open science grid & its security technical group escc22 jul 2004 bob cowles...
TRANSCRIPT
22 Jul 2004 ESCC - OSG & SecWG 2
Open Science Grid
Open Science Grid is a consortium (not a project) in the US for ensuring our Grid efforts, including and in particular the LHC ones, come together towards a coherent and sustained Grid infrastructure that will Include the US contribution to LCG be Open from the start to other experiments and other
sciences Work and interoperates with the Grid infrastructure
provided through EGEE Evolve Grid3 to Open Science Grid for Production
Inclusive Partnerships with Computer Science, Information Technology, Other Sciences, Grid Projects etc…
22 Jul 2004 ESCC - OSG & SecWG 3
Towards a coherent sustained production Grid infrastructure
A 5-10 year roadmap to match life-cycle of Particle Physics Experiments committed to Grids for Data Analysis.
Start from the needs of our experiments today End-to-end approach delivering to requirements and
schedule of participating application communities. A framework for a coherent system approach through joint
projects across the members. Cooperation across DOE & NSF, Universities and
Laboratories, Projects, Middleware and Technology Groups, Experiments and Application Communities, Education and Workforce Development
22 Jul 2004 ESCC - OSG & SecWG 4
EGEE- OSG Partnership
L. Bauerdick, L.Robertson
22 Jul 2004 ESCC - OSG & SecWG 5
BaBar, Run II SAMGrid, US Testbeds, Grid3, …an evolution
Babar data distribution with GridFTP & SRB
CDF and D0 >1.5 Petabytes in mass storage at Fermilab. SAMGrid data grid developed for distributed data simulation data analysis over >25sites.
LIGO DataGrid for a coherent and uniform LIGO data analysis environment
Joint US-LHC, LIGO, SDSS and Computer Science Laboratory Grid3. In use for US ATLAS DC2. US CMS gained
50% in overall throughput for 17Million event simulations. SDSS southern “coadd of objects” in progress. ANL GADU biology users. Computer science application demonstrators.
D0 files transferred
22 Jul 2004 ESCC - OSG & SecWG 6
Enterprise
Consortium Architecture
Technical Groups
0…n (small)
Consortium Board(1)
ResearchGrid Projects
VO Org
Researchers
Sites
Service Providers
Campus, Labs
activity1activity
1activity1activity
0…N (large)
Joint committees(0…N small)
Participants provide:resources, management,
project steering groups
OSG Process Framework
22 Jul 2004 ESCC - OSG & SecWG 7
Open Science Grid-0
First Iteration of Production Infrastructure. Goal to Launch in Feb ‘05. Aligned with PPDG Laboratory Grid milestone Will evolve from Grid3. Blueprint giving guiding Principles and
Technology Roadmap feeding into OSG-0 plans. Most significant evolution from Grid3 is addition
of Storage Services - Persistent at DOE Laboratories - Durable & Transient in many places- to common infrastructure.
22 Jul 2004 ESCC - OSG & SecWG 8
Security Technical Group
Started from an Evolution of PPDG SiteAA group Reports to the OSG Collaboration Board - a
broad mail list [email protected] Sponsoring Incident Response Activity Extended membership with participants from
Universities, TeraGrid and Earth System Grid:Bob Cowles (SLAC), Dane Skow (Fermilab),
Mike Helm (ESNET), Doug Pearson (Indiana, iVDGL/iGOC), Von Welch (NCSA), Remy Evard (ANL), Tom Throwe (BNL), Doug Olson (LBNL), Veronika Nefedova (ESG)
22 Jul 2004 ESCC - OSG & SecWG 9
Security Technical Group-Mission
The Security Technical group is responsible for coordinating the OSG activities that relate to security policy, practices and services. These include: Negotiation of common security principles and expectations for
security across the Consortium. Development and oversight of common requirements and
architecture for security management across the Consortium.◦ Identification of necessary projects and work needed for a
coherent, complete Security infrastructure on the common grid. Interoperability of Security infrastructure across different
administrative domains, initially OSG and EGEE through the LCG Joint Security Group.
Publish information about security Scope explicitly includes cooperation with the
EGEE/LCG peer groups.
22 Jul 2004 ESCC - OSG & SecWG 10
Issues on the Table to Date
“Top ten” list ++ How to organize ourselves
acting as both Joint Security Group + JRA3 + MWSG
how to have an impact first priorities
How to collaborate effectively with Joint Security Group JRA3
22 Jul 2004 ESCC - OSG & SecWG 11
General tasks
Security deliverables Authorization One time password cross-site implementation
Coordination across PPDG Projects, Experiments, Sites with other grid projects, e.g. EGEE, ?
Operational Policies Guides and Procedures for Sites including incident
response and contact lists
22 Jul 2004 ESCC - OSG & SecWG 12
Coordination
Developer’s Guide Installation & Configuration Guide
22 Jul 2004 ESCC - OSG & SecWG 13
Operational Policies
Cross-site federated authentication Incident warning
Credential compromise Machine / service compromise Cross-grid reporting and warning
Incident Response Action or information clearinghouse? Higher-level reporting responsibilities?
22 Jul 2004 ESCC - OSG & SecWG 14
Deliverables
Authorization SAzP (Simple AuthZ Protocol) definition and document guide
for application development Cross-site OTP
Generalize to federated authentication? OTP Kerberos X.509 certificates
Policies & procedures for sites to follow Actual implementation