCSD.
Who doesn’t need to be WISE? Bringing into reality global information security collaboration Alessandra Scicchitano GÉANT - Project Development Officer.
Grid Security Policy: EGEE to EGI David Kelsey (RAL) 16 Sep 2009 JSPG meeting, DFN Berlin david.kelsey at stfc.ac.uk.
PRACE security Jules Wolfrat, SURFsara, The Netherlands April 25, 2013, EGI CSIRT meeting, Linköping, Sweden 10 May Montpellier.
Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Utrecht NA3 Task 4 – Scalable Policy Negotiation.
Cloud Security Session: Introduction 25 Sep 2014Cloud Security, Kelsey1 David Kelsey (STFC-RAL) EGI-Geant Symposium Amsterdam 25 Sep 2014.
GDB Introduction Ian Collier STFC Rutherford Appleton Laboratory GDB, May 11 th 2016.
Security Policy Update WLCG GDB CERN, 11 June 2008 David Kelsey STFC/RAL
SCI & Sirtfi David Kelsey (STFC-RAL) EGI Conference, Lisbon 19 May 2015.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014.
Welcome to 11th FIM4R 11th Meeting, Montréal September 2017
WISE Information Security for Collaborating E-Infrastructures
Mastering the Art of Collaboration for WISEr Global Security
Security Management Geant SIG-SIM – Alf Moens
WISE 2016 WISE: a global trust community where security experts share information and work together, creating collaboration among different e- infrastructures.
David Kelsey STFC-RAL 4th WISE workshop, Nikhef 27 March 2017
WISE people take action on security – Discussion
Federated Identity Management for Researchers (FIM4R)
Federated Identity Interest Group
EGI Security Policy Update
Update on FIM4R David Kelsey
David Kelsey CCLRC/RAL, UK
Federated Identity Management for Scientific Collaborations
The AARC Project Licia Florio (GÉANT) Christos Kanellopoulos (GRNET)
The AARC Project Licia Florio AARC Coordinator GÉANT
Policy in harmony: our best practice
Updated (VO) Community Security Policies
Update - Security Policies
Supporting communities with harmonized policy
EUGridPMA Status and Current Trends and some IGTF topics March 2018 APGridPMA ISGC Meeting David Groep, Nikhef & EUGridPMA.
OIDC Federation for Infrastructures
David Kelsey (STFC-RAL)
WP3: Policy and Best Practice Harmonisation
David Groep for the entire AARC Policy Team I2TechEX18 meeting
WISE Information Security for collaborating e-Infrastructures David Kelsey (STFC-RAL, UK Research and Innovation) ISGC2019, Taipei, 2 April 2019 In collaboration.
Federated Incident Response
WISE, SCI & policy templates David Kelsey (STFC-RAL, UK Research and Innovation) FIM4R & TIIME, Vienna, 11 February 2019.
Future GridPP Security
Presentation transcript:

David Kelsey STFC-RAL 2nd WISE workshop, XSEDE16, Miami 18 July 2016 WISE SCIV2-WG David Kelsey STFC-RAL 2nd WISE workshop, XSEDE16, Miami 18 July 2016

Overview A short history of the SCI group WISE SCIV2-WG The Version 1 document WISE SCIV2-WG Aims Workplan Next steps 18July16 SCIV2-WG, WISE@XSEDE16

David Kelsey (STFC-RAL, UK) A Trust Framework for Security Collaboration among Infrastructures (SCI Version 1) David Kelsey (STFC-RAL, UK)

Authors of the 1st SCI paper K. Chadwick (FNAL) I. Gaines (FNAL) D. Groep (Nikhef) U. Kaila (CSC) C. Kanellopoulos (GRNET) D. Kelsey (STFC) J. Marsteller (PSC) R. Niederberger (FZ-Juelich) V. Ribaillier (IDRIS) R. Wartel (CERN) W. Weisz (University of Vienna) J. Wolfrat (SURFsara) 18July16 SCIV2-WG, WISE@XSEDE16

