Download
1 / 5
50 likes | 70 Views
This update discusses the progress made in WP6 Security, including agreeing on CP/CPS standards and configuration via WP6 distribution/installation. It also covers instructions for users, open issues, and authorization for Testbed1.
E N D
DataGrid WP6 Security4 July 2001 David KelseyCLRC/RAL, UKd.p.kelsey@rl.ac.uk D.P.Kelsey, EDG WP6 Security
CA sub-group • WP6 CA group meeting 5th June (CERN) • Progress is good • Work on agreeing each others CP/CPS • Agreed list of minimum standards for a CA • For current list of CA’s see WP6 web • Discussions under way with Russia • Configuration via WP6 distribution/installation • Aim to phase out use of Globus certs before Testbed1 • Next meeting – end August/NIKHEF – continue work on agreeing CP/CPS D.P.Kelsey, EDG WP6 Security
Instructions for Users • Request a certificate from their own national CA • Request to WP8-10 for a GRID “account” • Stating resources/sites required • Application must be approved by WP8-10 • Cannot support unlimited users at M9 • WP8-10 forwards to WP6 (Sophie Nicoud) • WP6 will arrange for the appropriate accounts to be created • Sites should agree with WP6 what forms are required D.P.Kelsey, EDG WP6 Security
Open issues • What if no national CA? • User needs to find a CA that will issue certs • CERN for CERN users? (ask CERN) • Who can issue host certificates? • ESA (via CNRS?) • USA (investigating for Globus) • What about GriPhyN, PPDG? • Operational issues • Audit, log, track incidents, report problems D.P.Kelsey, EDG WP6 Security
Authorisation for Testbed1 • WP Executive has proposed formation of an Authorisation Group • Roberto Cecchini/INFN as leader • Solutions for Testbed1 • LDAP directory of Users/Groups and tool to fill grid mapfile (Francesco Giacomini) • Patch to Globus code to support dynamic user accounts in mapfile (Andrew McNab) • See Security session 1 yesterday afternoon D.P.Kelsey, EDG WP6 Security
