1 / 14

Open Science Grid & its Security Technical Group

Open Science Grid & its Security Technical Group. ESCC 22 Jul 2004 Bob Cowles bob.cowles@slac.stanford.edu. Open Science Grid.

karl
Download Presentation

Open Science Grid & its Security Technical Group

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Open Science Grid& its Security Technical Group ESCC 22 Jul 2004 Bob Cowles bob.cowles@slac.stanford.edu

  2. Open Science Grid • Open Science Grid is a consortium (not a project) in the US for ensuring our Grid efforts, including and in particular the LHC ones, come together towards a coherent and sustained Grid infrastructure that will • Include the US contribution to LCG • be Open from the start to other experiments and other sciences • Work and interoperates with the Grid infrastructure provided through EGEE • Evolve Grid3 to Open Science Grid for Production • Inclusive Partnerships with Computer Science, Information Technology, Other Sciences, Grid Projects etc… ESCC - OSG & SecWG

  3. Towards a coherent sustained production Grid infrastructure • A 5-10 year roadmap to match life-cycle of Particle Physics Experiments committed to Grids for Data Analysis. • Start from the needs of our experiments today • End-to-end approach delivering to requirements and schedule of participating application communities. • A framework for a coherent system approach through joint projects across the members. • Cooperation across DOE & NSF, Universities and Laboratories, Projects, Middleware and Technology Groups, Experiments and Application Communities, Education and Workforce Development ESCC - OSG & SecWG

  4. EGEE- OSG Partnership L. Bauerdick, L.Robertson ESCC - OSG & SecWG

  5. BaBar, Run II SAMGrid, US Testbeds, Grid3, …an evolution • Babar data distribution with GridFTP & SRB • CDF and D0 >1.5 Petabytes in mass storage at Fermilab. SAMGrid data grid developed for distributed data simulation data analysis over >25sites. • LIGO DataGrid for a coherent and uniform LIGO data analysis environment • Joint US-LHC, LIGO, SDSS and Computer Science Laboratory Grid3. • In use for US ATLAS DC2. US CMS gained 50% in overall throughput for 17Million event simulations. SDSS southern “coadd of objects” in progress. ANL GADU biology users. Computer science application demonstrators. D0 files transferred ESCC - OSG & SecWG

  6. Consortium Architecture Campus, Labs Technical Groups 0…n (small) Service Providers Consortium Board (1) Sites Researchers VO Org Joint committees (0…N small) activity 1 Research Grid Projects activity 1 activity 1 activity 0…N (large) Enterprise Participants provide: resources, management, project steering groups OSG Process Framework ESCC - OSG & SecWG

  7. Open Science Grid-0 • First Iteration of Production Infrastructure. • Goal to Launch in Feb ‘05. • Aligned with PPDG Laboratory Grid milestone • Will evolve from Grid3. • Blueprint giving guiding Principles and Technology Roadmap feeding into OSG-0 plans. • Most significant evolution from Grid3 is addition of Storage Services - Persistent at DOE Laboratories - Durable & Transient in many places- to common infrastructure. ESCC - OSG & SecWG

  8. Security Technical Group • Started from an Evolution of PPDG SiteAA group • Reports to the OSG Collaboration Board - a broad mail list osg@opensciencegrid.org • Sponsoring Incident Response Activity • Extended membership with participants from Universities, TeraGrid and Earth System Grid: Bob Cowles (SLAC), Dane Skow (Fermilab), Mike Helm (ESNET), Doug Pearson (Indiana, iVDGL/iGOC), Von Welch (NCSA), Remy Evard (ANL), Tom Throwe (BNL), Doug Olson (LBNL), Veronika Nefedova (ESG) ESCC - OSG & SecWG

  9. Security Technical Group-Mission • The Security Technical group is responsible for coordinating the OSG activities that relate to security policy, practices and services. These include: • Negotiation of common security principles and expectations for security across the Consortium. • Development and oversight of common requirements and architecture for security management across the Consortium.◦ • Identification of necessary projects and work needed for a coherent, complete Security infrastructure on the common grid. • Interoperability of Security infrastructure across different administrative domains, initially OSG and EGEE through the LCG Joint Security Group. • Publish information about security • Scope explicitly includes cooperation with the EGEE/LCG peer groups. ESCC - OSG & SecWG

  10. Issues on the Table to Date • “Top ten” list ++ • How to organize ourselves • acting as both Joint Security Group + JRA3 + MWSG • how to have an impact • first priorities • How to collaborate effectively with • Joint Security Group • JRA3 ESCC - OSG & SecWG

  11. General tasks • Security deliverables • Authorization • One time password cross-site implementation • Coordination • across PPDG Projects, Experiments, Sites • with other grid projects, e.g. EGEE, ? • Operational Policies • Guides and Procedures for Sites including incident response and contact lists ESCC - OSG & SecWG

  12. Coordination • Developer’s Guide • Installation & Configuration Guide ESCC - OSG & SecWG

  13. Operational Policies • Cross-site federated authentication • Incident warning • Credential compromise • Machine / service compromise • Cross-grid reporting and warning • Incident Response • Action or information clearinghouse? • Higher-level reporting responsibilities? ESCC - OSG & SecWG

  14. Deliverables • Authorization • SAzP (Simple AuthZ Protocol) definition and document guide for application development • Cross-site OTP • Generalize to federated authentication? • OTP • Kerberos • X.509 certificates • Policies & procedures for sites to follow • Actual implementation ESCC - OSG & SecWG

More Related