Home : Site Map : Contact Us : Management : Wiki : Intranet

Security policies

The grid security policies are prepared and maintained by the Joint Security Policy Group (JSPG) (http://cern.ch/proj-lcg-security), approved by management and thereby endorsed and adopted by the Grid as a whole.

Please note: It was agreed by the Grid Deployment Board (GDB) at a meeting on 13th January, 2004 that all LCG Policy documents remain valid until such time as they are updated.

The following are links to the most uptodate LCG/EGEE Joint Security Policy Group policies.

The core set:

• Grid Acceptable Use Policy (Policy Status: Released)
This is a one page policy file for ALL grid users. Users must accept and agree to abide by Acceptable User Policy (AUP) before they can use the services and resources provided by the grid. All grid users should read this policy file. The APPROVED version of this document is available at https://edms.cern.ch/document/428036


• Virtual Organisation Security Policy (Policy Status: Released)
This policy defines a set of responsibilities placed on the members of the VO and the VO as a whole through its managers. It aims to ensure that all Grid participants have sufficient information to properly fulfil their roles with respect to interactions with a Virtual Organisation (VO). You should read this policy if you want to register a new VO, or you are VO management and/or you are ordinary VO members. The APPROVED version of this policy is available at https://edms.cern.ch/file/573348/LAST_RELEASED/VO_Security_Policy.pdf .



Sub-policy set:

• Approval of Certification Authorities (Policy Status: Released)
This policy descibes the procedure by which the list of trusted Certification Authorities for use in LCG, EGEE and OSG should be created and maintained. The APPROVED version of this document is available at https://edms.cern.ch/document/428038


• Audit Requirements Policy (Policy Status: Released)
This policy specifies the minimal requirement of audit data retention at a Grid resource provider in order to map Grid Service Requests to the executables and identities that initiate them. The APPROVED version of this document is available at https://edms.cern.ch/file/428037/LAST_RELEASED/LCG_Audit_Requirements.pdf

The most recent in working version of this document is available at https://edms.cern.ch/document/428037

• Grid Security Incident Response Policy (Policy Status: Released)
  This policy adopts the Grid Security Incident Handling and Response Guide developed by the Open Science Grid Consortium (OSG). Grid site security contacts, security officers and site administrators should read this policy and fully aware of security incidient handling procedure specified in this document. It is expected that this policy document will be supplemented by project-, site- or ROC-specified incident handling procedure(s). For example, the EGEE Operational Security Coordination Team (OSCT) has recently released EGEE Incident Response Procedure, which is based on this policy.
  
  
• Site Registration Policy & Procedure(Policy Status: Released)
  This policy specifies the site registration procedure (how to join the Grid) and what information a candidate site must provide when participating the Grid. The APPROVED version of this document is available at https://edms.cern.ch/document/503198
• User Registration and VO Membership Management Policy (Policy Status: Released)
  This policy specifies the requirements and procedures for user registration and Virtual Organization (VO) management. VO managers and administrators need to read this policy. The APPROVED version of this document is available at https://edms.cern.ch/document/428034
  
  
• Virtual Organisation Operations Policy (Policy Status: In Work)
  This is a one page policy specifying requirements and responsibilities of a Virtual Organization (VO). A VO must agree the conditions specified in this policy before it can join the Grid. The most recent version of this document is available at https://edms.cern.ch/document/853968
  
• Policy on Grid Multi-User Pilot Jobs (Policy Status: In Work)
  This policy specifies the responsibilities of a VO and the member of the VO who is able to submits pilot jobs, and the conditions that a pilot job must meet. It is required that each of authorised pilot job owners should sign this policy. The most recent version of this document is available at https://edms.cern.ch/document/855383/
  
  

More information about JSPG:

    JSPG Meetings: http://indico.cern.ch/categoryDisplay.py?categId=68
    JSPG Website: http://proj-lcg-security.web.cern.ch

Other Security-related documentations

---

Last modified Fri 19 October 2007

---

Switch to HTTPS . Website Help . Print View . Built with GridSite 1.4.3