Presentation is loading. Please wait.

Presentation is loading. Please wait.

Policy in harmony: our best practice

Published byΠτολεμαῖος Δουμπιώτης Modified over 6 years ago

Similar presentations

Presentation on theme: "Policy in harmony: our best practice"— Presentation transcript:

1 Policy in harmony: our best practice
A Kit List for Communities David Groep NA3 Coordinator Dutch National Institute for Subatomic Physics Nikhef AARC2 AHM3 Athens meeting April 2018

2 A tour of the policy space in AARC2
Operational Security for FIM Communities supporting policies for Infrastructures bulk model 167 entities Baseline Assurance known individual Password authenticator Documented vetting Persistent identifiers Self-assessment Fresh status attribute few unalienable expectations by research and collaborative services ‘low-risk’ use cases generic e-Infrastructure services access to common compute and data services that do not hold sensitive personal data protection of sensitive resources access to data of real people, where positive ID of researchers and 2-factor authentication is needed Slice includes: assumed ID vetting ‘Kantara LoA2’, ‘eIDAS low’, or ‘IGTF BIRCH’ Affiliation freshness better than 1 month Good entropy passwords Verified ID vetting ‘eIDAS substantial’, ‘Kantara LoA3’ Multi-factor authenticator support for Researchers & Community Engagement and Harmonisation 2

3 Improving operational security readiness for FIM (“T1”)
Define & test model for organizations (IdP) to share info on account compromises Attribute authority operations (security) practices Access control, integrity and availability of IdP-SP-Proxies Detect, connect, mitigate 243 IdPs now support Sirtfi and 65 SPs and proxies What happens when you try the model? How does this work when you involve community AAs? How can Sirtfi protect the communities and proxies? Hannah Short: before coffee

4 Impact of GDPR and risk assessment guidance
Service-centric policy support: ‘helping out’ the Infrastructures (“T2”) Develop traceability and accounting data-collection policy framework based on SCI e.g. why SCI & peer review may more appropriate than trying 27k and audits for Infrastructures? construct (‘service’ part of) a Policy Development Kit for Infrastructures Impact of GDPR and risk assessment guidance Protection of aggregations of accounting data by (user) communities Policy recommendations accompanying technical ‘JRA1’ recommendations Uros Stevanovic: after coffee

5 Researcher-centric policy support (“T3”)
Recommendations for baseline “policy profiles” for FIM Communities & Infrastructures for users, communities, identity providers: reducing “policy silos” hindering interoperation commonality between acceptable use policies through assurance profiles support community management, also to ease use of the generic e-Infrastructures can you support trustworthy community operations? How should a community collaborate in the Infra ecosystem, now that we have very ‘powerful’ communities? Mikael & Jule: Assurance after Coffees Ian Neilson: after coffee

6 Policy guidance: generic and community-targeted

7 Engagement and coordination with the global FIM community (“T4”)
Develop Adopt Through WISE/SCI REFEDS IGTF … and all willing policy & CSIRT groups In your Community, use Persistent, non-reassigned identifiers Snctfi Trusted Community Attributes Self-assessment and peer review methods Snctfi Scalable Negotiator for a Community Trust Framework in Federated Infrastructures Derived from SCI, the framework on Security for Collaboration among Infrastructures Structure for the wider policy development kit AEGIS AARC Engagement & FIM4R help us progress by adopting results assessment of SCIv2 Dave Kelsey: FIM4R before coffee

8 We will need your input today … and thereafter!
Operational Security and Incident Response Beyond Sirtfi, involving the proxies and proxy operators: we need volunteers to try (& ‘buy’) Cross-domain trust groups spanning Infrastructures & eduGAIN Support Desk to aid resolution Service-centric policies Community Risk Assessment, GDPR, and TF-DPR impact on accounting (and your use cases!) Policy framework: what do you need in a policy development kit for Infrastructures? e-Researcher-Centric Policies Assurance profiles: exchanging information between Infrastructures and the ‘Snctfi’ scenario Align practices for community policies, and a baseline AUP Policy Development Engagement and Coordination Policy development and engagement ‘kit’ – via existing groups, and trainings, WISE, IGTF, and FIM4R Targeted guidance for (AARC) use cases and communities – ‘/guidelines’

9 Best Practice session 10:00-11:00 10.00 Introduction to the NA3 activities (DavidG) Operational Security: the Sirtfi Challenge (Hannah) FIM4R and the FIM4R Paper (DaveK) 11:00-11:30 Break 11:30- 13:00 11.30 REFEDS Assurance evolution (Mikael, Jule) Data Protection and Risk Assessment for communities (Uros) and input from the AARC use cases (Uros) Acceptable Use Policy alignment study and towards a basic AUP (IanN) Policy Development Kit: supporting communities with template policies (Hannah, Uros)

10

Download ppt "Policy in harmony: our best practice"

Similar presentations

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.

Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.

Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Mikael Linden AARC all hands Milan Authentication and Authorisation.

Authentication and Authorisation for Research and Collaboration Mikael Linden AARC all hands Milan Authentication and Authorisation.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration David Groep AARC All Hands meeting Milano Policy and Best Practice.

Authentication and Authorisation for Research and Collaboration David Groep AARC All Hands meeting Milano Policy and Best Practice.
David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.

David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Utrecht NA3 Task 4 – Scalable Policy Negotiation.

Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Utrecht NA3 Task 4 – Scalable Policy Negotiation.
IGTF in 10 years enabling the interoperable global trust federation Nikhef, Amsterdam supported the Dutch national e-Infrastructure funded and coordinated.

IGTF in 10 years enabling the interoperable global trust federation Nikhef, Amsterdam supported the Dutch national e-Infrastructure funded and coordinated.
SCI & Sirtfi David Kelsey (STFC-RAL) EGI Conference, Lisbon 19 May 2015.

SCI & Sirtfi David Kelsey (STFC-RAL) EGI Conference, Lisbon 19 May 2015.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014.

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014.
Building Trust for Research and Collaboration

Building Trust for Research and Collaboration
Introduction to AAI Services

Introduction to AAI Services
David Kelsey STFC-RAL 4th WISE workshop, Nikhef 27 March 2017

David Kelsey STFC-RAL 4th WISE workshop, Nikhef 27 March 2017
Boosting AAI for research and collaboration

Boosting AAI for research and collaboration
RCauth.eu CILogon-like service in EGI and the EOSC

RCauth.eu CILogon-like service in EGI and the EOSC
Cross-sector and user-centric AAI

Cross-sector and user-centric AAI
The Policy Puzzle Many groups and (proposed) policies, but leaving many open issues AARC “NA3” is tackling a sub-set of these “Levels of Assurance” –

The Policy Puzzle Many groups and (proposed) policies, but leaving many open issues AARC “NA3” is tackling a sub-set of these “Levels of Assurance” –

Similar presentations

Ads by Google