Difference between revisions of "06.11.2013 Editorial Access/Management/Maintenance of the suspension list content."
Line 8: | Line 8: | ||
= Agenda/Minutes = | = Agenda/Minutes = | ||
The following topics have been discussed: | The following topics have been discussed: | ||
* Service Maintenance/Availability: | * Service Maintenance/Availability: | ||
=> CERN runs an ARGUS production server used by some EGI grid sites since 3 years | => CERN runs an ARGUS production server used by some EGI grid sites since 3 years | ||
Line 30: | Line 32: | ||
* Communication/who gets notified about possible changes of the suspension list content? | * Communication/who gets notified about possible changes of the suspension list content? | ||
=> Each participating infrastructure decides how/who to inform their constituency about changes of the content of the emergency suspension list. The guidelines on how the communication is done is subject of the respective Incident-Response-Procedures. | |||
---- | |||
* Content of the emergency suspension list | |||
=> The emergency suspension framework only operates on clients and entities, i.e. user or host/service DNs | |||
---- | |||
* GOC-DBs role in that framework | |||
=> Services should be registered in GOC that will be allowed to contact the central suspension service for downloading the suspension information. Based on this GOC-DB information ACLs on central instance could be configured. | |||
Here a similar mechanism as for the access to APEL should be possible. | |||
---- | |||
* Next steps/open issues | |||
=> The following technical issues will be discussed via the Emergency suspension mail list: central-suspension-mp@mailman.egi.eu | |||
* Format of the suspension list | |||
* Interface the clients connect to, to pull the suspension list | |||
* Development of a recommended Argus server deployment scenario in the NGIs, RCs | |||
= Minutes = | = Minutes = |
Revision as of 13:42, 11 June 2013
Attendees
- Romain Wartel (CERN/WLCG)
- David Kelsey (STFC/EGI-CSIRT)
- Leif Nixon (SNIC/EGI-CSIRT)
- David Groep (FOM/EGI_CSIRT)
- Sven Gabriel (FOM/EGI-CSIRT)
Agenda/Minutes
The following topics have been discussed:
- Service Maintenance/Availability:
=> CERN runs an ARGUS production server used by some EGI grid sites since 3 years => CERN provides this Service on best effort basis, support is provided via the CERN-Helpdesk / CERN-Security-Contact / CERN-Security-Experts. Usual reaction time is is less then an hour, though.
- Who uses the Emergency Suspension Framework?
=> The Emergency Suspension Information hosted by a service at CERN will be used by the following infrastructures:
- EGI
- WLCG
- OSG
- Who has write access to the suspension list?
=> Write access will be strictly limited to a small number of trusted named individuals from the participating infrastructures. By now these individuals would be:
- For EGI-CSIRT: Leif Nixon and Sven Gabriel
- For WLCG: Romain Wartel
- Communication/who gets notified about possible changes of the suspension list content?
=> Each participating infrastructure decides how/who to inform their constituency about changes of the content of the emergency suspension list. The guidelines on how the communication is done is subject of the respective Incident-Response-Procedures.
- Content of the emergency suspension list
=> The emergency suspension framework only operates on clients and entities, i.e. user or host/service DNs
- GOC-DBs role in that framework
=> Services should be registered in GOC that will be allowed to contact the central suspension service for downloading the suspension information. Based on this GOC-DB information ACLs on central instance could be configured. Here a similar mechanism as for the access to APEL should be possible.
- Next steps/open issues
=> The following technical issues will be discussed via the Emergency suspension mail list: central-suspension-mp@mailman.egi.eu
- Format of the suspension list
- Interface the clients connect to, to pull the suspension list
- Development of a recommended Argus server deployment scenario in the NGIs, RCs
Minutes
The Emergency Suspension Information hosted by a service at CERN will be used by the following infrastructures:
- EGI
- WLCG
- OSG