1 / 10

UK contributions to EDG Security

UK contributions to EDG Security. Linda Cornwall, GridPP Middleware Meeting 24 th February 2003. Introduction. Security is important – without security the grid will fail. Yet Security is not a separate WP in EDG

orpah
Download Presentation

UK contributions to EDG Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. UK contributions to EDG Security Linda Cornwall, GridPP Middleware Meeting 24th February 2003

  2. Introduction • Security is important – without security the grid will fail. • Yet Security is not a separate WP in EDG • Security is not entirely about middleware – but is closely tied to middleware and middleware deployment. • Security is about policy, deployment, operations. • As well as depending on the middleware tools to carry these out.

  3. UK’s main Contributions • DataGrid Security Co-ordination Group – Lead by David Kelsey (RAL) • Certificate Authorities Working Group – Lead by David Kelsey (RAL) • UK CA at the CLRC e-science centre. • BaBar VO (Virtual Organization) • Security Middleware development by Andrew McNab (Manchester) • Security Analysis by Gavin Lowe and Philippa Broadfoot (Oxford)

  4. EDG Security Coordination Group (SCG) • Started in January 2002 (1 year into the DataGrid project) • Mandate:- • To Produce the EU deliverables of WP7 on Security. • To help co-ordinate, where necessary, the various Security activities taking place in WP’s 1 to 5 and WP7. • To liase with WP6 CA and Authorization groups, national Grid Projects and Globus • To contribute to the various versions of the Architecture of the EU DataGrid via input to ATF.

  5. SCG Deliverable Documents • D7.5 (EDG Security Requirements and Testbed 1 Security Implementation) edited and largely written by RAL (Linda Cornwall) Contributions from various WP’s, major contributions from the Oxford team. • D7.6 (EDG Security Design) – currently in preparation, major contributions from UK people (Manchester, RAL, Oxford.) • D7.7 (Security Report on the final project release) (due end of 2003).

  6. Certificate Authorities (CA’s) • The CA WG has defined the minimum requirements and best practise for CA’s • Approx 20 edg CA’s • (Easy downloading of CA rpm’s to set up acceptance of various CA’s certificates, tools for keeping CRL’s up to date.) • Building intercontinental and inter-project trust – e.g. Crossgrid • Interoperability with Kerberos CA’s. In particular Fermilab

  7. Security Deployment • VOMS (Virtual Organization Management Service) will not be deployed until April • (VOMS signs a user’s proxy to confirm membership and roles within a Virtual Organisation.) • Many of the WP’s are only now integrating Security into their middleware • Difficult to feed into GridPP due to deployment being close to the end of GridPP.

  8. Security and GridPP2 Middleware • Re-Engineering Middleware to move towards Service/Industrial quality. (FP6) • Re-engineering security middleware for interoperability between different systems. • Improving Security integration with GridPP developed middleware. • Integrating security that is being developed • Integrating Security that has been re-engineered. • Possibly Making Security OGSA compliant. • E.g. R-GMA at RAL.

  9. Security Middleware Analysis • 2 aspects • Is the design secure? • Is the implementation secure? • It is possible to carry out a formal analysis of Security Design, there are experts in this at Oxford. • So far, have not been able to complete this – as the design has not been defined precisely enough to fully carry out this analysis.

  10. Future Security Involvement • GridPP2 needs to be involved in Security to ensure • Middleware is secure • Middleware is adequate to satisfy requirements • Our policies are defined correctly • Sites have confidence in our Security • We feed into other major projects - EGEE, LCG • We contribute at an international/intercontinental level to the definition of standards. E.g. GGF. • Focus will move towards Procedures and Deployment • David Kelsey has been asked to lead the Security Group for LCG grid deployment policy.

More Related