1. David Groep Nikhef Amsterdam PDP & Grid Some Comments on “Problem description for non-proliferation issues in Grids” Joint Security Policy Group 7 December 2009 Following from an EGI Council Input Document

2. David Groep Nikhef Amsterdam PDP & Grid IPM and the CMS collaboration LCG-CatchAll event Founding a national CA IGTF Distribution Release v1.22 On Those Who Must Not Be Named Differentiating Authentication & Authorization ◦... again (June 2009) History

3. David Groep Nikhef Amsterdam PDP & Grid New document (27 Nov 2009) Problem description for non-proliferation issues in Grids W. Juling (KIT and DFN), K. Schauerhammer (DFN), M. Spiro (CNRS and IN2P3), K. Ullmann (DFN), D. Vandromme (Renater) Sent to EGI Council Describing the Issue

4. David Groep Nikhef Amsterdam PDP & Grid I. Local distribution (i.e. in one legal organisation for example in a university), II. National distribution (i.e. in several legal organisations but all these organisations in one national legal area (i.e. country) or III. International distribution (same as national but the machines are distributed over several national legal areas (i.e. countries). Scenarios considered from the document

5. David Groep Nikhef Amsterdam PDP & Grid 1. What does in legal terms define a VO in scenario II and III? What is the liability of a VO? 2. What is the minimum necessary for the formulation of a common (to that Grid) legal framework for the contractual relation between a VO and the consortium of resource providers covering UN Security Council resolutions for scenario II (national Grid)? 3. What is the minimum necessary for the formulation of a common (to that Grid) legal framework for the contractual relation between a VO and the consortium of resource providers covering UN embargo decisions for scenario III (international Grid)? 4. What is the liability of a “responsible person” as defined in II and III? Problems identified in II and III from the document

6. David Groep Nikhef Amsterdam PDP & Grid A possible track for an implementation of these ideas could be the following model: a) An individual charter of good conduct1 signed by the user (as a person) and its employer: this would allow the employer to take measures in case of misconduct of the user of the GRID. Often such issues may be covered already in the employment contracts. b) A charter of good conduct between a VO and its users c) A MoU signed by each VO and the resource providers / resource provider consortium where the VO manager through national VO representatives commits to monitor the use of resources for the application the VO is responsible of, and where the resource providers commit for the site non vulnerability and security. Finally the NGI could monitor the functioning of this machinery in each country. Possible implementation from the document

7. David Groep Nikhef Amsterdam PDP & Grid Responsibilities Arising from the document

8. David Groep Nikhef Amsterdam PDP & Grid AuthN and AuthZ got their proper place! Responsibilities roughly resemble current policy Good inventory of issues, likely supported by Council We can’t suppress the issue anymore, it seems Proposed “MoU” for the VOs ◦ Potential to be extremely heavy and scare user communities away ◦ Do all VOs have ‘national VO representatives’? ◦ Compulsory monitoring by VO managers? ◦ Proposed ‘commitment’ by sites unachievable ◦ NGI gets a role, but can it take this responsibility? High potential for ‘back-pollution’ NGIs and Sites Special role for NPT in Statutes is rather ‘weird’ The Good and the Improvable

9. David Groep Nikhef Amsterdam PDP & Grid Anticipate responsibility scheme? Disseminate JSPG policy set? Encourage a realistic approach to VO responsibilities? Introduce ‘home grid’ for VOs to ease VO registration? Come up with a more generic statement regarding permitted use of EGI ◦ Keeping in mind differences between National Legal Areas ◦ Scoping it to EGI and cross-national VOs ◦ Make the Statutes clause less ‘obviously targeted’ Continue to be vigilant: is banning ‘dual use codes’ next? What to do?