Скачать презентацию Security Area in Grid PP 2 Proforma-2 Скачать презентацию Security Area in Grid PP 2 Proforma-2

f667d0ac8516b0a88084f8a35ff08456.ppt

  • Количество слайдов: 13

Security Area in Grid. PP 2 • “Proforma-2 posts” overview • Deliverables – Local Security Area in Grid. PP 2 • “Proforma-2 posts” overview • Deliverables – Local Access – Local Usage – VO Tools – Security co-ordination – Tier 2 VO and Security posts • Future LCG/EGEE Security Work • Dissemination Andrew. Mc. Nab@man. ac. uk Security Area in Grid. PP 2 4 Mar 2004

Grid. PP 2 Posts • 1. 0 for Local Access Control (Manchester) – GACL Grid. PP 2 Posts • 1. 0 for Local Access Control (Manchester) – GACL and Grid. Site Library extensions • 1. 0 for Local Usage Control (Manchester) – For sites to control disk use etc • 0. 5 for VO Tools (Manchester) – Grid. Site • 1. 0 for Security co-ordination (RAL) – Mostly LCG follow-on from EDG Security Group • 0. 5 for Tier-2 VO Operations (Manchester) • 1. 0 for Tier-2 Security Officer (RAL) Andrew. Mc. Nab@man. ac. uk Security Area in Grid. PP 2 4 Mar 2004

Deliverables: Task 1 • Task 1 Local Access Control (1. 0 FTE) – Month Deliverables: Task 1 • Task 1 Local Access Control (1. 0 FTE) – Month 6 Hardening of Grid. Site and Slash. Grid for bulk file handling – Month 12 Profile for use of XACML policy language – Month 18 XACML and C/C++/Java support via GACL API – Month 24 Updates integrated into Slash. Grid and Grid. Site releases – Month 30 Further performance and robustness requirements/improvements – Month 36 Final release of standards-based Grid. Site/GACL library Andrew. Mc. Nab@man. ac. uk Security Area in Grid. PP 2 4 Mar 2004

Deliverables: Task 2 • Task 2 Local Usage Control (1. 0 FTE) – Month Deliverables: Task 2 • Task 2 Local Usage Control (1. 0 FTE) – Month 6 Requirements gathering for Usage Control – Month 12 Prototype application of Usage Control to services – Month 18 Prototype XML representation of Usage Control – Month 24 Slash. Grid and Grid. Site releases with support for Usage Control – Month 30 Co-ordination of standards with GGF etc accounting groups – Month 36 Final release, including reporting usage to Virtual Organization Andrew. Mc. Nab@man. ac. uk Security Area in Grid. PP 2 4 Mar 2004

Deliverables: Task 3 • Task 3 Virtual Organization Tools (0. 5 FTE) – Month Deliverables: Task 3 • Task 3 Virtual Organization Tools (0. 5 FTE) – Month 6 Integration of VOMS interface to Grid. Site lightweight groups – Month 12 Improvements to Grid. Site user interface after users survey – Month 18 Ad-hoc group creation and user tools – Month 24 Prototype usage control/reporting in Grid. Site – Month 30 Implementation of further requirements after initial deployment – Month 36 Final release of standards-based VO usage administration Andrew. Mc. Nab@man. ac. uk Security Area in Grid. PP 2 4 Mar 2004

Deliverables: Task 4 • Task 4 Security coordination, policies, quality assurance and documentation (1. Deliverables: Task 4 • Task 4 Security coordination, policies, quality assurance and documentation (1. 0 FTE) – M 6 – – – Define the relationship of LCG security coordination to JRA 3 and SA 1 activities in EGEE M 6 Define and agree QA procedures with tasks 1 to 3. M 9 Contribute to the Security Coordination and Policy issues for the LCG TDR M 12 Complete evaluation of the Security Middleware documentation and propose and implement improvements M 24 Produce a Quality Assurance report on all security middleware developments M 30 Coordinate the implementation of LCG security policy and procedures for LCG Phase-2 Andrew. Mc. Nab@man. ac. uk Security Area in Grid. PP 2 4 Mar 2004

