Presentation is loading. Please wait.

Presentation is loading. Please wait.

David Kelsey STFC-RAL 4th WISE workshop, Nikhef 27 March 2017

Published byBrittney Bridges Modified over 6 years ago

Similar presentations

Presentation on theme: "David Kelsey STFC-RAL 4th WISE workshop, Nikhef 27 March 2017"— Presentation transcript:

1 David Kelsey STFC-RAL 4th WISE workshop, Nikhef 27 March 2017
WISE SCIV2-WG David Kelsey STFC-RAL 4th WISE workshop, Nikhef 27 March 2017

2 SCIV2-WG, 4th WISE workshop
Overview SCI version 1 document SCI maturity review WISE SCIV2-WG Aims/mandate Plans for tomorrow’s working group meeting And next couple of months 27Mar17 SCIV2-WG, 4th WISE workshop

3 Security for Collaborating Infrastructures (SCI)
A collaborative activity of information security officers from large-scale infrastructures EGI, OSG, PRACE, EUDAT, CHAIN, WLCG, XSEDE, HBP… Developed a Trust framework Enable interoperation (security teams) Manage cross-infrastructure security risks Develop policy standards Especially where not using identical security policies 27Mar17 SCIV2-WG, 4th WISE workshop

4 SCIV2-WG, 4th WISE workshop
SCI Document – V1 Proceedings of the ISGC 2013 conference The document defines a series of numbered requirements in 6 areas 27Mar17 SCIV2-WG, 4th WISE workshop

5 SCIV2-WG, 4th WISE workshop
SCI V1: areas addressed Operational Security Incident Response Traceability Participant Responsibilities Individual users Collections of users Resource providers, service operators Legal issues and Management procedures Protection and processing of Personal Data/Personally Identifiable Information 27Mar17 SCIV2-WG, 4th WISE workshop

6 SCIV2-WG, 4th WISE workshop
SCI Maturity To evaluate extent to which requirements are met, we recommend Infrastructures to assess the maturity of their implementations According to following levels Level 0: Function/feature not implemented Level 1: Function/feature exists, is operationally implemented but not documented Level 2: … and comprehensively documented Level 3: … and reviewed by independent external body We have a spreadsheet to help assess 27Mar17 SCIV2-WG, 4th WISE workshop

7 SCIV2-WG, 4th WISE workshop
Review An example of the info that can be recorded (part of the spreadsheet) 27Mar17 SCIV2-WG, 4th WISE workshop

8 SCIV2-WG, 4th WISE workshop
Review (2) 27Mar17 SCIV2-WG, 4th WISE workshop

9 SCIV2-WG, 4th WISE workshop
Now to the WISE SCIV2-WG 27Mar17 SCIV2-WG, 4th WISE workshop

10 SCIV2-WG, 4th WISE workshop
SCIV2-WG Aims/Mandate Work towards a Version 2 document Involve wider range of stakeholders GEANT, NRENS, Identity federations, … Address conflicts in version 1 for new stakeholders Add new topics/areas if needed security audit/peer review, security risk assessments and software security review Give guidance on the assessment of infrastructures against the SCI requirements We are not an operational security/trust group Not compete with other op sec trust activities But will seek feedback from such groups on our work 27Mar17 SCIV2-WG, 4th WISE workshop

11 SCIV2-WG, 4th WISE workshop
Other work FIM4R and REFEDS work The Security Incident Response Trust Framework for Federated Identity (Sirtfi) AARC policy work: Scalable Negotiator for a Community Trust Framework in Federated Infrastructures (Snctfi) Close to final draft – not yet public Both of the above are Creative Commons derivatives of SCI v1 In SCI version 3 we should see if we can re-merge But could also include some of the words in SCI V2 perhaps? 27Mar17 SCIV2-WG, 4th WISE workshop

12 SCIV2-WG, 4th WISE workshop
SCIV2-WG Workplan Work done already Self-assessments against Sections 4 (Operational Security) and 5 (Incident Response) of SCI version 1 To decide what guidance is needed and what words need to be changed (completed) Producing draft guidelines for same sections all topics considered and questions discussed (see wiki) 27Mar17 SCIV2-WG, 4th WISE workshop

13 SCIV2-WG, 4th WISE workshop
Next steps - Tomorrow! Tomorrow’s workshop Start with other sections (not OS nor IR) What to exclude? What is missing? Look at other input Back to Draft wording for OS and IR in version 2 By end of April (we can do it!) Agreed version 2 (final draft) – out to Stakeholders Draft of the V2 guidance document (by end May?) Or perhaps after TNC17 Sign-off at TNC17 (Linz 29 May – 1 June) 27Mar17 SCIV2-WG, 4th WISE workshop

14 SCIV2-WG, 4th WISE workshop
Questions? 27Mar17 SCIV2-WG, 4th WISE workshop

Download ppt "David Kelsey STFC-RAL 4th WISE workshop, Nikhef 27 March 2017"

Similar presentations

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.

Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.

Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.
Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.

Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.
WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.

WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.

Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.

Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.
Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.

Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.

A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) WLCG GDB, CERN 10 Jul 2013.

A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) WLCG GDB, CERN 10 Jul 2013.
Authentication and Authorisation for Research and Collaboration AARC Plenary, 03-11 Milano Melanie Imming, LIBER Authentication and Authorisation for Research.

Authentication and Authorisation for Research and Collaboration AARC Plenary, Milano Melanie Imming, LIBER Authentication and Authorisation for Research.
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.

Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
Additional Services: Security and IPv6 David Kelsey STFC-RAL.

Additional Services: Security and IPv6 David Kelsey STFC-RAL.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI SPG future work EGI Technical Forum Lyon, 21 Sep 2011 David Kelsey, STFC/RAL.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI SPG future work EGI Technical Forum Lyon, 21 Sep 2011 David Kelsey, STFC/RAL.
Federated Identity Management for Scientific Collaborations The Common Vision David Kelsey (STFC) 3 Nov 2011.

Federated Identity Management for Scientific Collaborations The Common Vision David Kelsey (STFC) 3 Nov 2011.
Security Policy Update WLCG GDB CERN, 8 Dec 2010 David Kelsey STFC/RAL david.kelsey AT stfc.ac.uk.

Security Policy Update WLCG GDB CERN, 8 Dec 2010 David Kelsey STFC/RAL david.kelsey AT stfc.ac.uk.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC CORBEL Workshop The AARC Project Paris, 31 May.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC CORBEL Workshop The AARC Project Paris, 31 May.

Similar presentations

Ads by Google