Uk contributions to edg security
1 / 10

UK contributions to EDG Security - PowerPoint PPT Presentation

  • Uploaded on

UK contributions to EDG Security. Linda Cornwall, GridPP Middleware Meeting 24 th February 2003. Introduction. Security is important – without security the grid will fail. Yet Security is not a separate WP in EDG

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' UK contributions to EDG Security ' - orpah

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Uk contributions to edg security

UK contributions to EDG Security

Linda Cornwall, GridPP Middleware Meeting

24th February 2003


  • Security is important – without security the grid will fail.

  • Yet Security is not a separate WP in EDG

  • Security is not entirely about middleware – but is closely tied to middleware and middleware deployment.

  • Security is about policy, deployment, operations.

  • As well as depending on the middleware tools to carry these out.

Uk s main contributions
UK’s main Contributions

  • DataGrid Security Co-ordination Group – Lead by David Kelsey (RAL)

  • Certificate Authorities Working Group – Lead by David Kelsey (RAL)

  • UK CA at the CLRC e-science centre.

  • BaBar VO (Virtual Organization)

  • Security Middleware development by Andrew McNab (Manchester)

  • Security Analysis by Gavin Lowe and Philippa Broadfoot (Oxford)

Edg security coordination group scg
EDG Security Coordination Group (SCG)

  • Started in January 2002 (1 year into the DataGrid project)

  • Mandate:-

    • To Produce the EU deliverables of WP7 on Security.

    • To help co-ordinate, where necessary, the various Security activities taking place in WP’s 1 to 5 and WP7.

    • To liase with WP6 CA and Authorization groups, national Grid Projects and Globus

    • To contribute to the various versions of the Architecture of the EU DataGrid via input to ATF.

Scg deliverable documents
SCG Deliverable Documents

  • D7.5 (EDG Security Requirements and Testbed 1 Security Implementation) edited and largely written by RAL (Linda Cornwall) Contributions from various WP’s, major contributions from the Oxford team.

  • D7.6 (EDG Security Design) – currently in preparation, major contributions from UK people (Manchester, RAL, Oxford.)

  • D7.7 (Security Report on the final project release) (due end of 2003).

Certificate authorities ca s
Certificate Authorities (CA’s)

  • The CA WG has defined the minimum requirements and best practise for CA’s

  • Approx 20 edg CA’s

  • (Easy downloading of CA rpm’s to set up acceptance of various CA’s certificates, tools for keeping CRL’s up to date.)

  • Building intercontinental and inter-project trust – e.g. Crossgrid

  • Interoperability with Kerberos CA’s. In particular Fermilab

Security deployment
Security Deployment

  • VOMS (Virtual Organization Management Service) will not be deployed until April

    • (VOMS signs a user’s proxy to confirm membership and roles within a Virtual Organisation.)

  • Many of the WP’s are only now integrating Security into their middleware

  • Difficult to feed into GridPP due to deployment being close to the end of GridPP.

Security and gridpp2 middleware
Security and GridPP2 Middleware

  • Re-Engineering Middleware to move towards Service/Industrial quality. (FP6)

  • Re-engineering security middleware for interoperability between different systems.

  • Improving Security integration with GridPP developed middleware.

    • Integrating security that is being developed

    • Integrating Security that has been re-engineered.

    • Possibly Making Security OGSA compliant.

    • E.g. R-GMA at RAL.

Security middleware analysis
Security Middleware Analysis

  • 2 aspects

    • Is the design secure?

    • Is the implementation secure?

  • It is possible to carry out a formal analysis of Security Design, there are experts in this at Oxford.

  • So far, have not been able to complete this – as the design has not been defined precisely enough to fully carry out this analysis.

Future security involvement
Future Security Involvement

  • GridPP2 needs to be involved in Security to ensure

    • Middleware is secure

    • Middleware is adequate to satisfy requirements

    • Our policies are defined correctly

    • Sites have confidence in our Security

    • We feed into other major projects - EGEE, LCG

    • We contribute at an international/intercontinental level to the definition of standards. E.g. GGF.

  • Focus will move towards Procedures and Deployment

  • David Kelsey has been asked to lead the Security Group for LCG grid deployment policy.