Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.

Published byHarvey Green Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage."— Presentation transcript:

1 Andrew.McNab@man.ac.uk Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage – VO Tools – Security co-ordination – Tier 2 VO and Security posts Future LCG/EGEE Security Work Dissemination

2 Andrew.McNab@man.ac.uk Security Area in GridPP2 4 Mar 2004 GridPP 2 Posts 1.0 for Local Access Control (Manchester) – GACL and GridSite Library extensions 1.0 for Local Usage Control (Manchester) – For sites to control disk use etc 0.5 for VO Tools (Manchester) – GridSite 1.0 for Security co-ordination (RAL) – Mostly LCG follow-on from EDG Security Group 0.5 for Tier-2 VO Operations (Manchester) 1.0 for Tier-2 Security Officer (RAL)

3 Andrew.McNab@man.ac.uk Security Area in GridPP2 4 Mar 2004 Deliverables: Task 1 Task 1 Local Access Control (1.0 FTE) – Month 6Hardening of GridSite and SlashGrid for bulk file handling – Month 12Profile for use of XACML policy language – Month 18XACML and C/C++/Java support via GACL API – Month 24Updates integrated into SlashGrid andGridSite releases – Month 30Further performance and robustness requirements/improvements – Month 36Final release of standards-based GridSite/GACL library

4 Andrew.McNab@man.ac.uk Security Area in GridPP2 4 Mar 2004 Deliverables: Task 2 Task 2 Local Usage Control (1.0 FTE) – Month 6Requirements gathering for Usage Control – Month 12Prototype application of Usage Control to services – Month 18Prototype XML representation of Usage Control – Month 24SlashGrid and GridSite releases with support for Usage Control – Month 30Co-ordination of standards with GGF etc accounting groups – Month 36Final release, including reporting usage to Virtual Organization

5 Andrew.McNab@man.ac.uk Security Area in GridPP2 4 Mar 2004 Deliverables: Task 3 Task 3 Virtual Organization Tools (0.5 FTE) – Month 6Integration of VOMS interface to GridSite lightweight groups – Month 12Improvements to GridSite user interface after users survey – Month 18Ad-hoc group creation and user tools – Month 24Prototype usage control/reporting in GridSite – Month 30Implementation of further requirements after initial deployment – Month 36Final release of standards-based VO usage administration

6 Andrew.McNab@man.ac.uk Security Area in GridPP2 4 Mar 2004 Deliverables: Task 4 Task 4 Security coordination, policies, quality assurance and documentation (1.0 FTE) – M6Define the relationship of LCG security coordination to JRA3 and SA1 activities in EGEE – M6Define and agree QA procedures with tasks 1 to 3. – M9Contribute to the Security Coordination and Policy issues for the LCG TDR – M12Complete evaluation of the Security Middleware documentation and propose and implement improvements – M24Produce a Quality Assurance report on all security middleware developments – M30Coordinate the implementation of LCG security policy and procedures for LCG Phase-2

7 Andrew.McNab@man.ac.uk Security Area in GridPP2 4 Mar 2004 Deliverables: VO Operations 0.5 FTE Quaterly reports to GridPP – Status of services, account of support undertaken and plans for next quarter Three annual reports – At M12, M24 and M36 – Assessing the virtual organization middleware deployed – Feedback to developers within GridPP and other projects, in light of operational experience

8 Andrew.McNab@man.ac.uk Security Area in GridPP2 4 Mar 2004 Deliverables: Security Officer 1.0 FTE M3 Produce and negotiate Incident Response Procedure M6 Perform a Security Risk Analysis in collaboration with the Tier 2 M6 Produce and negotiate a GridPP Security Policy and other rules M9 Produce an agreed firewall guide for GridPP M12 Prepare annual summary of security incidents, issues and policy M15 Investigate the feasibility of a Grid Intrusion Monitoring and Detection service and implement if appropriate M18 Organise a GridPP security operations workshop M24 Prepare the second annual summary of GridPP security incidents, issues and policy M36 Prepare the final summary of GridPP security incidents, issues and policy

9 Andrew.McNab@man.ac.uk Security Area in GridPP2 4 Mar 2004 Future LCG/EGEE work (1) (slides from David Kelsey) Authentication – Continue and expand the EDG PKI – Secure credential management: online services, SmartCards – Faster and more robust certificate revocation, e.g. OCSP Restricted delegation Confidentiality – Integrate and deploy the proposed solution for the old WP10's applications

