EGEE-II INFSO-RI- 031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE Security Coordination Group Linda Cornwall CCLRC (RAL) FP6 Security workshop at NEC, Sankt Augustin, Germany, 8-9 th June 2006
Dec 14, 2015
EGEE-II INFSO-RI-
031688
Enabling Grids for E-sciencE
www.eu-egee.org
EGEE Security Coordination Group
Linda Cornwall CCLRC (RAL)
FP6 Security workshop at NEC, Sankt Augustin, Germany, 8-9th June 2006
EGEE Security Coordination Group, June 8-9, 2006 2
Enabling Grids for E-sciencE
EGEE-II INFSO-RI-031688
SCG mandate
The Security Coordination Group (SCG) is responsible for ensuring the overall EGEE security coordination, including- architecture,- operations, - deployment, - standardisation and - cross-project collaboration.
The goal is to ensure the relationship between the various security related work items inside EGEE do not- adversely overlap (leading to duplication of effort) or - leave gaps that could be exploited.
EGEE Security Coordination Group, June 8-9, 2006 3
Enabling Grids for E-sciencE
EGEE-II INFSO-RI-031688
SCG involved groups
EUGridPMA
Joint
Security
Policy
Group
MiddleWare
Security
Group
Policies Architecture
gLite Security
Trust anchor
IGTF chair
Grid Security
Vulnerability Group
OperationalSecurity
Coordination Team
Operations
EGEE Security Coordination Group, June 8-9, 2006 4
Enabling Grids for E-sciencE
EGEE-II INFSO-RI-031688
Members of SCG
Ake Edlund Security Head EGEE, Chair SCG
Dave Kelsey Chair Joint Security Policy Group (JSPG) Security Head EGEE deputy
Olle Mulmo Chair Middleware Security Group (MWSG)
David Groep Chair EUGridPMA liaison (EUGridPMA)
Linda Cornwall Chair Grid Vulnerability Security Group (GSVG)
Ian Neilson Chair Security Operations Coordination Team (OSCT)
EGEE Security Coordination Group, June 8-9, 2006 5
Enabling Grids for E-sciencE
EGEE-II INFSO-RI-031688
MWSG
The MiddleWare Security Group• Main Objective
– Co-ordinate the evolving and deployed security architectures with other grid initiatives and standardization efforts
• Chairs – Ake Edlund (EGEE) – Bob Cowles (Open Science Grid) OSG
• Members– Core security representatives from EGEE, OSG, Fermilab (USA)
and Stanford Linear Accelerator (USA)– Representatives from the Applications/Development Clusters in
EGEE– Representatives from DILIGENT, SEEGRID and GRIDCC,
DEISA, NAREGI, UINICORE
EGEE Security Coordination Group, June 8-9, 2006 6
Enabling Grids for E-sciencE
EGEE-II INFSO-RI-031688
MWSG output so far
• Middleware security issues and release plans in EGEE– Security Architecture – gLite (EGEE software) Security Module work and release
planning
• Main forum for integration of security into other gLite Middleware
• EGEE and OSG interoperability• EGEE/OSG/Naregi Meeting• Interoperability work in GGF
EGEE Security Coordination Group, June 8-9, 2006 7
Enabling Grids for E-sciencE
EGEE-II INFSO-RI-031688
Ongoing and future work
• OSG, EGEE collaboration– GSI (Grid Security Infrastructure) /SSL Authentication– Authorization Attributes– Delegation– Proxy renewal– Authorization Policy statements– What is needed for auditing– What is needed for Accounting
• Service Specification– All service interfaces should have written specifications
Internal to service – documented with service Internal to project – documented with project Grid interoperation - GGF
EGEE Security Coordination Group, June 8-9, 2006 8
Enabling Grids for E-sciencE
EGEE-II INFSO-RI-031688
MWSG meetings so far
• MWSG1, May 5-6 ‘04, Gap Analysis - “MWSG kick-off”• MWSG2, June 16-17 ‘04, gLite Release Plan• MWSG3, Aug 25 ‘04, Security Architecture v1.0• MWSG4, Oct 15 ‘04, gLite development focus• MWSG5, Feb 23-24 ‘05, Workplan update• MWSG at 3rd EGEE, EGEE/OSG/Naregi meeting • MWSG6, Sept 14-15 ‘05, OSG and EGEE formalizing the collaboration on security• MWSG at 4th EGEE, April ‘05• MWSG7, Dec 14-15 ‘05, New members, UNICORE presentation, Shib in EGEE• MWSG8, March 7-8 ‘06, GSVG, glexec on WN, VO naming, TONIC• MWSG9 at SLAC, June 5-6 ‘06, 1st OSG held MWSG meeting
Meetings are a mix of presentations, updates of current status,
technical discussions aiming at solving security issues and to
produce decisions regarding the evolving security architecture.
