Open Science Grid & its Security Technical Group

1. Open Science Grid& its Security Technical Group ESCC 22 Jul 2004 Bob Cowles bob.cowles@slac.stanford.edu

2. Open Science Grid • Open Science Grid is a consortium (not a project) in the US for ensuring our Grid efforts, including and in particular the LHC ones, come together towards a coherent and sustained Grid infrastructure that will • Include the US contribution to LCG • be Open from the start to other experiments and other sciences • Work and interoperates with the Grid infrastructure provided through EGEE • Evolve Grid3 to Open Science Grid for Production • Inclusive Partnerships with Computer Science, Information Technology, Other Sciences, Grid Projects etc… ESCC - OSG & SecWG

3. Towards a coherent sustained production Grid infrastructure • A 5-10 year roadmap to match life-cycle of Particle Physics Experiments committed to Grids for Data Analysis. • Start from the needs of our experiments today • End-to-end approach delivering to requirements and schedule of participating application communities. • A framework for a coherent system approach through joint projects across the members. • Cooperation across DOE & NSF, Universities and Laboratories, Projects, Middleware and Technology Groups, Experiments and Application Communities, Education and Workforce Development ESCC - OSG & SecWG

4. EGEE- OSG Partnership L. Bauerdick, L.Robertson ESCC - OSG & SecWG

5. BaBar, Run II SAMGrid, US Testbeds, Grid3, …an evolution • Babar data distribution with GridFTP & SRB • CDF and D0 >1.5 Petabytes in mass storage at Fermilab. SAMGrid data grid developed for distributed data simulation data analysis over >25sites. • LIGO DataGrid for a coherent and uniform LIGO data analysis environment • Joint US-LHC, LIGO, SDSS and Computer Science Laboratory Grid3. • In use for US ATLAS DC2. US CMS gained 50% in overall throughput for 17Million event simulations. SDSS southern “coadd of objects” in progress. ANL GADU biology users. Computer science application demonstrators. D0 files transferred ESCC - OSG & SecWG

6. Consortium Architecture Campus, Labs Technical Groups 0…n (small) Service Providers Consortium Board (1) Sites Researchers VO Org Joint committees (0…N small) activity 1 Research Grid Projects activity 1 activity 1 activity 0…N (large) Enterprise Participants provide: resources, management, project steering groups OSG Process Framework ESCC - OSG & SecWG

7. Open Science Grid-0 • First Iteration of Production Infrastructure. • Goal to Launch in Feb ‘05. • Aligned with PPDG Laboratory Grid milestone • Will evolve from Grid3. • Blueprint giving guiding Principles and Technology Roadmap feeding into OSG-0 plans. • Most significant evolution from Grid3 is addition of Storage Services - Persistent at DOE Laboratories - Durable & Transient in many places- to common infrastructure. ESCC - OSG & SecWG

8. Security Technical Group • Started from an Evolution of PPDG SiteAA group • Reports to the OSG Collaboration Board - a broad mail list osg@opensciencegrid.org • Sponsoring Incident Response Activity • Extended membership with participants from Universities, TeraGrid and Earth System Grid: Bob Cowles (SLAC), Dane Skow (Fermilab), Mike Helm (ESNET), Doug Pearson (Indiana, iVDGL/iGOC), Von Welch (NCSA), Remy Evard (ANL), Tom Throwe (BNL), Doug Olson (LBNL), Veronika Nefedova (ESG) ESCC - OSG & SecWG

9. Security Technical Group-Mission • The Security Technical group is responsible for coordinating the OSG activities that relate to security policy, practices and services. These include: • Negotiation of common security principles and expectations for security across the Consortium. • Development and oversight of common requirements and architecture for security management across the Consortium.◦ • Identification of necessary projects and work needed for a coherent, complete Security infrastructure on the common grid. • Interoperability of Security infrastructure across different administrative domains, initially OSG and EGEE through the LCG Joint Security Group. • Publish information about security • Scope explicitly includes cooperation with the EGEE/LCG peer groups. ESCC - OSG & SecWG

10. Issues on the Table to Date • “Top ten” list ++ • How to organize ourselves • acting as both Joint Security Group + JRA3 + MWSG • how to have an impact • first priorities • How to collaborate effectively with • Joint Security Group • JRA3 ESCC - OSG & SecWG

11. General tasks • Security deliverables • Authorization • One time password cross-site implementation • Coordination • across PPDG Projects, Experiments, Sites • with other grid projects, e.g. EGEE, ? • Operational Policies • Guides and Procedures for Sites including incident response and contact lists ESCC - OSG & SecWG

12. Coordination • Developer’s Guide • Installation & Configuration Guide ESCC - OSG & SecWG

13. Operational Policies • Cross-site federated authentication • Incident warning • Credential compromise • Machine / service compromise • Cross-grid reporting and warning • Incident Response • Action or information clearinghouse? • Higher-level reporting responsibilities? ESCC - OSG & SecWG

14. Deliverables • Authorization • SAzP (Simple AuthZ Protocol) definition and document guide for application development • Cross-site OTP • Generalize to federated authentication? • OTP • Kerberos • X.509 certificates • Policies & procedures for sites to follow • Actual implementation ESCC - OSG & SecWG