Open Science Grid Security Activities Mine Altunay, FNAL OSG Security Officer For the OSG Security Team: Doug Olson, Deputy Security Officer, LBNL, Jim Basney NCSA, Ron Cudzewicz FNAL, Grid Deployment Board July 9, 2008
OSG Security: Organization and Interfaces 2 07/09/2008 Altunay, OSG Security, GDB July, 2008 OSG Security Team Middle ware Security Group Joint Security Policy Group Intl Grid Trust Federation Partner Grids Incident Response Basney EUGridPMA Olson TAGPMA M. Altunay Wartel (EGEE-OSCT), Marsteller (TG), NDGF, … J.Basney Altunay co-chair with Witzig OSG VO and Site Security Contacts Altunay: VDT Security Officer WLCG Dave Kelsey WLCG Security Coordinator Altunay & Witzig VDT Security & OSG Operations & OSG Core Assets
Interfaces between OSG and WLCG Some questions: Only through JSPG and MWSG ??? Should there be a separate direct arrow between OSG Security and WLCG What about VDT Security Officer Another direct arrow from VDT to WLCG? Any additions to the previous picture, any mistakes? 3 07/09/2008 Altunay, OSG Security, GDB July, 2008
Interfaces between OSG and JSPG New JSPG Mandate JSPG reports to WLCG Dave Kelsey -- also WLCG Security Coordinator No WLCG Security Officer OSG only gives feedback for the policies – no mandatory inclusion of JSPG policies OSG ED is part of WLCG MB and relays OSG concerns at MB 4 07/09/2008 Altunay, OSG Security, GDB July, 2008
Recent WLCG Security Challenge USCMS received pretty poor scores OSG is actively working on it Held a meeting on 6/27 with USCMS Discovered policy problems Unawareness of WLCG incident response procedure Policy enactment issues: lack of CMS security contacts at FNAL Going back to tie between OSG and WLCG Should OSG Security be involved with next challenges? Are we missing a link here? 5 07/09/2008 Altunay, OSG Security, GDB July, 2008
A Recent Incident at Atlas We had a security incident at AGLT2 (Atlas) Have not completed the post-mortem and no operational disruption Take-home messages: What we learned Good test for Atlas security officers: John Hover USAtlas Security Officer Atlas Security Officer: Alessandro de Salvo (OSG did not have his contact before) Very important for VOs to identify Security Officers. We worked with CMS (Marie-Christine Sawley) Other VOs ? 6 07/09/2008 Altunay, OSG Security, GDB July, 2008
VO Policies & Security Duties Urged and educated VOs for their security policies and work at OSG Users meeting A VO must have Security Officers: intl and local levels Operations and Management contacts local contacts (in USA) are registered with OSG A clear user registration workflow – presented a sample policy template to OSG VOs A clear AUP – presented a template to OSG VOs 5 VOs are preparing their policies: CMS, USAtlas, Edu, OSG VO, Engage More VOs to come Essential for Incident Response 7 07/09/2008 Altunay, OSG Security, GDB July, 2008