WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.

Slides:



Advertisements
Similar presentations
GGF16, Athens AuthZ Interoperability Here and Now Workshop, 16 Feb 2006.
Advertisements

Intro. Website Purposes  Provide templates and resources for developing early childhood interagency agreements and collaborative procedures among multiple.
9/25/08DLP1 OSG Operational Security D. Petravick For the OSG Security Team: Don Petravick, Bob Cowles, Leigh Grundhoefer, Irwin Gaines, Doug Olson, Alain.
Trust Model for eXtreme Scale Identity Management (XSIM) in Scientific Collaborations Bob Cowles, Craig Jackson, Von Welch (PI) VAMP September.
Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.
INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
Best Practices Working Group June 19-21, 2001 Munich, Germany.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Security Policy Group EGI Technical Forum Sep 2010 David Kelsey.
AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Developing a result-oriented Operational Plan Training
Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Security Update WLCG GDB CERN, 12 June 2013 David Kelsey STFC/RAL.
InWEnt | Qualified to shape the future1 Internet based Human Resource Development Management Platform Human Resource Development Programme in Natural Disaster.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
9-Sep-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 9 September 2003 David Kelsey CCLRC/RAL, UK
7 th FIM 4 R meeting April 2014 ESRIN Frascati.
Creating a European entity Management Architecture for eGovernment CUB - corvinus.hu Id Réka Vas
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
15-Dec-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint Security Policy Group) CERN 15 December 2004 David Kelsey CCLRC/RAL,
9-Oct-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) FNAL 9 October 2003 David Kelsey CCLRC/RAL, UK
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) WLCG GDB, CERN 10 Jul 2013.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
National Nuclear Regulatory Portal (NNRP) (Concept, Development and Experience) FNRBA Training Course on Knowledge Safety Networks, 14–18 October 2013,
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
Additional Services: Security and IPv6 David Kelsey STFC-RAL.
Identity Management in Future Scientific Collaborations (XSIM) Bob Cowles, Craig Jackson, Von Welch (PI) HEPiX Fall 2013 Workshop University of Michigan,
EGI-InSPIRE RI EGI EGI-InSPIRE RI Service Operations Security Policy the new generalised site operations security policy.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI SPG future work EGI Technical Forum Lyon, 21 Sep 2011 David Kelsey, STFC/RAL.
Federated Identity Management for Scientific Collaborations The Common Vision David Kelsey (STFC) 3 Nov 2011.
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
Security Policy Update WLCG GDB CERN, 8 Dec 2010 David Kelsey STFC/RAL david.kelsey AT stfc.ac.uk.
Why a Commercial Provider should Join the Academic Cloud Federation David Blundell Managing Director 100 Percent IT Ltd Simple, Flexible, Reliable.
INFSO-RI Enabling Grids for E-sciencE Joint Security Policy Group David Kelsey, CCLRC/RAL, UK 3 rd EGEE Project.
LCG User, Site & VO Registration in EGEE/LCG Bob Cowles OSG Technical Meeting Dec 15-17, 2004 UCSD.
LCG Pilot Jobs + glexec John Gordon, STFC-RAL GDB 7 December 2007.
Traceability WLCG GDB Amsterdam, 7 March 2016 David Kelsey STFC/RAL.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security aspects (based on Romain Wartel’s.
David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.
Who doesn’t need to be WISE? Bringing into reality global information security collaboration Alessandra Scicchitano GÉANT - Project Development Officer.
Grid Security Policy: EGEE to EGI David Kelsey (RAL) 16 Sep 2009 JSPG meeting, DFN Berlin david.kelsey at stfc.ac.uk.
PRACE security Jules Wolfrat, SURFsara, The Netherlands April 25, 2013, EGI CSIRT meeting, Linköping, Sweden 10 May Montpellier.
Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Utrecht NA3 Task 4 – Scalable Policy Negotiation.
Cloud Security Session: Introduction 25 Sep 2014Cloud Security, Kelsey1 David Kelsey (STFC-RAL) EGI-Geant Symposium Amsterdam 25 Sep 2014.
SCI & Sirtfi David Kelsey (STFC-RAL) EGI Conference, Lisbon 19 May 2015.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014.
WISE Information Security for Collaborating E-Infrastructures
Bob Jones EGEE Technical Director
WISE 2016 WISE: a global trust community where security experts share information and work together, creating collaboration among different e- infrastructures.
David Kelsey STFC-RAL 4th WISE workshop, Nikhef 27 March 2017
So what’s OGC’s role? Understanding where to find useful information
Ian Bird GDB Meeting CERN 9 September 2003
David Kelsey STFC-RAL 2nd WISE workshop, XSEDE16, Miami 18 July 2016
EGI Security Policy Update
Federated Identity Management for Scientific Collaborations
Updated (VO) Community Security Policies
Update - Security Policies
EUGridPMA Status and Current Trends and some IGTF topics March 2018 APGridPMA ISGC Meeting David Groep, Nikhef & EUGridPMA.
OIDC Federation for Infrastructures
David Kelsey (STFC-RAL)
WISE Information Security for collaborating e-Infrastructures David Kelsey (STFC-RAL, UK Research and Innovation) ISGC2019, Taipei, 2 April 2019 In collaboration.
WISE, SCI & policy templates David Kelsey (STFC-RAL, UK Research and Innovation) FIM4R & TIIME, Vienna, 11 February 2019.
Presentation transcript:

WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013

And many thanks to SCI members K. Chadwick (FNAL) R. Cowles (Univ of Indiana) I. Gaines (FNAL) D. Groep (Nikhef) U. Kaila (CSC) C. Kanellopoulos (GRNET) J. Marsteller (PSC) R. Niederberger (FZ-Juelich) V. Ribaillier (IDRIS) R. Wartel (CERN) W. Weisz (University of Vienna) J. Wolfrat (SURFsara) 17/10/13SCI at CHEP20132

Outline What is Trust and why do we need it? Early days of cooperation in security policy Building a new Trust Framework – Security for Collaborating Infrastructures (SCI) The SCI document Assessment versus SCI requirements Future plans 17/10/133SCI at CHEP2013

Trust? 17/10/134SCI at CHEP2013

A better definition of Trust eXtreme Scale Identity Management for Scientific Collaborations XSIM (Bob Cowles) – “Trust is a disposition willingly to accept the risk of reliance on a person, entity, or system to act in ways that benefit, protect, or respect one’s interests in a given domain.” Based on Nickel & Vaesen, Sabine Roeser, Rafaela Hillerbrand, Martin Peterson & Per Sandin (eds.), Handbook of Risk Theory. Springer (2012) 17/10/13SCI at CHEP20135

Risk Management & Trust Management of IT security – Management of risk – balanced with availability of services Risk analysis Security Plan to mitigate and manage the risks Security Plan includes various “Controls” – Technical – Operational – Management Security Policy is part of Management Controls Agreed policy framework – part of building trust 17/10/13SCI at CHEP20136

Early days of Grid Security Policy Joint (WLCG/EGEE) Security Policy Group We (EGEE, OSG, WLCG) agreed a common version of the Grid Acceptable Use Policy EGI and WLCG in general continue to use the same Security Policies BUT often not easy to agree on identical policy words We need a better way of agreeing policy 17/10/13SCI at CHEP20137

17/10/13SCI at CHEP20138 And now to SCI …

Security for Collaborating Infrastructures (SCI) A collaborative activity of information security officers from large-scale infrastructures – EGI, OSG, PRACE, EUDAT, CHAIN, WLCG, XSEDE, … Developed out of EGEE – started end of 2011 We are developing a Trust framework – Enable interoperation (security teams) – Manage cross-infrastructure security risks – Develop policy standards – Especially where not able to share identical security policies 17/10/13SCI at CHEP20139

SCI Document V1 of the SCI document was submitted to ISGC 2013 proceedings – Will (hopefully) be published soon Latest public draft always at /10/13SCI at CHEP201310

SCI: areas addressed Operational Security Incident Response Traceability Participant Responsibilities – Individual users – Collections of users – Resource providers, service operators Legal issues and Management procedures Protection and processing of Personal Data/Personally Identifiable Information 17/10/13SCI at CHEP201311

SCI example text: Incident Response Imperative that an infrastructure has an organised approach to addressing and managing events that threaten the security of resources, data and overall project integrity. Each infrastructure must have: [IR1] Security contact information for all service providers, resource providers and communities together with expected response times for critical situations. [IR2] A formal Incident Response procedure, which must address roles and responsibilities, identification and assessment of … (text continues) And continues … 17/10/13SCI at CHEP201312

SCI Assessment of maturity To evaluate extent to which requirements are met, we recommend Infrastructures to assess the maturity of their implementations According to following levels – Level 0: Function/feature not implemented – Level 1: Function/feature exists, is operationally implemented but not documented – Level 2: … and comprehensively documented – Level 3: … and reviewed by independent external body 17/10/13SCI at CHEP201313

A fictitious assessment 17/10/13SCI at CHEP201314

Future plans Version of 1 document – Now working on a background section and a glossary Consult Infrastructure Management – Feedback on SCI document Perform self-assessments Refine the SCI document Others are welcome to join – Contact me 17/10/13SCI at CHEP201315

Further info Security for Collaborating Infrastructures SCI meetings 17/10/1316SCI at CHEP2013

17/10/13SCI at CHEP Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.