The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.
Difference between revisions of "VO Policies"
| Line 63: | Line 63: | ||
contacts shall respond to enquiries in a timely fashion as defined in the Grid operational | contacts shall respond to enquiries in a timely fashion as defined in the Grid operational | ||
procedures giving priority to security problems. | procedures giving priority to security problems. | ||
2. You shall comply with the Grid security policies, the VO AUP and any archival, accounting | 2. You shall comply with the Grid security policies, the VO AUP and any archival, accounting | ||
and logging requirements. You shall periodically assess, at least once per year, your | and logging requirements. You shall periodically assess, at least once per year, your | ||
compliance with these policies and inform the Grid Security Officer of any violations | compliance with these policies and inform the Grid Security Officer of any violations | ||
encountered in the assessment, and correct such violations forthwith. | encountered in the assessment, and correct such violations forthwith. | ||
3. You shall ensure that a VO membership service is provided in compliance with the VO | 3. You shall ensure that a VO membership service is provided in compliance with the VO | ||
Membership Management Policy. This shall include the appropriate interfaces and | Membership Management Policy. This shall include the appropriate interfaces and | ||
| Line 73: | Line 75: | ||
measures to ensure that the information recorded in the membership service is correct and | measures to ensure that the information recorded in the membership service is correct and | ||
up-to-date. | up-to-date. | ||
4. You are responsible for ensuring that your software does not pose security threats, that access | 4. You are responsible for ensuring that your software does not pose security threats, that access | ||
to your databases is secure and is sufficiently monitored, that your stored data are compliant | to your databases is secure and is sufficiently monitored, that your stored data are compliant | ||
with legal requirements, and that your VO services, including pilot job frameworks, are | with legal requirements, and that your VO services, including pilot job frameworks, are | ||
operated according to the applicable policy documents. | operated according to the applicable policy documents. | ||
5. You shall ensure that logged, archived and membership information is only used for | 5. You shall ensure that logged, archived and membership information is only used for | ||
administrative, operational, accounting, monitoring and security purposes. You shall ensure | administrative, operational, accounting, monitoring and security purposes. You shall ensure | ||
that due diligence is applied in maintaining the confidentiality of such information. | that due diligence is applied in maintaining the confidentiality of such information. | ||
6. You recognize that the Grid and the Sites may control your access to their resources for | 6. You recognize that the Grid and the Sites may control your access to their resources for | ||
administrative, operational and security purposes. | administrative, operational and security purposes. | ||
7. You shall ensure that any software used by you at a Site for its intended purposes, complies | 7. You shall ensure that any software used by you at a Site for its intended purposes, complies | ||
with applicable license conditions and you shall hold such Site free and harmless from any | with applicable license conditions and you shall hold such Site free and harmless from any | ||
liability with respect thereto. | liability with respect thereto. | ||
8. Any software provided by the Grid is provided on an as-is basis only, and subject to its own | 8. Any software provided by the Grid is provided on an as-is basis only, and subject to its own | ||
license conditions. There is no guarantee that any service operated by the Grid is correct or | license conditions. There is no guarantee that any service operated by the Grid is correct or | ||
sufficient for any particular purpose. The Grid, the Sites and other VOs are not liable for any | sufficient for any particular purpose. The Grid, the Sites and other VOs are not liable for any | ||
loss or damage in connection with your participation in the Grid. | loss or damage in connection with your participation in the Grid. | ||
9. You shall comply with the Grid incident response procedures and respond promptly to | 9. You shall comply with the Grid incident response procedures and respond promptly to | ||
requests from Grid Security Operations. You shall inform users in cases where their access | requests from Grid Security Operations. You shall inform users in cases where their access | ||
rights have changed. | rights have changed. | ||
10. Disputes resulting from your participation in the Grid shall be resolved according to the Grid | 10. Disputes resulting from your participation in the Grid shall be resolved according to the Grid | ||
escalation procedures. | escalation procedures. | ||
Revision as of 14:51, 20 May 2011
VO Policies
GRID SECURITY POLICY
Every site participating in the Grid autonomously owns and follows their own local security policies with respect to the system administration and networking of all the resources they own, including resources which are part of the Grid. This policy augments local policies by setting out additional Grid-specific requirements.
