Security Updates
Tue 8 Sep 2009
Over the summer the UK has been preparing for the imminent switch on of the LHC. Of course the grid is no longer for the sole use of crunching numbers for the LHC and new, and existing communities, have concerns about security and grid usage in general. So while the sites have been working on the ground to keep the grid running as smoothly as possible the Joint Security Policy Group (JSPG) have rewritten and released 5 documents to make the policies governing use as clear as possible.
JSPG is the body which advises both the multi-disciplinary grid Enabling Grids for EsciencE (EGEE) and the worldwide LHC Computing Grid (wLCG) on matters relating to security and occasionally usage. The changing nature of the grid and the communities using it means the team has to constantly refresh all of their guidelines to keep them relevant.
For two of these documents this is the first revision in a few years. The Virtual Organisation Membership Management Policy is a re-examination of a document which was written during the first phase of EGEE. This document re-defines exactly what is required of VO managers and VOs regarding looking after their users and their adherence to the acceptable use policy. This has become a much bigger issue with the growth in grid use.
The Virtual Organisation Registration Security Policy is slightly more wide ranging. An update of the original from 2004, this document outlines what security issues need to be addressed when creating a new VO and what responsibilities managers and users of new VOs have. As more and more researchers join the grid these guidelines need to be as unambiguous as possible to prevent any mistakes or problems further down the line.
With a global infrastructure, especially one as well policed as the grid, there will be incidents where users are suspected of stepping outside the boundaries. These incidents have to be dealt with both swiftly and intelligently. The latest Security Incident Response Policy has history going back as far as 2003 when it was simply an agreement on incident response. These newest guidelines make it easy for all parties to understand the process that will be undertaken once a problem is found.
Another issue facing an infrastructure with such a disparate types of users is the user interfaces or portals that they use to interact with the grid. There needs to be an agreement on what a portal can expect from the grid but also what the grid expects from a portal. The VO Portal Policy is a relatively new document which was first sketched out in late 2008, now the JSPG have written a definitive guide which should make it easier for new users and communities joining the grid.
The final document is the Grid Policy on the Handling of User-Level Job Accounting Data. It is the latest version of a relatively new document from 2007. Accounting of a job's activity is very important in both helping users and monitoring but also diagnosing possible problems. The framework laid out in the document helps users and providers know how to handle this data to meet the requirements of data protection laws.
As the grid moves towards a sustainable infrastructure with the European Grid Initiative (EGI) inter-project groups such as the JSPG will become more important. This will guarantee that all users are treated fairly and openly.
The five documents can be found:
Virtual Organisation Membership Management Policy -
https://edms.cern.ch/document/428034
Virtual Organisation Registration Security Policy -
https://edms.cern.ch/document/573348
Security Incident Response Policy -
https://edms.cern.ch/document/428035
VO Portal Policy - https://edms.cern.ch/document/972973
Grid Policy on the Handling of User-Level Job Accounting Data -
https://edms.cern.ch/document/855382
© Copyright GridPP
If you wish to reproduce this piece please credit GridPP and contact Neasan O'Neill to say you are using it