A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.

Slides:



Advertisements
Similar presentations
Grid Security Policy GridPP18, Glasgow David Kelsey 21sr March 2007.
Advertisements

GGF16, Athens AuthZ Interoperability Here and Now Workshop, 16 Feb 2006.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
9/25/08DLP1 OSG Operational Security D. Petravick For the OSG Security Team: Don Petravick, Bob Cowles, Leigh Grundhoefer, Irwin Gaines, Doug Olson, Alain.
Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.
INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
David Groep Nikhef Amsterdam PDP & Grid Traceability in the face of Clouds EGI-GEANT Symposium – cloud security track With grateful thanks for the input.
Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Enabling Grids for E-sciencE EGEE III Security Training and Dissemination Mingchao Ma, STFC – RAL, UK OSCT Barcelona 2009.
Security Update WLCG GDB CERN, 12 June 2013 David Kelsey STFC/RAL.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
15-Dec-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint Security Policy Group) CERN 15 December 2004 David Kelsey CCLRC/RAL,
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.
Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.
IOTA AP Towards Differentiated Identity Assurance David Groep, Nikhef supported by the Netherlands e-Infrastructure and SURFsara.
Open Science Grid Security Activities Mine Altunay, FNAL OSG Security Officer For the OSG Security Team: Doug Olson, Deputy Security Officer, LBNL, Jim.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) WLCG GDB, CERN 10 Jul 2013.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
Additional Services: Security and IPv6 David Kelsey STFC-RAL.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI SPG future work EGI Technical Forum Lyon, 21 Sep 2011 David Kelsey, STFC/RAL.
EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.
Federated Identity Management for Scientific Collaborations The Common Vision David Kelsey (STFC) 3 Nov 2011.
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
Security Policy Update WLCG GDB CERN, 8 Dec 2010 David Kelsey STFC/RAL david.kelsey AT stfc.ac.uk.
INFSO-RI Enabling Grids for E-sciencE Joint Security Policy Group David Kelsey, CCLRC/RAL, UK 3 rd EGEE Project.
LCG User, Site & VO Registration in EGEE/LCG Bob Cowles OSG Technical Meeting Dec 15-17, 2004 UCSD.
LCG Pilot Jobs + glexec John Gordon, STFC-RAL GDB 7 December 2007.
Traceability WLCG GDB Amsterdam, 7 March 2016 David Kelsey STFC/RAL.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security aspects (based on Romain Wartel’s.
David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.
Who doesn’t need to be WISE? Bringing into reality global information security collaboration Alessandra Scicchitano GÉANT - Project Development Officer.
Grid Security Policy: EGEE to EGI David Kelsey (RAL) 16 Sep 2009 JSPG meeting, DFN Berlin david.kelsey at stfc.ac.uk.
News from EUGridPMA EGI OMB, 22 Jan 2013 David Kelsey (STFC) Using notes from David Groep 22/01/20131EUGridPMA News.
PRACE security Jules Wolfrat, SURFsara, The Netherlands April 25, 2013, EGI CSIRT meeting, Linköping, Sweden 10 May Montpellier.
Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Utrecht NA3 Task 4 – Scalable Policy Negotiation.
Cloud Security Session: Introduction 25 Sep 2014Cloud Security, Kelsey1 David Kelsey (STFC-RAL) EGI-Geant Symposium Amsterdam 25 Sep 2014.
Security Policy Update WLCG GDB CERN, 11 June 2008 David Kelsey STFC/RAL
SCI & Sirtfi David Kelsey (STFC-RAL) EGI Conference, Lisbon 19 May 2015.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014.
WISE Information Security for Collaborating E-Infrastructures
Mastering the Art of Collaboration for WISEr Global Security
Security Management Geant SIG-SIM – Alf Moens
WISE 2016 WISE: a global trust community where security experts share information and work together, creating collaboration among different e- infrastructures.
David Kelsey STFC-RAL 4th WISE workshop, Nikhef 27 March 2017
David Kelsey STFC-RAL 2nd WISE workshop, XSEDE16, Miami 18 July 2016
EGI Security Policy Update
Federated Identity Management for Scientific Collaborations
Policy in harmony: our best practice
Assessing Combined Assurance
Updated (VO) Community Security Policies
Supporting communities with harmonized policy
EUGridPMA Status and Current Trends and some IGTF topics March 2018 APGridPMA ISGC Meeting David Groep, Nikhef & EUGridPMA.
OIDC Federation for Infrastructures
David Kelsey (STFC-RAL)
WISE Information Security for collaborating e-Infrastructures David Kelsey (STFC-RAL, UK Research and Innovation) ISGC2019, Taipei, 2 April 2019 In collaboration.
Federated Incident Response
WISE, SCI & policy templates David Kelsey (STFC-RAL, UK Research and Innovation) FIM4R & TIIME, Vienna, 11 February 2019.
Presentation transcript:

