Uk contributions to edg security
This presentation is the property of its rightful owner.
Sponsored Links
1 / 10

UK contributions to EDG Security PowerPoint PPT Presentation


  • 89 Views
  • Uploaded on
  • Presentation posted in: General

UK contributions to EDG Security. Linda Cornwall, GridPP Middleware Meeting 24 th February 2003. Introduction. Security is important – without security the grid will fail. Yet Security is not a separate WP in EDG

Download Presentation

UK contributions to EDG Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Uk contributions to edg security

UK contributions to EDG Security

Linda Cornwall, GridPP Middleware Meeting

24th February 2003


Introduction

Introduction

  • Security is important – without security the grid will fail.

  • Yet Security is not a separate WP in EDG

  • Security is not entirely about middleware – but is closely tied to middleware and middleware deployment.

  • Security is about policy, deployment, operations.

  • As well as depending on the middleware tools to carry these out.


Uk s main contributions

UK’s main Contributions

  • DataGrid Security Co-ordination Group – Lead by David Kelsey (RAL)

  • Certificate Authorities Working Group – Lead by David Kelsey (RAL)

  • UK CA at the CLRC e-science centre.

  • BaBar VO (Virtual Organization)

  • Security Middleware development by Andrew McNab (Manchester)

  • Security Analysis by Gavin Lowe and Philippa Broadfoot (Oxford)


Edg security coordination group scg

EDG Security Coordination Group (SCG)

  • Started in January 2002 (1 year into the DataGrid project)

  • Mandate:-

    • To Produce the EU deliverables of WP7 on Security.

    • To help co-ordinate, where necessary, the various Security activities taking place in WP’s 1 to 5 and WP7.

    • To liase with WP6 CA and Authorization groups, national Grid Projects and Globus

    • To contribute to the various versions of the Architecture of the EU DataGrid via input to ATF.


Scg deliverable documents

SCG Deliverable Documents

  • D7.5 (EDG Security Requirements and Testbed 1 Security Implementation) edited and largely written by RAL (Linda Cornwall) Contributions from various WP’s, major contributions from the Oxford team.

  • D7.6 (EDG Security Design) – currently in preparation, major contributions from UK people (Manchester, RAL, Oxford.)

  • D7.7 (Security Report on the final project release) (due end of 2003).


Certificate authorities ca s

Certificate Authorities (CA’s)

  • The CA WG has defined the minimum requirements and best practise for CA’s

  • Approx 20 edg CA’s

  • (Easy downloading of CA rpm’s to set up acceptance of various CA’s certificates, tools for keeping CRL’s up to date.)

  • Building intercontinental and inter-project trust – e.g. Crossgrid

  • Interoperability with Kerberos CA’s. In particular Fermilab


Security deployment

Security Deployment

  • VOMS (Virtual Organization Management Service) will not be deployed until April

    • (VOMS signs a user’s proxy to confirm membership and roles within a Virtual Organisation.)

  • Many of the WP’s are only now integrating Security into their middleware

  • Difficult to feed into GridPP due to deployment being close to the end of GridPP.


Security and gridpp2 middleware

Security and GridPP2 Middleware

  • Re-Engineering Middleware to move towards Service/Industrial quality. (FP6)

  • Re-engineering security middleware for interoperability between different systems.

  • Improving Security integration with GridPP developed middleware.

    • Integrating security that is being developed

    • Integrating Security that has been re-engineered.

    • Possibly Making Security OGSA compliant.

    • E.g. R-GMA at RAL.


Security middleware analysis

Security Middleware Analysis

  • 2 aspects

    • Is the design secure?

    • Is the implementation secure?

  • It is possible to carry out a formal analysis of Security Design, there are experts in this at Oxford.

  • So far, have not been able to complete this – as the design has not been defined precisely enough to fully carry out this analysis.


Future security involvement

Future Security Involvement

  • GridPP2 needs to be involved in Security to ensure

    • Middleware is secure

    • Middleware is adequate to satisfy requirements

    • Our policies are defined correctly

    • Sites have confidence in our Security

    • We feed into other major projects - EGEE, LCG

    • We contribute at an international/intercontinental level to the definition of standards. E.g. GGF.

  • Focus will move towards Procedures and Deployment

  • David Kelsey has been asked to lead the Security Group for LCG grid deployment policy.


  • Login