Placeholder for the Security Architecture Document.
Section Heading |
Source/Responsible |
Contacted |
Submitted |
Completed |
2.1 Definition of Security Architecture |
Mostly from EGEE MJRA1.4. I need input from all on this! |
|
|
|
2.2 Trust, Authentication and Authorization: A Terminology (Definitions of the most important concepts) |
Mostly from EGEE MJRA1.4. John. |
|
|
|
2.3 Virtual Organization, Sites and Common Grid Services (Definitions, brief description of the major grid services and how security applies to them) |
Directly from EGEE MJRA1.4. John. Will need checking by UNICORE and ARC. (Bernd,Weizhong) |
|
|
|
3 Authentication |
Directly from EGEE MJRA1.4 . John. Input from David G. |
|
|
|
3.1 Identity Credential Formats |
Directly from MJRA1.4. John. Input from Bernd for UNICORE |
|
|
|
3.2 Bootstrapping Authentication |
Directly from EGEE MJRA1.4. John. |
|
|
|
3.3 Enforcing Validity Constraints |
Directly from EGEE MJRA1.4. John. Need input from Bernd,Weizhong. |
|
|
|
3.4 EMI Common Authentication Libraries |
New text from CANl PT. Zdenek |
|
|
|
3.4.1 C CANl |
New text from CANl |
|
|
|
3.4.2 C++ CANl |
New text from CANl |
|
|
|
3.4.3 Java CANl |
New text from CANl |
|
|
|
3.5 Revocation |
Directly from EGEE MJRA1.4 (updating by Oscar). |
|
|
|
3.6 Certificate Renewal |
Directly from from EGEE MJRA1.4. John. |
|
|
|
3.7 Delegation |
Text from EGEE MJRA1.4 updated by Paul Millar. Input from NIKHEF |
|
|
|
3.8 Renewal of Proxy Certificates. |
Text needs updating by Daniel K. |
|
|
|
3.9 Anonymity, Privacy, Pseudonymity |
Text from EGEE MRA1.4 to be updated by Henri M. |
|
|
|
4 Federated Identities |
Henri to check. |
|
|
|
4.1 STS |
New text from Henri |
|
|
|
5 Authorization |
|
|
|
|
5.1 Introduction |
From MJRA1.4. John |
|
|
|
5.2 VOMS and UVOS |
Andrea for VOMS. Bernd for UVOS. |
|
|
|
5.2.1 UVOS |
Krzysztof for UVOS. |
|
|
|
5.2.2 VOMS |
Andrea for VOMS. |
|
|
|
5.3 Policy definition and management |
New text on XACML and SAML profiles. Updated by Simon. |
|
|
|
5.4 Argus AuthZ service |
Text from MJRA1.4. Updated by Simon. |
|
|
|
5.5 Identity Switching on the Worker Nodes |
Text from MJRA1.4. Need updating by Oscar/Mischa. |
|
|
|
6 Data Management |
|
|
|
|
6.1 Unencrypted Data Storage. |
From MJRA1.4. John |
|
|
|
6.1.1 DPM/LFC |
Directly from MJRA1.4 |
|
|
|
6.1.2 dCache. |
Asked Patrick for some text. |
|
|
|
6.1.3 StoRM |
Asked for some text. |
|
|
|
6.1.4 FTS |
Directly from MJRA1.4 |
|
|
|
6.2 Encrypted Data Storage. |
This is the Hydra section. John. |
|
|
|
7 Logging, Tracing and Auditing |
Updating of text from Mischa/Oscar/David G. |
|
|
|
8 Security Management and Threats Handling |
New text from Mischa/Oscar/David G. |
|
|
|
8.1 Software Security Management |
New text from Mischa/Oscar/David G. |
|
|
|
8.2 Bug fixing, Emergency Releases, etc. |
Text added Needs work later. |
|
|
|
8.3 Grid Services Security Assessment. |
Elisa Heyman |
|
|
|
9 International Collaborations |
|
|
|
|
9.1 OGF, IGTF, IGE |
Need to ask this from Morris |
|
|
|
10 Assessment, Strengths, ideas for improvement |
This comes from everyone. Free form... |
|
|
|