Deliverables: VO Operations • 0. 5 FTE • Quaterly reports to Grid. PP – Deliverables: VO Operations • 0. 5 FTE • Quaterly reports to Grid. PP – Status of services, account of support undertaken and plans for next quarter • Three annual reports – At M 12, M 24 and M 36 – Assessing the virtual organization middleware deployed – Feedback to developers within Grid. PP and other projects, in light of operational experience Andrew. Mc. Nab@man. ac. uk Security Area in Grid. PP 2 4 Mar 2004

Deliverables: Security Officer • • • 1. 0 FTE M 3 Produce and negotiate Deliverables: Security Officer • • • 1. 0 FTE M 3 Produce and negotiate Incident Response Procedure M 6 Perform a Security Risk Analysis in collaboration with the Tier 2 M 6 Produce and negotiate a Grid. PP Security Policy and other rules M 9 Produce an agreed firewall guide for Grid. PP M 12 Prepare annual summary of security incidents, issues and policy M 15 Investigate the feasibility of a Grid Intrusion Monitoring and Detection service and implement if appropriate M 18 Organise a Grid. PP security operations workshop M 24 Prepare the second annual summary of Grid. PP security incidents, issues and policy M 36 Prepare the final summary of Grid. PP security incidents, issues and policy Andrew. Mc. Nab@man. ac. uk Security Area in Grid. PP 2 4 Mar 2004

Future LCG/EGEE work (1) (slides from David Kelsey) • Authentication – Continue and expand Future LCG/EGEE work (1) (slides from David Kelsey) • Authentication – Continue and expand the EDG PKI – Secure credential management: online services, Smart. Cards – Faster and more robust certificate revocation, e. g. OCSP • Restricted delegation • Confidentiality – Integrate and deploy the proposed solution for the old WP 10's applications Andrew. Mc. Nab@man. ac. uk Security Area in Grid. PP 2 4 Mar 2004

Future LCG/EGEE work (2) • Authorization – Fuller use of VOMS Auth. Z credentials Future LCG/EGEE work (2) • Authorization – Fuller use of VOMS Auth. Z credentials – Mutual Auth. Z: VOs should approve resources and services – Convergence with GGF standards (XACML, SAML, …) • Build on Data. Grid design and components for industrial strength – PKI/SSL authentication, standards-based authorization, WS-security, … Andrew. Mc. Nab@man. ac. uk Security Area in Grid. PP 2 4 Mar 2004

Grid. PP Security dissemination • Grid. Site and Security Middleware readily applicable to other Grid. PP Security dissemination • Grid. Site and Security Middleware readily applicable to other projects – All projects need a website – All projects need security • (write access control if nothing else) • We're talking to other projects which are interested in using Grid. PP security middleware – In particular, MRC projects (HIC, CLEF, Psy. Grid) • We intend to submit Grid. Site to OMII repository • Other possibilities in the pipeline. . . Andrew. Mc. Nab@man. ac. uk Security Area in Grid. PP 2 4 Mar 2004

“gridsite. org” • Shorthand for making Grid. Site an Open Source project, with external “gridsite. org” • Shorthand for making Grid. Site an Open Source project, with external involvement • We noticed that most of the users installed the software without first asking for help/support • We're trying to encourage this: – Source and binary distributions – User, Admin, Install guides, man pages etc – Publically available CVS + Bugtrack (thanks to EDG and now LCG Savannah) – Public announcement and discussion mailing lists – Pointers to free/cheap/lightweight X. 509 CAs Andrew. Mc. Nab@man. ac. uk Security Area in Grid. PP 2 4 Mar 2004

Summary Middleware concentrates on local access/usage Some work also on lightweight VO support Migrating Summary Middleware concentrates on local access/usage Some work also on lightweight VO support Migrating to standards (eg XACML) Funding to support continued [EDG|LCG] Security Group leadership by David Kelsey • Tier-2 VO and Security Officer posts involved in the programme as on site “customers” • But we need to make more links to other LCG, EGEE, ARDA etc middleware projects • • Andrew. Mc. Nab@man. ac. uk Security Area in Grid. PP 2 4 Mar 2004