2.3 Virtual Organisation Management The responsibilities of the VO management include: 2.3.1 VO Security Policies VOs are required to abide by the Virtual Organisation Operations Policy [9] and the Virtual Organisation Registration Security Policy [2]. They must have a VO Acceptable Use Policy (AUP) and ensure that only individuals who have agreed to abide by the Grid AUP [1] and the VO AUP are registered as members of the VO. 2.3.2 User Registration and VO Membership Service The user registration procedure of the VO is required to be consistent with the Virtual Organisation Membership Management Policy [8]. Approval to join the VO must be restricted to individuals who are recognised as having legitimate rights to membership and who agree to be bound by the AUPs. A VO membership service must be provided with appropriate interfaces to generate authentication, authorization and other identity mapping data for the services running on the sites. VOs are required to maintain the accuracy of the information held and published about their members, and to promptly remove individuals who lose their right to such membership. 2.3.3 VO‐specific Resources VOs are responsible for ensuring that their software does not pose security threats, that access to their databases is secure and is sufficiently monitored, that their stored data are compliant with legal requirements, and that VO-specific services are properly monitored and do not compromise sites or resources. 2.3.4 Applying Sanctions to Users VOs are responsible for promptly investigating reports of users failing to comply with the AUPs and for taking appropriate action to ensure compliance in the future, as defined in section 6. 2.4 Users All users must be members of one of the registered VOs or application communities. The responsibilities of users include: 2010 © EGI.eu 8 / 11 2.4.1 Acceptable Use Users must accept and agree to abide by the Grid Acceptable Use Policy [1] and the VO AUP when they register or renew their registration with a VO. Users must be aware that their work may utilise shared resources and may therefore affect the work of others. They must show responsibility, consideration and respect towards other users in the demands they place on the Grid. Users must have a suitable authentication credential issued as approved by the Grid. They must ensure that others cannot use their credentials to masquerade as them or usurp their access rights. Users may be held responsible for all actions taken using their credentials, whether carried out personally or not. No intentional sharing of credentials for Grid purposes is permitted. Users must be aware that their jobs will often use resources owned by others. They must observe any restrictions on access to resources that they encounter and must not attempt to circumvent such restrictions. Application software written or selected by users for execution on resources must be directed exclusively to the legitimate purposes of their VO. Such software must respect the autonomy and privacy of the host sites on whose resources it may run.
Other policies related to site management and resource administration are also addressed in the Grid Security Policy Document
VIRTUAL ORGANISATION OPERATIONS POLICY
1. You shall provide and maintain, in a central repository provided by the Grid, accurate contact information as specified in the VO Registration Policy. These contacts satisfy the communication requirements for management decisions, security actions and operational issues relating to VO membership and Grid usage, as well as your software and services. The contacts shall respond to enquiries in a timely fashion as defined in the Grid operational procedures giving priority to security problems.
2. You shall comply with the Grid security policies, the VO AUP and any archival, accounting and logging requirements. You shall periodically assess, at least once per year, your compliance with these policies and inform the Grid Security Officer of any violations encountered in the assessment, and correct such violations forthwith.
3. You shall ensure that a VO membership service is provided in compliance with the VO Membership Management Policy. This shall include the appropriate interfaces and configuration details to allow the generation of authentication, authorization and other identity mapping data for the services running on the Sites. You shall take reasonable measures to ensure that the information recorded in the membership service is correct and up-to-date.
4. You are responsible for ensuring that your software does not pose security threats, that access to your databases is secure and is sufficiently monitored, that your stored data are compliant with legal requirements, and that your VO services, including pilot job frameworks, are operated according to the applicable policy documents.
5. You shall ensure that logged, archived and membership information is only used for administrative, operational, accounting, monitoring and security purposes. You shall ensure that due diligence is applied in maintaining the confidentiality of such information.
6. You recognize that the Grid and the Sites may control your access to their resources for administrative, operational and security purposes.
7. You shall ensure that any software used by you at a Site for its intended purposes, complies with applicable license conditions and you shall hold such Site free and harmless from any liability with respect thereto.
8. Any software provided by the Grid is provided on an as-is basis only, and subject to its own license conditions. There is no guarantee that any service operated by the Grid is correct or sufficient for any particular purpose. The Grid, the Sites and other VOs are not liable for any loss or damage in connection with your participation in the Grid.
9. You shall comply with the Grid incident response procedures and respond promptly to requests from Grid Security Operations. You shall inform users in cases where their access rights have changed.
10. Disputes resulting from your participation in the Grid shall be resolved according to the Grid escalation procedures.