This is a static archive of the previous Open Grid Forum GridForge content management system saved from host forge.ogf.org file /sf/wiki/do/viewPage/projects.ipg/wiki/SecurityPolicy at Thu, 03 Nov 2022 15:23:27 GMT SourceForge : View Wiki Page: SecurityPolicy

Project Home

Tracker

Documents

Tasks

Source Code

Discussions

File Releases

Wiki

Project Admin
Search Wiki Pages Project: IPG     Wiki > SecurityPolicy > View Wiki Page
wiki2170: SecurityPolicy

Security Policy

Authentication

SubjectDEISATeraGridEGEEOSGNaregiWestGrid Comments
X.509 PKI YYYY?Y
Use IGTF accredited CAsYNYY?YTeraGrid defines its own list of CAs (some are IGTF accredited)
CA removal policyN/AN/AYY?N OSG (will) have policy for CA removal.
Currently EGEE expects all resource providers to deploy all approved IGTF CAs. Any exceptions must be reported to the Grid Security Officer
WestGrid has not needed it yet
Support for other authentication methodsYYYY?YEGEE/OSG accept Shibboleth-based CAs from IGTF.
TeraGrid supports password-based authentication and is part of the InCommon Federation for Shibboleth authentication for their User Portal.
DEISA supports password based AuthN.
WestGrid - password based

Authorisation

SubjectDEISATeraGridEGEEOSGNaregiWestGrid Comments
Use VOMSNNYY?YEGEE/OSG also working on VO registration and VO membership management policies
WestGrid supports VOMS only on systems that are part of the LCG.
Map X.509 DN to local database (e.g. LDAP)YYYY?YDEISA have additional user attributes in their LDAP database
Where is user registration SiteSiteVOVO?CC“Project PI” has similar role to “VO Manager”
Compute Canada (CC) central portal; security credentials created on WG portal

Accounting

SubjectDEISATeraGridEGEEOSGNaregiWestGrid Comments
Standards-based accountingYYYY?YAccounting essential everywhere
Sharing accounting data between GridsNN?YY?NOSG and EGEE sharing accounting data for WLCG VOs
WestGrid except there are a few exceptions: LCG gets data from our systems, but that is our grid. WestGrid shares account data with Compute Canada (CC); but that is not a "grid"
Accounting data privacy policyY at Site levelY at Site levelDraftY?YJSPG working on Accounting Data policy - http://www.jspg.org/wiki/Grid_Policy_on_the_Handling_of_User-Level_Job_Accounting_Data
WestGrid's privacy policy is not well documented.

Auditing

SubjectDEISATeraGridEGEEOSGNaregiWestGrid Comments
Common auditing policyNNNN?N
Shared common security incident response YYY?YOSG/EGEE share a common Incident Response policy.
OSG/TG coordinate incident response via cross-subscriptions on email lists.
Policy on Traceability and Logging Y ?N
 




The Open Grid Forum Contact Webmaster | Report a problem | GridForge Help
This is a static archive of the previous Open Grid Forum GridForge content management system saved from host forge.ogf.org file /sf/wiki/do/viewPage/projects.ipg/wiki/SecurityPolicy at Thu, 03 Nov 2022 15:23:30 GMT