A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015

Authors of the 1 st SCI paper K. Chadwick (FNAL) I. Gaines (FNAL) D. Groep (Nikhef) U. Kaila (CSC) C. Kanellopoulos (GRNET) D. Kelsey (STFC) J. Marsteller (PSC) R. Niederberger (FZ-Juelich) V. Ribaillier (IDRIS) R. Wartel (CERN) W. Weisz (University of Vienna) J. Wolfrat (SURFsara) 20/10/15SCI at 1st WISE2

Early days of Grid Security Policy Joint (WLCG/EGEE) Security Policy Group (JSPG) In 2005 – EGEE, OSG, WLCG agreed a common version of the Grid Acceptable Use Policy Accepted by all users during registration with a VO – And used by many other (Grid) Infrastructures EGI and WLCG in general continue to use the same Security Policies Often not easy to agree on identical policy words 20/10/15SCI at 1st WISE3

Building a new Trust Framework There are several large-scale production Distributed Computing Infrastructures – Grids, Clouds, HPC, HTC, … Each includes resources, users, policies and procedures Subject to many common security threats – Common technologies – Common users (spreading infections) Need to share information and work together on security operations 20/10/15SCI at 1st WISE4

Security for Collaborating Infrastructures (SCI) A collaborative activity of information security officers from large-scale infrastructures – EGI, OSG, PRACE, EUDAT, CHAIN, WLCG, XSEDE, … We are developing a Trust framework – Enable interoperation (security teams) – Manage cross-infrastructure security risks – Develop policy standards – Especially where not able to share identical security policies 20/10/15SCI at 1st WISE5

SCI Document Proceedings of the ISGC 2013 conference The document defines a series of numbered requirements in 6 areas 20/10/15SCI at 1st WISE6

SCI: areas addressed Operational Security Incident Response Traceability Participant Responsibilities – Individual users – Collections of users – Resource providers, service operators Legal issues and Management procedures Protection and processing of Personal Data/Personally Identifiable Information 20/10/15SCI at 1st WISE7

SCI Assessment To evaluate extent to which requirements are met, we recommend Infrastructures to assess the maturity of their implementations According to following levels – Level 0: Function/feature not implemented – Level 1: Function/feature exists, is operationally implemented but not documented – Level 2: … and comprehensively documented – Level 3: … and reviewed by independent external body 20/10/15SCI at 1st WISE8

Recent news Last full meeting – 14/15 Jan 2015 (Berlin) after EUGridPMA meeting – Agreed we will continue to be part of IGTF SCI Charter Human Brain Project joins SCI document branched into Sirtfi – REFEDS – Security Incident Response in Federations Agreed we should organise a workshop (Oct 2015) – became this 1 st WISE event! 20/10/15SCI at 1st WISE9

Further info Security for Collaborating Infrastructures SCI meetings Sirtfi 20/10/1510SCI at 1st WISE

20/10/15SCI at 1st WISE11 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.