1 of 18

Policy Development Kit

Hannah Short (CERN)�WISE and SIG-ISM, Virtual 2021

2 of 18

Today

  • Intro to the Policy Development Kit
  • Evolution
  • Feedback & Questions
  • Working Session

2

3 of 18

Introduction

3

4 of 18

Policy Development Kit - Background

  • In 2017 the AARC project highlighted Policy training as a priority, the AARC2 project tasked with providing it!
    • Interest from additional groups e.g. WISE, EUGridPMA
    • SCI refers to the need for multiple policies but no concrete examples provided
    • Research Communities were asking for help getting started with policies and related documents (this has continued...)
  • Since then
    • Published PDK https://aarc-community.org
    • Agreed to be maintained by WISE
    • Practical experience gathered

4

5 of 18

Policy Development Kit - Process

  • Majority of structuring and editing by AARC participants
  • Input from wider community through WISE and IGTF
  • Members of EOSC-Hub policy task were “volunteered” to review individual policy templates

5

6 of 18

Policy Development Kit - Considerations

Policy pack must be:

  • Modular
  • Coherent
  • Widely applicable
  • Modifiable
  • Simple

Implications:

  • Cannot assume that an infrastructure will have certain bodies, e.g. a CERT
  • Terms must be defined as jargon varies, e.g. PI (Principal Investigator) vs VO (Virtual Organisation) Manager

6

7 of 18

Policy Development Kit - Content

  • Which policies? Work backwards from SCI
    • Top level policy
      • Operational Security
      • Membership Management
      • Data Protection

  • Sources of inspiration?
    • EGI
    • CTSC
    • ELIXIR
    • ...

7

8 of 18

Policy Development Kit - Content

The policies presented are relevant for an Infrastructure operating a Service Provider Proxy that represents the bound set of services in an identity federation. The policies are to be adopted by the Infrastructure itself and, where appropriate, additional policies are suggested for Infrastructure participants such as Services, User Community Management or Users. The Infrastructure may be for the sole use of a single Research Community, or may provide computing services to multiple Research Communities; the policies presented are designed to be flexible.

8

Actually, the policies can be applied much more broadly as we will see...

9 of 18

Policy Development Kit - Content

9

10 of 18

Policy Development Kit - Content

10

11 of 18

Policy Development Kit - Use

  • Training course on the GEANT e-Academy
  • Templates available directly from the AARC Website

11

12 of 18

Evolution

12

13 of 18

Evolution

13

Infrastructure

Changes

Comment

Link

HIFIS (previously HDF)

Initial users (and one of main contributors)

ELIXIR

Added Terms of Use

Focused on the AAI only rather than the entire Infra. Dropped Top Level

IRIS

Significantly modified Top Level policy and Service Operations Security Policy

Emphasis on standalone, short policies

EOSC

Built from IRIS’s Service Operations Security Policy

Much more loosely coupled infrastructure than anticipated by PDK

14 of 18

Comparison table

14

15 of 18

Current work

  • WISE SCI working group has restarted
  • Meeting roughly every 2 weeks
  • Partially triggered by CS3MESH who would like help before Christmas (thanks for being here!)
  • Focusing on Service Operations Security Policy
    • Lots of interest in Infrastructures having clear policies about what is required for participating services
  • https://wise-community.org/policy-development-kit/

15

16 of 18

Questions & Feedback

16

17 of 18

Working Session

17

18 of 18

Today, focus on the Secure Service Operations Policy

https://docs.google.com/document/d/1oO2OsBG99Wf3ecvjU28qma4ubyzpBJgMIB93eRpz6Ck/edit?usp=sharing

18