OSG Security Policies and Procedures

About this document

This document centralizes security policies important within the OSG and related organizations.

OSG Security Policies

OSG security policies should address topics of importance to OSG stakeholders. The policies should be succinct and few.

OSG security policies are developed by the OSG security team, when appropriate in conjunction with Joint Security Policy Group (JSPG) (see below). The security team develops implementation and assessment procedures concurrently with the policies. Draft policies are approved by the OSG Executive Board and then officially endorsed by the OSG Council according to the OSG Statement on Agreements and Policies.

See PoliciesProceduresInProgress? for a list of security policies and procedures under development.

Approved Security Policies

The following policies are approved and in effect in OSG:

  • Grid Acceptable Use: OSG Doc 86
    • Status: v2.0 approved by OSG EB on Feb-9-2006 and endorsed by OSG Council.
    • JSPG Doc v3.1 approved by WLCG MB on 28-Nov-2005.
    • Note: The OSG and JSPG policies are identical.
  • Service Agreement: OSG Doc 87
    • Status: v1.0.4 approved by OSG EB Mar-15-2005 and endorsed by the OSG Council.
  • Privacy: OSG Doc 741
    • Status: v3.8 approved by OSG Executive Director on Dec-16-2008.
  • Certificate Authorities: OSG Doc 752
    • Status: v1.0 approved by OSG Facilities Aug-09-2007. v2.2 approved by OSG Executive Director on Dec-16-2008.
    • JSPG Doc v2.5 approved by WLCG and EGEE. v2.8 approved by WLCG MB and EGEE TMB Aug 2008.
    • Note: v1.0 of the OSG policy adds operational details to the JSPG policy.
  • DOEGrids Certificate Policy and Certification Practice Statement
    • Status: Approved by the EUGridPMA and managed by the DOE Grids PMA.
    • Note: This policy applies to the OSG Registration Authority, its Agents, and OSG members in the role of Subscribers and Relying Parties.
  • Site/VO Removal
    • Status: Approved by OSG Executive Director on Jul-15-2009.
  • LongLivedCerts? - Statement on proxies with long lifetimes.

Security Procedures

OSG has the following documented security procedures:

References and Related Information

JSPG

OSG participates in the Joint Security Policy Group (JSPG), which aims to generate common security policies across WLCG, EGI and other grids such as OSG. The JSPG policies are often defined at a higher level and state common requirements across grids. A JSPG policy is designed to be accompanied by a grid-specific document where the grid defines its own specifics to a JSPG policy. JSPG submits documents to the WLCG MB and EGI TMB for approval. OSG adopts JSPG policies independently and is not required to adopt all JSPG policies. The top level JSPG Grid Security Policy specifies the overall framework that the other JSPG policies fit into. The list of working documents of the JSPG is at http://www.jspg.org/wiki/JSPG_Docs.

IPG

OSG participates in the Infrastructure Policy Group (IPG), a forum for the discussion of principles and practices for policies of distributed infrastructures.

WLCG

OSG participants who participate in WLCG are also subject to WLCG/EGEE Security Policies.

Comments

Topic revision: r65 - 06 Dec 2016 - 21:57:24 - DaveDykstra
Hello, TWikiGuest!
Register

 
TWIKI.NET

TWiki | Report Bugs | Privacy Policy

This site is powered by the TWiki collaboration platformCopyright by the contributing authors. All material on this collaboration platform is the property of the contributing authors..