open science grid & its security technical group
DESCRIPTION
Open Science Grid & its Security Technical Group. ESCC22 Jul 2004 Bob Cowles [email protected]. Open Science Grid. - PowerPoint PPT PresentationTRANSCRIPT
![Page 2: Open Science Grid & its Security Technical Group](https://reader036.vdocument.in/reader036/viewer/2022081506/56814930550346895db66fd5/html5/thumbnails/2.jpg)
22 Jul 2004 ESCC - OSG & SecWG 2
Open Science Grid
Open Science Grid is a consortium (not a project) in the US for ensuring our Grid efforts, including and in particular the LHC ones, come together towards a coherent and sustained Grid infrastructure that will Include the US contribution to LCG be Open from the start to other experiments and other
sciences Work and interoperates with the Grid infrastructure
provided through EGEE Evolve Grid3 to Open Science Grid for Production
Inclusive Partnerships with Computer Science, Information Technology, Other Sciences, Grid Projects etc…
![Page 3: Open Science Grid & its Security Technical Group](https://reader036.vdocument.in/reader036/viewer/2022081506/56814930550346895db66fd5/html5/thumbnails/3.jpg)
22 Jul 2004 ESCC - OSG & SecWG 3
Towards a coherent sustained production Grid infrastructure
A 5-10 year roadmap to match life-cycle of Particle Physics Experiments committed to Grids for Data Analysis.
Start from the needs of our experiments today End-to-end approach delivering to requirements and
schedule of participating application communities. A framework for a coherent system approach through joint
projects across the members. Cooperation across DOE & NSF, Universities and
Laboratories, Projects, Middleware and Technology Groups, Experiments and Application Communities, Education and Workforce Development
![Page 4: Open Science Grid & its Security Technical Group](https://reader036.vdocument.in/reader036/viewer/2022081506/56814930550346895db66fd5/html5/thumbnails/4.jpg)
22 Jul 2004 ESCC - OSG & SecWG 4
EGEE- OSG Partnership
L. Bauerdick, L.Robertson
![Page 5: Open Science Grid & its Security Technical Group](https://reader036.vdocument.in/reader036/viewer/2022081506/56814930550346895db66fd5/html5/thumbnails/5.jpg)
22 Jul 2004 ESCC - OSG & SecWG 5
BaBar, Run II SAMGrid, US Testbeds, Grid3, …an evolution
Babar data distribution with GridFTP & SRB
CDF and D0 >1.5 Petabytes in mass storage at Fermilab. SAMGrid data grid developed for distributed data simulation data analysis over >25sites.
LIGO DataGrid for a coherent and uniform LIGO data analysis environment
Joint US-LHC, LIGO, SDSS and Computer Science Laboratory Grid3. In use for US ATLAS DC2. US CMS gained
50% in overall throughput for 17Million event simulations. SDSS southern “coadd of objects” in progress. ANL GADU biology users. Computer science application demonstrators.
D0 files transferred
![Page 6: Open Science Grid & its Security Technical Group](https://reader036.vdocument.in/reader036/viewer/2022081506/56814930550346895db66fd5/html5/thumbnails/6.jpg)
22 Jul 2004 ESCC - OSG & SecWG 6
Enterprise
Consortium Architecture
Technical Groups
0…n (small)
Consortium Board(1)
ResearchGrid Projects
VO Org
Researchers
Sites
Service Providers
Campus, Labs
activity1activity
1activity1activity
0…N (large)
Joint committees(0…N small)
Participants provide:resources, management,
project steering groups
OSG Process Framework
![Page 7: Open Science Grid & its Security Technical Group](https://reader036.vdocument.in/reader036/viewer/2022081506/56814930550346895db66fd5/html5/thumbnails/7.jpg)
22 Jul 2004 ESCC - OSG & SecWG 7
Open Science Grid-0
First Iteration of Production Infrastructure. Goal to Launch in Feb ‘05. Aligned with PPDG Laboratory Grid milestone Will evolve from Grid3. Blueprint giving guiding Principles and
Technology Roadmap feeding into OSG-0 plans. Most significant evolution from Grid3 is addition
of Storage Services - Persistent at DOE Laboratories - Durable & Transient in many places- to common infrastructure.
