1 / 9

Activities this trimester

Activities this trimester. 0.5 revision of Operational Security Plan Independently (from GPO) developing a clearinghouse concept Merging terminology and ideas with Aaron’s very similar formulation of a CH Drafting initial clearinghouse policy/plans/agreement. Operation Security Plan.

leonard-alvarado
Download Presentation

Activities this trimester

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Activities this trimester • 0.5 revision of Operational Security Plan • Independently (from GPO) developing a clearinghouse concept • Merging terminology and ideas with Aaron’s very similar formulation of a CH • Drafting initial clearinghouse policy/plans/agreement INSERT PROJECT REVIEW DATE

  2. Operation Security Plan • The goals (for inter-aggregate issues) • (1) recommend structure of an incident response team, • (2) set forth the basic processes for incident response, • (3) recommend actions to mitigate perceived risks. • Document is a bit ahead of its time • Needs funds to implement & governance to direct its execution • Prioritization of threat mitigations in the final section is relevant now, though. • Could guide funding of future projects & feedback is desired INSERT PROJECT REVIEW DATE

  3. Clearinghouse agreement or policy? • Less of an agreement between parties, more of a policy or directive for how CH will be operated • Depends heavily uponconcept of clearinghouse and federation as proposed here by GPO • Just as the CH is a trusted root, this document meant to be root for other policies or agreements • So Aggregate Provider Agreement is between AAs and clearinghouse (similarly for IdP agreements) • This creates a bridge between AAs, IdPs and users when there is a common set of policies and agreements associated with a common CH INSERT PROJECT REVIEW DATE

  4. Clearinghouse policy format • Definition of clearinghouse • Terms a little out of date with Aaron’s • Description of federation actors and needed agreements • Both existing and needed future agreements • Definition of services provided by CH and QoS • Policies for clearinghouse ops. INSERT PROJECT REVIEW DATE

  5. Needed GENI agreements/policies/plans • ✔Aggregate Provider Agreement • Needs terminology update, but pretty much done. • ✗Identity Provider Agreements • Will need with InCommon, PL, Emulab, etc • ✗Slice Registry Agreements • Might be rolled into IdPagreements? • ✗Project Leader Agreement • ✗Federation Charter • describe the governance structure of GENI and references all the federation agreements/policies INSERT PROJECT REVIEW DATE

  6. Needed GENI agreements/policies/plans • ✗Acceptable Use Policy • Base off of RUP, include opt-in user treatment • ✓Legal, Law Enforcement & Regulatory Plan • Needs a little updating of terminology • Clearinghouse Policy • Several questions still to answer, some must wait till implementation details emerge • Incident Response Plan • Next evolution of the operational security plan. • Loosely based off Open Science Grid • ✗ Certificate Authority Operational Policy • For any service issuing credentials INSERT PROJECT REVIEW DATE

  7. Clearinghouse services • Project registration/creation • Principal registration and revocation • Slice creation, registration & revocation • Resource discovery • Federation resource policy verification • E.g., does a grad student have more resources than some set limit? • Remember, aggregates still make the decision to grant resource requests, but some may only take requests proxied through the clearinghouse which verifies policy INSERT PROJECT REVIEW DATE

  8. Clearinghouse policies covered • Governance, from where does clearinghouse receive its directives and mission • Responsibilities CH has to GENI community • Conflict Resolution Process • E.g., an aggregate or other actor complains that an another aggregate has violated the agreement • Privacy policy for all info collected by CH • User attributes collected from IdPs • Data collected from aggregates • Need to know what allocations were actually granted • Certificate Authority policies INSERT PROJECT REVIEW DATE

  9. CH Policy feedback needed • What resource allocation policies might we have • Determines which attributes must be collected • If a slice was created elsewhere and registered at the clearinghouse, who can determine who has been given rights to act on a slice • Will the architecture allow us to determine anything other than the slice owner and project leader? • Do the definitions of 3 project sizes make sense? • What about the turnaround time for creating projects? • Do we need a committee to vet large projects? • And just general feedback please INSERT PROJECT REVIEW DATE

More Related