Open science grid its security technical group
This presentation is the property of its rightful owner.
Sponsored Links
1 / 14

Open Science Grid & its Security Technical Group PowerPoint PPT Presentation


  • 106 Views
  • Uploaded on
  • Presentation posted in: General

Open Science Grid & its Security Technical Group. ESCC22 Jul 2004 Bob Cowles [email protected] Open Science Grid.

Download Presentation

Open Science Grid & its Security Technical Group

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Open science grid its security technical group

Open Science Grid& its Security Technical Group

ESCC22 Jul 2004

Bob Cowles

[email protected]


Open science grid

Open Science Grid

  • Open Science Grid is a consortium (not a project) in the US for ensuring our Grid efforts, including and in particular the LHC ones, come together towards a coherent and sustained Grid infrastructure that will

    • Include the US contribution to LCG

    • be Open from the start to other experiments and other sciences

    • Work and interoperates with the Grid infrastructure provided through EGEE

    • Evolve Grid3 to Open Science Grid for Production

  • Inclusive Partnerships with Computer Science, Information Technology, Other Sciences, Grid Projects etc…

ESCC - OSG & SecWG


Towards a coherent sustained production grid infrastructure

Towards a coherent sustained production Grid infrastructure

  • A 5-10 year roadmap to match life-cycle of Particle Physics Experiments committed to Grids for Data Analysis.

  • Start from the needs of our experiments today

  • End-to-end approach delivering to requirements and schedule of participating application communities.

  • A framework for a coherent system approach through joint projects across the members.

  • Cooperation across DOE & NSF, Universities and Laboratories, Projects, Middleware and Technology Groups, Experiments and Application Communities, Education and Workforce Development

ESCC - OSG & SecWG


Egee osg partnership

EGEE- OSG Partnership

L. Bauerdick, L.Robertson

ESCC - OSG & SecWG


Babar run ii samgrid us testbeds grid3 an evolution

BaBar, Run II SAMGrid, US Testbeds, Grid3, …an evolution

  • Babar data distribution with GridFTP & SRB

  • CDF and D0 >1.5 Petabytes in mass storage at Fermilab. SAMGrid data grid developed for distributed data simulation data analysis over >25sites.

  • LIGO DataGrid for a coherent and uniform LIGO data analysis environment

  • Joint US-LHC, LIGO, SDSS and Computer Science Laboratory Grid3.

    • In use for US ATLAS DC2. US CMS gained 50% in overall throughput for 17Million event simulations. SDSS southern “coadd of objects” in progress. ANL GADU biology users. Computer science application demonstrators.

D0 files transferred

ESCC - OSG & SecWG


Consortium architecture

Consortium Architecture

Campus, Labs

Technical

Groups

0…n (small)

Service

Providers

Consortium Board

(1)

Sites

Researchers

VO Org

Joint committees

(0…N small)

activity

1

Research

Grid Projects

activity

1

activity

1

activity

0…N (large)

Enterprise

Participants provide:

resources, management,

project steering groups

OSG Process Framework

ESCC - OSG & SecWG


Open science grid 0

Open Science Grid-0

  • First Iteration of Production Infrastructure.

  • Goal to Launch in Feb ‘05.

  • Aligned with PPDG Laboratory Grid milestone

  • Will evolve from Grid3.

  • Blueprint giving guiding Principles and Technology Roadmap feeding into OSG-0 plans.

  • Most significant evolution from Grid3 is addition of Storage Services - Persistent at DOE Laboratories - Durable & Transient in many places- to common infrastructure.

ESCC - OSG & SecWG


Security technical group

Security Technical Group

  • Started from an Evolution of PPDG SiteAA group

  • Reports to the OSG Collaboration Board - a broad mail list [email protected]

  • Sponsoring Incident Response Activity

  • Extended membership with participants from Universities, TeraGrid and Earth System Grid:

    Bob Cowles (SLAC), Dane Skow (Fermilab),

    Mike Helm (ESNET), Doug Pearson (Indiana,

    iVDGL/iGOC), Von Welch (NCSA),

    Remy Evard (ANL), Tom Throwe (BNL),

    Doug Olson (LBNL), Veronika Nefedova (ESG)

ESCC - OSG & SecWG


Security technical group mission

Security Technical Group-Mission

  • The Security Technical group is responsible for coordinating the OSG activities that relate to security policy, practices and services. These include:

    • Negotiation of common security principles and expectations for security across the Consortium.

    • Development and oversight of common requirements and architecture for security management across the Consortium.◦

    • Identification of necessary projects and work needed for a coherent, complete Security infrastructure on the common grid.

    • Interoperability of Security infrastructure across different administrative domains, initially OSG and EGEE through the LCG Joint Security Group.

    • Publish information about security

  • Scope explicitly includes cooperation with the EGEE/LCG peer groups.

ESCC - OSG & SecWG


Issues on the table to date

Issues on the Table to Date

  • “Top ten” list ++

  • How to organize ourselves

    • acting as both Joint Security Group + JRA3 + MWSG

    • how to have an impact

    • first priorities

  • How to collaborate effectively with

    • Joint Security Group

    • JRA3

ESCC - OSG & SecWG


General tasks

General tasks

  • Security deliverables

    • Authorization

    • One time password cross-site implementation

  • Coordination

    • across PPDG Projects, Experiments, Sites

    • with other grid projects, e.g. EGEE, ?

  • Operational Policies

    • Guides and Procedures for Sites including incident response and contact lists

ESCC - OSG & SecWG


Coordination

Coordination

  • Developer’s Guide

  • Installation & Configuration Guide

ESCC - OSG & SecWG


Operational policies

Operational Policies

  • Cross-site federated authentication

  • Incident warning

    • Credential compromise

    • Machine / service compromise

    • Cross-grid reporting and warning

  • Incident Response

    • Action or information clearinghouse?

    • Higher-level reporting responsibilities?

ESCC - OSG & SecWG


Deliverables

Deliverables

  • Authorization

    • SAzP (Simple AuthZ Protocol) definition and document guide for application development

  • Cross-site OTP

    • Generalize to federated authentication?

      • OTP

      • Kerberos

      • X.509 certificates

    • Policies & procedures for sites to follow

    • Actual implementation

ESCC - OSG & SecWG


  • Login