![Page 8: Open Science Grid & its Security Technical Group](https://reader036.vdocument.in/reader036/viewer/2022081506/56814930550346895db66fd5/html5/thumbnails/8.jpg)
22 Jul 2004 ESCC - OSG & SecWG 8
Security Technical Group
Started from an Evolution of PPDG SiteAA group Reports to the OSG Collaboration Board - a
broad mail list [email protected] Sponsoring Incident Response Activity Extended membership with participants from
Universities, TeraGrid and Earth System Grid:Bob Cowles (SLAC), Dane Skow (Fermilab),
Mike Helm (ESNET), Doug Pearson (Indiana, iVDGL/iGOC), Von Welch (NCSA), Remy Evard (ANL), Tom Throwe (BNL), Doug Olson (LBNL), Veronika Nefedova (ESG)
![Page 9: Open Science Grid & its Security Technical Group](https://reader036.vdocument.in/reader036/viewer/2022081506/56814930550346895db66fd5/html5/thumbnails/9.jpg)
22 Jul 2004 ESCC - OSG & SecWG 9
Security Technical Group-Mission
The Security Technical group is responsible for coordinating the OSG activities that relate to security policy, practices and services. These include: Negotiation of common security principles and expectations for
security across the Consortium. Development and oversight of common requirements and
architecture for security management across the Consortium.◦ Identification of necessary projects and work needed for a
coherent, complete Security infrastructure on the common grid. Interoperability of Security infrastructure across different
administrative domains, initially OSG and EGEE through the LCG Joint Security Group.
Publish information about security Scope explicitly includes cooperation with the
EGEE/LCG peer groups.
![Page 10: Open Science Grid & its Security Technical Group](https://reader036.vdocument.in/reader036/viewer/2022081506/56814930550346895db66fd5/html5/thumbnails/10.jpg)
22 Jul 2004 ESCC - OSG & SecWG 10
Issues on the Table to Date
“Top ten” list ++ How to organize ourselves
acting as both Joint Security Group + JRA3 + MWSG
how to have an impact first priorities
How to collaborate effectively with Joint Security Group JRA3
![Page 11: Open Science Grid & its Security Technical Group](https://reader036.vdocument.in/reader036/viewer/2022081506/56814930550346895db66fd5/html5/thumbnails/11.jpg)
22 Jul 2004 ESCC - OSG & SecWG 11
General tasks
Security deliverables Authorization One time password cross-site implementation
Coordination across PPDG Projects, Experiments, Sites with other grid projects, e.g. EGEE, ?
Operational Policies Guides and Procedures for Sites including incident
response and contact lists
![Page 12: Open Science Grid & its Security Technical Group](https://reader036.vdocument.in/reader036/viewer/2022081506/56814930550346895db66fd5/html5/thumbnails/12.jpg)
22 Jul 2004 ESCC - OSG & SecWG 12
Coordination
Developer’s Guide Installation & Configuration Guide
![Page 13: Open Science Grid & its Security Technical Group](https://reader036.vdocument.in/reader036/viewer/2022081506/56814930550346895db66fd5/html5/thumbnails/13.jpg)
22 Jul 2004 ESCC - OSG & SecWG 13
Operational Policies
Cross-site federated authentication Incident warning
Credential compromise Machine / service compromise Cross-grid reporting and warning
Incident Response Action or information clearinghouse? Higher-level reporting responsibilities?
![Page 14: Open Science Grid & its Security Technical Group](https://reader036.vdocument.in/reader036/viewer/2022081506/56814930550346895db66fd5/html5/thumbnails/14.jpg)
22 Jul 2004 ESCC - OSG & SecWG 14
Deliverables
Authorization SAzP (Simple AuthZ Protocol) definition and document guide
for application development Cross-site OTP
Generalize to federated authentication? OTP Kerberos X.509 certificates
Policies & procedures for sites to follow Actual implementation