The purpose of the Security activity is to propose, implement and monitor the project's security architecture. The EGEE Security teams defines a security framework and architecture as well as a set of high-level policies that act as guidance for the other activities.
The active partners in the Security activity are distributed over the EGEE project, and coordinated through the Security Coordination Group, led by the EGEE Security Head. With other activities, the members of the Security Coordination Group are active in cross-project collaboration, aiming at a shared security infrastructure within Europe and the rest of the world. The security groups and their roles are described below.
The Security Coordination Group (SCG) is responsible for ensuring overall EGEE security coordination. This includes architecture, deployment, standardisation and cross-project concertation. The goal is to ensure the relationship between the various security-related work items inside the project do not adversely overlap (leading to duplication of effort) or leave gaps that could be exploited. In addition, the SCG is to coordinate a new security auditing activity. This activity will monitor both operations and middleware for security issues and report periodically on status and progress of the issues identified. The security audit will leverage the work of the Grid vulnerability issues group.
The Operational Security Coordination Team (OSCT) provides an operational response to security threats against the EGEE infrastructure. It focuses mainly on computer security incidents handling, by providing reporting channels, pan-regional coordination and support. It also deals with security monitoring on the Grid and provides best practices and advice to Grid system administrators.
The OSCT is led by the EGEE/LCG Security Officer and includes Security contacts from each EGEE region, who provide support for daily security operations as part of an on-duty rota.
The OSCT can be contacted via project-egee-security-support(at)cern.ch
The Middleware Security Group, is the meeting place for security architects and knowledgeable security individuals from EGEE, OSG, OMII-Europe and other Grid projects. The MWSG have four, two-day meetings per year, and meet at larger Grid conferences. The MWSG was initiated and is led by EGEE and OSG.
The LCG Security Group was formed in 2003 and mandated to advise and make recommendations to the LCG Grid Deployment Manager and the LCG Grid Deployment Board (GDB) on matters related to LCG Security. With the start of EGEE in April 2004, it was agreed that the remit of this group would expand to meet the needs of both EGEE and LCG. From the early days, there has been strong participation by Open Science Grid (OSG) in the USA with the aim of defining common policies across EGEE, OSG and LCG. Other Grid infrastructures have more recently joined the group, including DEISA, SEE-Grid and NDGF. The word "Joint" describes the fact that this body defines and maintains policy for several Grids.
This is the cluster where gLite security services and components are re-engineered and developed.
The purpose of this group is to find and eliminate any Grid security vulnerabilities in the Grid middleware and its deployment, and prevent any new Grid Security Vulnerabilities from being introduced. The aim is "to incrementally make the Grid more secure and thus provide better availability and sustainability of the deployed infrastructure". In this way, Grid Security should improve with time.
The largest part of this activity, to date, is to handle specific Grid Security Vulnerability issues, which may be reported by anyone such as users, developers or system administrators. The GSVG investigates issues, carries out a risk assessment and sets a target date for resolution according to risk.
The EUGridPMA is the international organisation to coordinate the trust fabric for e-Science grid authentication in Europe. It collaborates with the regional peers APGridPMA for the Asia-Pacific and The Americas Grid PMA in the International Grid Trust Federation. The charter document defines the group's objectives, scope and operation. It is the basis for the guidelines documents on the accreditation procedure, the authentication profile for X.509 secured "classic" certification authorities and other IGTF recognised Profiles.