Presentation is loading. Please wait.

Presentation is loading. Please wait.

WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.

Published byNoah O’Brien’ Modified over 8 years ago

Similar presentations

Presentation on theme: "WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013."— Presentation transcript:

1 WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013

2 And many thanks to SCI members K. Chadwick (FNAL) R. Cowles (Univ of Indiana) I. Gaines (FNAL) D. Groep (Nikhef) U. Kaila (CSC) C. Kanellopoulos (GRNET) J. Marsteller (PSC) R. Niederberger (FZ-Juelich) V. Ribaillier (IDRIS) R. Wartel (CERN) W. Weisz (University of Vienna) J. Wolfrat (SURFsara) 17/10/13SCI at CHEP20132

3 Outline What is Trust and why do we need it? Early days of cooperation in security policy Building a new Trust Framework – Security for Collaborating Infrastructures (SCI) The SCI document Assessment versus SCI requirements Future plans 17/10/133SCI at CHEP2013

4 Trust? 17/10/134SCI at CHEP2013

5 A better definition of Trust eXtreme Scale Identity Management for Scientific Collaborations XSIM (Bob Cowles) – “Trust is a disposition willingly to accept the risk of reliance on a person, entity, or system to act in ways that benefit, protect, or respect one’s interests in a given domain.” Based on Nickel & Vaesen, Sabine Roeser, Rafaela Hillerbrand, Martin Peterson & Per Sandin (eds.), Handbook of Risk Theory. Springer (2012) 17/10/13SCI at CHEP20135

6 Risk Management & Trust Management of IT security – Management of risk – balanced with availability of services Risk analysis Security Plan to mitigate and manage the risks Security Plan includes various “Controls” – Technical – Operational – Management Security Policy is part of Management Controls Agreed policy framework – part of building trust 17/10/13SCI at CHEP20136

7 Early days of Grid Security Policy Joint (WLCG/EGEE) Security Policy Group We (EGEE, OSG, WLCG) agreed a common version of the Grid Acceptable Use Policy EGI and WLCG in general continue to use the same Security Policies BUT often not easy to agree on identical policy words We need a better way of agreeing policy 17/10/13SCI at CHEP20137

8 17/10/13SCI at CHEP20138 And now to SCI …

9 Security for Collaborating Infrastructures (SCI) A collaborative activity of information security officers from large-scale infrastructures – EGI, OSG, PRACE, EUDAT, CHAIN, WLCG, XSEDE, … Developed out of EGEE – started end of 2011 We are developing a Trust framework – Enable interoperation (security teams) – Manage cross-infrastructure security risks – Develop policy standards – Especially where not able to share identical security policies 17/10/13SCI at CHEP20139

10 SCI Document V1 of the SCI document was submitted to ISGC 2013 proceedings – Will (hopefully) be published soon Latest public draft always at http://www.eugridpma.org/sci/ http://www.eugridpma.org/sci/ 17/10/13SCI at CHEP201310

11 SCI: areas addressed Operational Security Incident Response Traceability Participant Responsibilities – Individual users – Collections of users – Resource providers, service operators Legal issues and Management procedures Protection and processing of Personal Data/Personally Identifiable Information 17/10/13SCI at CHEP201311

12 SCI example text: Incident Response Imperative that an infrastructure has an organised approach to addressing and managing events that threaten the security of resources, data and overall project integrity. Each infrastructure must have: [IR1] Security contact information for all service providers, resource providers and communities together with expected response times for critical situations. [IR2] A formal Incident Response procedure, which must address roles and responsibilities, identification and assessment of … (text continues) And continues … 17/10/13SCI at CHEP201312

13 SCI Assessment of maturity To evaluate extent to which requirements are met, we recommend Infrastructures to assess the maturity of their implementations According to following levels – Level 0: Function/feature not implemented – Level 1: Function/feature exists, is operationally implemented but not documented – Level 2: … and comprehensively documented – Level 3: … and reviewed by independent external body 17/10/13SCI at CHEP201313

14 A fictitious assessment 17/10/13SCI at CHEP201314

15 Future plans Version of 1 document – Now working on a background section and a glossary Consult Infrastructure Management – Feedback on SCI document Perform self-assessments Refine the SCI document Others are welcome to join – Contact me 17/10/13SCI at CHEP201315

16 Further info Security for Collaborating Infrastructures http://www.eugridpma.org/sci/ SCI meetings https://indico.cern.ch/categoryDisplay.py?categId=68 17/10/1316SCI at CHEP2013

17 17/10/13SCI at CHEP201317 Questions?

Download ppt "WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013."

Similar presentations

GGF16, Athens AuthZ Interoperability Here and Now Workshop, 16 Feb 2006.

GGF16, Athens AuthZ Interoperability Here and Now Workshop, 16 Feb 2006.
Intro. Website Purposes  Provide templates and resources for developing early childhood interagency agreements and collaborative procedures among multiple.

Intro. Website Purposes  Provide templates and resources for developing early childhood interagency agreements and collaborative procedures among multiple.
9/25/08DLP1 OSG Operational Security D. Petravick For the OSG Security Team: Don Petravick, Bob Cowles, Leigh Grundhoefer, Irwin Gaines, Doug Olson, Alain.

9/25/08DLP1 OSG Operational Security D. Petravick For the OSG Security Team: Don Petravick, Bob Cowles, Leigh Grundhoefer, Irwin Gaines, Doug Olson, Alain.
Trust Model for eXtreme Scale Identity Management (XSIM) in Scientific Collaborations Bob Cowles, Craig Jackson, Von Welch (PI) VAMP 2013 30 September.

Trust Model for eXtreme Scale Identity Management (XSIM) in Scientific Collaborations Bob Cowles, Craig Jackson, Von Welch (PI) VAMP September.
Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.

Authorization WG Update David Kelsey EU Grid PMA, Copenhagen 27 May 2008.
INFSO-RI-508833 Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK

INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.

Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
Best Practices Working Group June 19-21, 2001 Munich, Germany.

Best Practices Working Group June 19-21, 2001 Munich, Germany.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI Security Policy Group EGI Technical Forum Sep 2010 David Kelsey.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Security Policy Group EGI Technical Forum Sep 2010 David Kelsey.
Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Developing a result-oriented Operational Plan Training

Developing a result-oriented Operational Plan Training
Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.

Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Security Update WLCG GDB CERN, 12 June 2013 David Kelsey STFC/RAL.

Security Update WLCG GDB CERN, 12 June 2013 David Kelsey STFC/RAL.
InWEnt | Qualified to shape the future1 Internet based Human Resource Development Management Platform Human Resource Development Programme in Natural Disaster.

InWEnt | Qualified to shape the future1 Internet based Human Resource Development Management Platform Human Resource Development Programme in Natural Disaster.
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
9-Sep-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 9 September 2003 David Kelsey CCLRC/RAL, UK

9-Sep-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 9 September 2003 David Kelsey CCLRC/RAL, UK
7 th FIM 4 R meeting 23-24 April 2014 ESRIN Frascati.

7 th FIM 4 R meeting April 2014 ESRIN Frascati.

Similar presentations

Ads by Google