david groep nikhef amsterdam pdp & grid some comments on “problem description for...
TRANSCRIPT
David GroepNikhefAmsterdamPDP & Grid
Some Comments on“Problem description for non-proliferation issues in Grids”
Joint Security Policy Group7 December 2009
Following from an EGI Council Input Document
David GroepNikhefAmsterdamPDP & Grid
IPM and the CMS collaborationLCG-CatchAll eventFounding a national CAIGTF Distribution Release v1.22On Those Who Must Not Be NamedDifferentiating Authentication &
Authorization ◦ ... again (June 2009)
History
David GroepNikhefAmsterdamPDP & Grid
New document (27 Nov 2009)Problem description for non-proliferation issues in Grids
W. Juling (KIT and DFN), K. Schauerhammer (DFN), M. Spiro (CNRS and IN2P3), K. Ullmann (DFN), D. Vandromme (Renater)
Sent to EGI Council
Describing the Issue
David GroepNikhefAmsterdamPDP & Grid
I. Local distribution (i.e. in one legal organisation for example in a university),
II. National distribution (i.e. in several legal organisations but all these organisations in one national legal area (i.e. country) or
III. International distribution (same as national but the machines are distributed over several national legal areas (i.e. countries).
Scenarios consideredfrom the document
David GroepNikhefAmsterdamPDP & Grid
1. What does in legal terms define a VO in scenario II and III? What is the liability of a VO?
2. What is the minimum necessary for the formulation of a common (to that Grid) legal framework for the contractual relation between a VO and the consortium of resource providers covering UN Security Council resolutions for scenario II (national Grid)?
3. What is the minimum necessary for the formulation of a common (to that Grid) legal framework for the contractual relation between a VO and the consortium of resource providers covering UN embargo decisions for scenario III (international Grid)?
4. What is the liability of a “responsible person” as defined in II and III?
Problems identified in II and III
from the document
David GroepNikhefAmsterdamPDP & Grid
A possible track for an implementation of these ideas could be the following model:
a) An individual charter of good conduct1 signed by the user (as a person) and its employer: this would allow the employer to take measures in case of misconduct of the user of the GRID. Often such issues may be covered already in the employment contracts.
b) A charter of good conduct between a VO and its users
c) A MoU signed by each VO and the resource providers / resource provider consortium where the VO manager through national VO representatives commits to monitor the use of resources for the application the VO is responsible of, and where the resource providers commit for the site non vulnerability and security.
Finally the NGI could monitor the functioning of this machinery in each country.
Possible implementationfrom the document
David GroepNikhefAmsterdamPDP & Grid
Responsibilities Arisingfrom the document
David GroepNikhefAmsterdamPDP & Grid
AuthN and AuthZ got their proper place!Responsibilities roughly resemble current
policyGood inventory of issues, likely supported by
CouncilWe can’t suppress the issue anymore, it
seemsProposed “MoU” for the VOs
◦ Potential to be extremely heavy and scare user communities away
◦ Do all VOs have ‘national VO representatives’?◦ Compulsory monitoring by VO managers?◦ Proposed ‘commitment’ by sites unachievable◦ NGI gets a role, but can it take this responsibility?
High potential for ‘back-pollution’ NGIs and Sites
Special role for NPT in Statutes is rather ‘weird’
The Good and the Improvable
David GroepNikhefAmsterdamPDP & Grid
Anticipate responsibility scheme?Disseminate JSPG policy set?Encourage a realistic approach to VO
responsibilities? Introduce ‘home grid’ for VOs to ease VO
registration?
Come up with a more generic statement regarding permitted use of EGI ◦ Keeping in mind differences between National Legal
Areas◦ Scoping it to EGI and cross-national VOs◦ Make the Statutes clause less ‘obviously targeted’
Continue to be vigilant: is banning ‘dual use codes’ next?
What to do?