Open Science Grid& its Security

Technical GroupESCC 22 Jul 2004

Bob Cowlesbob.cowles@slac.stanford.edu

22 Jul 2004 ESCC - OSG & SecWG 2

Open Science Grid

Open Science Grid is a consortium (not a project) in the US for ensuring our Grid efforts, including and in particular the LHC ones, come together towards a coherent and sustained Grid infrastructure that will Include the US contribution to LCG be Open from the start to other experiments and other

sciences Work and interoperates with the Grid infrastructure

provided through EGEE Evolve Grid3 to Open Science Grid for Production

Inclusive Partnerships with Computer Science, Information Technology, Other Sciences, Grid Projects etc…

22 Jul 2004 ESCC - OSG & SecWG 3

Towards a coherent sustained production Grid infrastructure

A 5-10 year roadmap to match life-cycle of Particle Physics Experiments committed to Grids for Data Analysis.

Start from the needs of our experiments today End-to-end approach delivering to requirements and

schedule of participating application communities. A framework for a coherent system approach through joint

projects across the members. Cooperation across DOE & NSF, Universities and

Laboratories, Projects, Middleware and Technology Groups, Experiments and Application Communities, Education and Workforce Development

22 Jul 2004 ESCC - OSG & SecWG 4

EGEE- OSG Partnership

L. Bauerdick, L.Robertson

22 Jul 2004 ESCC - OSG & SecWG 5

BaBar, Run II SAMGrid, US Testbeds, Grid3, …an evolution

Babar data distribution with GridFTP & SRB

CDF and D0 >1.5 Petabytes in mass storage at Fermilab. SAMGrid data grid developed for distributed data simulation data analysis over >25sites.

LIGO DataGrid for a coherent and uniform LIGO data analysis environment

Joint US-LHC, LIGO, SDSS and Computer Science Laboratory Grid3. In use for US ATLAS DC2. US CMS gained

50% in overall throughput for 17Million event simulations. SDSS southern “coadd of objects” in progress. ANL GADU biology users. Computer science application demonstrators.

D0 files transferred

22 Jul 2004 ESCC - OSG & SecWG 6

Enterprise

Consortium Architecture

Technical Groups

0…n (small)

Consortium Board(1)

ResearchGrid Projects

VO Org

Researchers

Sites

Service Providers

Campus, Labs

activity1activity

1activity1activity

0…N (large)

Joint committees(0…N small)

Participants provide:resources, management,

project steering groups

OSG Process Framework

22 Jul 2004 ESCC - OSG & SecWG 7

Open Science Grid-0

First Iteration of Production Infrastructure. Goal to Launch in Feb ‘05. Aligned with PPDG Laboratory Grid milestone Will evolve from Grid3. Blueprint giving guiding Principles and

Technology Roadmap feeding into OSG-0 plans. Most significant evolution from Grid3 is addition

of Storage Services - Persistent at DOE Laboratories - Durable & Transient in many places- to common infrastructure.

22 Jul 2004 ESCC - OSG & SecWG 8

Security Technical Group

Started from an Evolution of PPDG SiteAA group Reports to the OSG Collaboration Board - a

broad mail list osg@opensciencegrid.org Sponsoring Incident Response Activity Extended membership with participants from

Universities, TeraGrid and Earth System Grid:Bob Cowles (SLAC), Dane Skow (Fermilab),

Mike Helm (ESNET), Doug Pearson (Indiana, iVDGL/iGOC), Von Welch (NCSA), Remy Evard (ANL), Tom Throwe (BNL), Doug Olson (LBNL), Veronika Nefedova (ESG)

22 Jul 2004 ESCC - OSG & SecWG 9

Security Technical Group-Mission

The Security Technical group is responsible for coordinating the OSG activities that relate to security policy, practices and services. These include: Negotiation of common security principles and expectations for

security across the Consortium. Development and oversight of common requirements and

architecture for security management across the Consortium.◦ Identification of necessary projects and work needed for a

coherent, complete Security infrastructure on the common grid. Interoperability of Security infrastructure across different

administrative domains, initially OSG and EGEE through the LCG Joint Security Group.

Publish information about security Scope explicitly includes cooperation with the

EGEE/LCG peer groups.

22 Jul 2004 ESCC - OSG & SecWG 10

Issues on the Table to Date

“Top ten” list ++ How to organize ourselves

acting as both Joint Security Group + JRA3 + MWSG

how to have an impact first priorities

How to collaborate effectively with Joint Security Group JRA3

22 Jul 2004 ESCC - OSG & SecWG 11

General tasks

Security deliverables Authorization One time password cross-site implementation

Coordination across PPDG Projects, Experiments, Sites with other grid projects, e.g. EGEE, ?

Operational Policies Guides and Procedures for Sites including incident

response and contact lists

22 Jul 2004 ESCC - OSG & SecWG 12

Coordination

Developer’s Guide Installation & Configuration Guide

22 Jul 2004 ESCC - OSG & SecWG 13

Operational Policies

Cross-site federated authentication Incident warning

Credential compromise Machine / service compromise Cross-grid reporting and warning

Incident Response Action or information clearinghouse? Higher-level reporting responsibilities?

22 Jul 2004 ESCC - OSG & SecWG 14

Deliverables

Authorization SAzP (Simple AuthZ Protocol) definition and document guide

for application development Cross-site OTP

Generalize to federated authentication? OTP Kerberos X.509 certificates

Policies & procedures for sites to follow Actual implementation