Difference between revisions of "06.11.2013 Editorial Access/Management/Maintenance of the suspension list content."
Line 52: | Line 52: | ||
* Interface the clients connect to, to pull the suspension list | * Interface the clients connect to, to pull the suspension list | ||
* Development of a recommended Argus server deployment scenario in the NGIs, RCs | * Development of a recommended Argus server deployment scenario in the NGIs, RCs | ||
Revision as of 13:43, 11 June 2013
Attendees
- Romain Wartel (CERN/WLCG)
- David Kelsey (STFC/EGI-CSIRT)
- Leif Nixon (SNIC/EGI-CSIRT)
- David Groep (FOM/EGI_CSIRT)
- Sven Gabriel (FOM/EGI-CSIRT)
Agenda/Minutes
The following topics have been discussed:
1. Service Maintenance/Availability:
=> CERN runs an ARGUS production server used by some EGI grid sites since 3 years
=> CERN provides this Service on best effort basis, support is provided via the CERN-Helpdesk / CERN-Security-Contact / CERN-Security-Experts. Usual reaction time is is less then an hour, though.
2. Who uses the Emergency Suspension Framework? => The Emergency Suspension Information hosted by a service at CERN will be used by the following infrastructures:
- EGI
- WLCG
- OSG
3. Who has write access to the suspension list? => Write access will be strictly limited to a small number of trusted named individuals from the participating infrastructures. By now these individuals would be:
- For EGI-CSIRT: Leif Nixon and Sven Gabriel
- For WLCG: Romain Wartel
4. Communication/who gets notified about possible changes of the suspension list content? => Each participating infrastructure decides how/who to inform their constituency about changes of the content of the emergency suspension list. The guidelines on how the communication is done is subject of the respective Incident-Response-Procedures.
5. Content of the emergency suspension list => The emergency suspension framework only operates on clients and entities, i.e. user or host/service DNs
6. GOC-DBs role in that framework => Services should be registered in GOC that will be allowed to contact the central suspension service for downloading the suspension information. Based on this GOC-DB information ACLs on central instance could be configured. Here a similar mechanism as for the access to APEL should be possible.
7. Next steps/open issues => The following technical issues will be discussed via the Emergency suspension mail list: central-suspension-mp@mailman.egi.eu
- Format of the suspension list
- Interface the clients connect to, to pull the suspension list
- Development of a recommended Argus server deployment scenario in the NGIs, RCs