All presentations available from http://agenda.cern.ch/displayLevel.php?fid=199
EGEE Security Coordination Group, June 8-9, 2006 9
Enabling Grids for E-sciencE
EGEE-II INFSO-RI-031688
Joint Security Policy Group
The Joint Security Policy Group• Creates/maintains security policy and procedures
– For use in EGEE, Large Hadron Collider Grid (LCG) and elsewhere
• Strong participation by USA Open Science Grid• Growing participation by other EU Grid projects
– DEISA, Diligent, SEE-Grid, …– BalticGrid, EELA, EUMedGrid, EUChinaGrid
• Aim for short, simple, interoperable policy documents• Membership includes
– Site Security Officers– Site/Resource Managers/Security Contact– Security middleware experts/developer– Deployment experts– Application representatives/VO managers
EGEE Security Coordination Group, June 8-9, 2006 10
Enabling Grids for E-sciencE
EGEE-II INFSO-RI-031688
EGEE/LCG Policy
Security & Availability Policy
GridAcceptableUse Policy
Certification Authorities
AuditRequirements
Incident Response
User Registration & VO Management
Application Development& Network Admin Guide
picture from Ian Neilson
VO
Acceptable
Use Policy
EGEE Security Coordination Group, June 8-9, 2006 11
Enabling Grids for E-sciencE
EGEE-II INFSO-RI-031688
JSPG Meetings, Web etc
• Meetings - Agenda, presentations, minutes etc
http://agenda.cern.ch/displayLevel.php?fid=68• JSPG Web site
http://proj-lcg-security.web.cern.ch/• Policy documents at
http://cern.ch/proj-lcg-security/documents.html
• All policy documents are currently being revised– To make simpler, more general and interoperable
EGEE Security Coordination Group, June 8-9, 2006 13
Enabling Grids for E-sciencE
EGEE-II INFSO-RI-031688
Current SCG activity- In parallel with the overall SCG work, the SCG is to coordinate a new security auditing activity This
activity will monitor both operations and middleware for security issues and report periodically on status and progress of the issues identified
- The security audit will coordinate with the work done by the Grid Security Vulnerability Group- In addtion to the ongoing collaborations (see table below) we have industrial partners installing
gLite internally, applying internal security audits reporting back to EGEE. E.g. CNAF (French Space Agency).
- Current status: agreed plan due end on June; ongoing discussions with partners
Activity Partner
Security audits, tools, policy documents review
BARC - India
Ethical hacking audits PriceWaterhouseCoopers - Switzerland
Additional input on middleware security, policy and organization
Non-EGEE members in the joint security groups (MWSG, JSPG - mainly OSG input)
Security Service Challenges testing the ability to operationally respond to incidents
EGEE: Pal Anderssen (SA1) is coordinating the Security Service Challenges
EGEE Security Coordination Group, June 8-9, 2006 14
Enabling Grids for E-sciencE
EGEE-II INFSO-RI-031688
Links and events
SCG related links– SCG web page: http://zope.pdc.kth.se/scg– SCG and MWSG meetings:
http://agenda.cern.ch/displayLevel.php?fid=891– JSPG: http://proj-lcg-security.web.cern.ch– EGEE web page:http://www.eu-egee.org– gLite web page: http://glite.web.cern.ch/glite
SCG related events in June 2006– 9th MWSG meeting, June 5-6, SLAC, USA– EGEE Workshop on Management of Rights in Production Grids at
HPDC-15, June 19, Paris, France– SCG meeting on Security Auditing coordination, June