activities this trimester
DESCRIPTION
Activities this trimester. 0.5 revision of Operational Security Plan Independently (from GPO) developing a clearinghouse concept Merging terminology and ideas with Aaron’s very similar formulation of a CH Drafting initial clearinghouse policy/plans/agreement. Operation Security Plan. - PowerPoint PPT PresentationTRANSCRIPT
Sponsored by the National Science Foundation 1INSERT PROJECT REVIEW DATE
Activities this trimester
• 0.5 revision of Operational Security Plan• Independently (from GPO) developing a
clearinghouse concept• Merging terminology and ideas with Aaron’s very
similar formulation of a CH• Drafting initial clearinghouse
policy/plans/agreement
Sponsored by the National Science Foundation 2INSERT PROJECT REVIEW DATE
Operation Security Plan
• The goals (for inter-aggregate issues)– (1) recommend structure of an incident response team, – (2) set forth the basic processes for incident response, – (3) recommend actions to mitigate perceived risks.
• Document is a bit ahead of its time– Needs funds to implement & governance to direct its
execution
• Prioritization of threat mitigations in the final section is relevant now, though.– Could guide funding of future projects & feedback is
desired
Sponsored by the National Science Foundation 3INSERT PROJECT REVIEW DATE
Clearinghouse agreement or policy?
• Less of an agreement between parties, more of a policy or directive for how CH will be operated
• Depends heavily upon concept of clearinghouse and federation as proposed here by GPO
• Just as the CH is a trusted root, this document meant to be root for other policies or agreements– So Aggregate Provider Agreement is between AAs and
clearinghouse (similarly for IdP agreements)– This creates a bridge between AAs, IdPs and users
when there is a common set of policies and agreements associated with a common CH
Sponsored by the National Science Foundation 4INSERT PROJECT REVIEW DATE
Clearinghouse policy format
• Definition of clearinghouse– Terms a little out of date with Aaron’s
• Description of federation actors and needed agreements– Both existing and needed future agreements
• Definition of services provided by CH and QoS• Policies for clearinghouse ops.
Sponsored by the National Science Foundation 5INSERT PROJECT REVIEW DATE
Needed GENI agreements/policies/plans
• ✔Aggregate Provider Agreement– Needs terminology update, but pretty much done.
• ✗ Identity Provider Agreements– Will need with InCommon, PL, Emulab, etc
• ✗ Slice Registry Agreements– Might be rolled into IdP agreements?
• ✗ Project Leader Agreement• ✗ Federation Charter
– describe the governance structure of GENI and references all the federation agreements/policies
Sponsored by the National Science Foundation 6INSERT PROJECT REVIEW DATE
Needed GENI agreements/policies/plans
• ✗ Acceptable Use Policy– Base off of RUP, include opt-in user treatment
• ✓ Legal, Law Enforcement & Regulatory Plan– Needs a little updating of terminology
• Clearinghouse Policy– Several questions still to answer, some must wait till
implementation details emerge
• Incident Response Plan– Next evolution of the operational security plan.– Loosely based off Open Science Grid
• ✗ Certificate Authority Operational Policy– For any service issuing credentials
Sponsored by the National Science Foundation 7INSERT PROJECT REVIEW DATE
Clearinghouse services
• Project registration/creation• Principal registration and revocation• Slice creation, registration & revocation• Resource discovery• Federation resource policy verification
– E.g., does a grad student have more resources than some set limit?
– Remember, aggregates still make the decision to grant resource requests, but some may only take requests proxied through the clearinghouse which verifies policy
Sponsored by the National Science Foundation 8INSERT PROJECT REVIEW DATE
Clearinghouse policies covered
• Governance, from where does clearinghouse receive its directives and mission
• Responsibilities CH has to GENI community• Conflict Resolution Process
– E.g., an aggregate or other actor complains that an another aggregate has violated the agreement
• Privacy policy for all info collected by CH• User attributes collected from IdPs• Data collected from aggregates
– Need to know what allocations were actually granted
• Certificate Authority policies
Sponsored by the National Science Foundation 9INSERT PROJECT REVIEW DATE
CH Policy feedback needed
• What resource allocation policies might we have– Determines which attributes must be collected
• If a slice was created elsewhere and registered at the clearinghouse, who can determine who has been given rights to act on a slice– Will the architecture allow us to determine anything
other than the slice owner and project leader?
• Do the definitions of 3 project sizes make sense?– What about the turnaround time for creating projects?– Do we need a committee to vet large projects?
• And just general feedback please