10 Andrew.McNab@man.ac.uk Security Area in GridPP2 4 Mar 2004 Future LCG/EGEE work (2) Authorization – Fuller use of VOMS AuthZ credentials – Mutual AuthZ: VOs should approve resources and services – Convergence with GGF standards (XACML, SAML, …) Build on DataGrid design and components for industrial strength – PKI/SSL authentication, standards-based authorization, WS-security,…

11 Andrew.McNab@man.ac.uk Security Area in GridPP2 4 Mar 2004 GridPP Security dissemination GridSite and Security Middleware are readily applicable to other projects – All projects need a website – All projects need security (write access control if nothing else) We're talking to other projects which are interested in using GridPP security middleware – In particular, MRC projects (HIC, CLEF, PsyGrid) We intend to submit GridSite to OMII repository Other possibilities in the pipeline...

12 Andrew.McNab@man.ac.uk Security Area in GridPP2 4 Mar 2004 “gridsite.org” Shorthand for making GridSite an Open Source project, with external involvement We noticed that most of the users installed the software without first asking for help/support We're trying to encourage this: – Source and binary distributions – User, Admin, Install guides, man pages etc – Publically available CVS + Bugtrack (thanks to EDG and now LCG Savannah) – Public announcement and discussion mailing lists – Pointers to free/cheap/lightweight X.509 CAs

13 Andrew.McNab@man.ac.uk Security Area in GridPP2 4 Mar 2004 Summary Middleware concentrates on local access/usage Some work also on lightweight VO support Migrating to standards (eg XACML) Funding to support continued [EDG|LCG] Security Group leadership by David Kelsey Tier-2 VO and Security Officer posts involved in the programme as on site “customers” But we need to make more links to other LCG, EGEE, ARDA etc middleware projects

Download ppt "Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage."

Similar presentations

24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK

24-May-01D.P.Kelsey, GridPP WG E: Security1 GridPP Work Group E Security Development David Kelsey CLRC/RAL, UK
5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK

5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK
Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.

Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.

Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
20 March 2007 VOMS etc - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.

20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK

30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK
EC Review – 01/03/2002 – G. Zaquine – Quality Assurance – WP12 – CS-SI – n° 1 DataGrid Quality Assurance Gabriel Zaquine Quality Engineer - WP12 – CS-SI.

EC Review – 01/03/2002 – G. Zaquine – Quality Assurance – WP12 – CS-SI – n° 1 DataGrid Quality Assurance Gabriel Zaquine Quality Engineer - WP12 – CS-SI.
EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.

EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.
GRACE Project IST-2001-38100 EGAAP meeting – Den Haag, 25/11/2004 Giuseppe Sisto – Telecom Italia Lab.

GRACE Project IST EGAAP meeting – Den Haag, 25/11/2004 Giuseppe Sisto – Telecom Italia Lab.
EGEE is a project funded by the European Union under contract IST-2003-508833 JRA1 Testing Activity: Status and Plans Leanne Guy EGEE Middleware Testing.

EGEE is a project funded by the European Union under contract IST JRA1 Testing Activity: Status and Plans Leanne Guy EGEE Middleware Testing.
Security Middleware and VOMS service status Andrew McNab Grid Security Research Fellow University of Manchester.

Security Middleware and VOMS service status Andrew McNab Grid Security Research Fellow University of Manchester.
Grid Security work in 2006 Andrew McNab Grid Security Research Fellow University of Manchester.

Grid Security work in 2006 Andrew McNab Grid Security Research Fellow University of Manchester.
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK

12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
EGEE ARM-2 – 5 Oct 2004 - 1 LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.

EGEE ARM-2 – 5 Oct LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.

INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
GGF12 – 20 Sept 2004 - 1 LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.

GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.
EGEE is a project funded by the European Union under contract IST-2003-508833 Testing processes Leanne Guy Testing activity manager JRA1 All hands meeting,

EGEE is a project funded by the European Union under contract IST Testing processes Leanne Guy Testing activity manager JRA1 All hands meeting,
Deployment Issues David Kelsey GridPP13, Durham 5 Jul 2005

Deployment Issues David Kelsey GridPP13, Durham 5 Jul 2005
3 June 2004GridPP10Slide 1 GridPP Dissemination Sarah Pearce Dissemination Officer

3 June 2004GridPP10Slide 1 GridPP Dissemination Sarah Pearce Dissemination Officer
Security Middleware in GridPP2 5 Feb 2004 Security Middleware in GridPP2 Current Status – GridSite GridPP2 Themes – libgridsite.

Security Middleware in GridPP2 5 Feb 2004 Security Middleware in GridPP2 Current Status – GridSite GridPP2 Themes – libgridsite.

Similar presentations

Ads by Google