Early days of Grid Security Policy Joint (WLCG/EGEE) Security Policy Group (JSPG) In 2005 EGEE, OSG, WLCG agreed a common version of the Grid Acceptable Use Policy Accepted by all users during registration with a VO And used by many other (Grid) Infrastructures EGI and WLCG in general continue to use the same Security Policies Often not easy to agree on identical policy words 18July16 SCIV2-WG, WISE@XSEDE16

Build a new Trust Framework Several large-scale production e-Infrastructures Grids, Clouds, HPC, HTC, … Each has their own resources, users, policies and procedures BUT subject to many common security threats Common technologies Common users (spreading infections) Security incidents can spread rapidly Need to share information and work together on security operations 18July16 SCIV2-WG, WISE@XSEDE16

Security for Collaborating Infrastructures (SCI) A collaborative activity of information security officers from large-scale infrastructures EGI, OSG, PRACE, EUDAT, CHAIN, WLCG, XSEDE, HBP… Developed a Trust framework Enable interoperation (security teams) Manage cross-infrastructure security risks Develop policy standards Especially where not able to share identical security policies 18July16 SCIV2-WG, WISE@XSEDE16

SCI Document – V1 Proceedings of the ISGC 2013 conference http://pos.sissa.it/archive/conferences/179/011/ISGC%202013_011.pdf The document defines a series of numbered requirements in 6 areas 18July16 SCIV2-WG, WISE@XSEDE16

SCI: areas addressed Operational Security Incident Response Traceability Participant Responsibilities Individual users Collections of users Resource providers, service operators Legal issues and Management procedures Protection and processing of Personal Data/Personally Identifiable Information 18July16 SCIV2-WG, WISE@XSEDE16

SCI Assessment To evaluate extent to which requirements are met, we recommend Infrastructures to assess the maturity of their implementations According to following levels Level 0: Function/feature not implemented Level 1: Function/feature exists, is operationally implemented but not documented Level 2: … and comprehensively documented Level 3: … and reviewed by independent external body 18July16 SCIV2-WG, WISE@XSEDE16

Further info Security for Collaborating Infrastructures SCI meetings http://www.eugridpma.org/sci/ SCI meetings https://indico.cern.ch/categoryDisplay.py?categId=68 Sirtfi – Started from SCI V1 https://wiki.refeds.org/display/GROUPS/SIRTFI 18July16 SCIV2-WG, WISE@XSEDE16

Now to the WISE SCIV2-WG 18July16 SCIV2-WG, WISE@XSEDE16

SCIV2-WG Aims Work towards a Version 2 document Involve wider range of stakeholders GEANT, NRENS, Identity federations, … Address conflicts in version 1 for new stakeholders Add new topics/areas if needed Give guidance on the assessment of infrastructures against the SCI requirements We are not an operational security/trust group Not compete with other op sec trust activities But will seek feedback from such groups on our work 18July16 SCIV2-WG, WISE@XSEDE16

SCIV2-WG Workplan Self-assessments against Sections 4 (Operational Security) and 5 (Incident Response) in SCI version 1 To decide what guidance is needed and what words need to be changed. (completed) Produce draft guidelines for sections 4 and 5. all topics considered and questions discussed (see wiki) Tune words of sections 4 and 5. (before WISE3 at DI4R) And write the guidance for those sections Move on to other sections. (after WISE3 at DI4R) Aim for version 2 of the SCI document by the 12-month anniversary of the group (May 2017) After version 2 produced consider re-merging text with Sirtfi and Snctfi work (AARC and REFEDS) 18July16 SCIV2-WG, WISE@XSEDE16

Meetings & Next steps To date we have held 4 one-hour meetings All by video conference Work also can be done via the group mail list Next meeting early/mid September (tbd) Work during August and September will concentrate on tuning the words of sections 4 and 5. And to write the guidance for those sections Drafts of both of these for WISE3 at DI4R 27 Sep 2016 in Krakow, Poland 18July16 SCIV2-WG, WISE@XSEDE16

Final words We have plenty of room for more people in the working group Please volunteer Contact one of the two chairs (David Kelsey, Adam Slagell) Join the WG mail list https://lists.wise-community.org/sympa/subscribe/sciv2-wg 18July16 SCIV2-WG, WISE@XSEDE16

Questions? 18July16 SCIV2-WG, WISE@XSEDE16

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.