VO Policies

• GRID SECURITY POLICY

Every site participating in the Grid autonomously owns and follows their own local security policies with respect to the system administration and networking of all the resources they own, including resources which are part of the Grid. This policy augments local policies by setting out additional Grid-specific requirements.

2.3 Virtual Organisation Management The responsibilities of the VO management include: 2.3.1 VO Security Policies VOs are required to abide by the Virtual Organisation Operations Policy [9] and the Virtual Organisation Registration Security Policy [2]. They must have a VO Acceptable Use Policy (AUP) and ensure that only individuals who have agreed to abide by the Grid AUP [1] and the VO AUP are registered as members of the VO. 2.3.2 User Registration and VO Membership Service The user registration procedure of the VO is required to be consistent with the Virtual Organisation Membership Management Policy [8]. Approval to join the VO must be restricted to individuals who are recognised as having legitimate rights to membership and who agree to be bound by the AUPs. A VO membership service must be provided with appropriate interfaces to generate authentication, authorization and other identity mapping data for the services running on the sites. VOs are required to maintain the accuracy of the information held and published about their members, and to promptly remove individuals who lose their right to such membership. 2.3.3 VO‐specific Resources VOs are responsible for ensuring that their software does not pose security threats, that access to their databases is secure and is sufficiently monitored, that their stored data are compliant with legal requirements, and that VO-specific services are properly monitored and do not compromise sites or resources. 2.3.4 Applying Sanctions to Users VOs are responsible for promptly investigating reports of users failing to comply with the AUPs and for taking appropriate action to ensure compliance in the future, as defined in section 6. 2.4 Users All users must be members of one of the registered VOs or application communities. The responsibilities of users include: 2010 © EGI.eu 8 / 11 2.4.1 Acceptable Use Users must accept and agree to abide by the Grid Acceptable Use Policy [1] and the VO AUP when they register or renew their registration with a VO. Users must be aware that their work may utilise shared resources and may therefore affect the work of others. They must show responsibility, consideration and respect towards other users in the demands they place on the Grid. Users must have a suitable authentication credential issued as approved by the Grid. They must ensure that others cannot use their credentials to masquerade as them or usurp their access rights. Users may be held responsible for all actions taken using their credentials, whether carried out personally or not. No intentional sharing of credentials for Grid purposes is permitted. Users must be aware that their jobs will often use resources owned by others. They must observe any restrictions on access to resources that they encounter and must not attempt to circumvent such restrictions. Application software written or selected by users for execution on resources must be directed exclusively to the legitimate purposes of their VO. Such software must respect the autonomy and privacy of the host sites on whose resources it may run.

Other policies related to site management and resource administration are also addressed in the Grid Security Policy Document

Documentation

• EGI Policies and Procedures wiki page