r1 - 18 Aug 2006 - 12:09:34 - RobertGardnerYou are here: TWiki >  Admins Web > DraftOSGpolicy

1.1   Site identification
      * Site/resource name, e.g. FermiGrid
1.2   Site owner
      * This is a pointer to the OSG site registration document

2.    Terms of Use
2.1   Site expectation of users
      * You cannot process data of types not allowed at FNAL; this includes copyrighted data without documented permission of copyright holder, classified, HIPPA, or personally identifiable information.
      * You cannot perform activities inconsistent with the site AUP
2.2   User expectations of site
      * Systems are furnished to serve HEP experiments; there can be no reliance that data or computations are private.
      * Site administrators may look at your jobs in arbitrary ways, consistent with local site policy.

3.   Security Requirements
3.1   Accounting Requirements
      * Jobs must be submitted in a manner supporting accounting,
     e.g. via Condor Grid Monitor
      * Information on which specific user submits the jobs must be maintained by the submitting site in order to support accounting.    e.g. user traceability
3.2 Auditing and forensics 
     * Statement on where the auditing information may be published and who may access the audit logs with the description on the following components:
     - Logging software, collection sub-systems, repository, forensic tools 
     * Site Incident reporting contact point
     * Site Incident Response page (if applicable)
3.3 Secure middleware
     * Statement on services which are deployed to find and fix software vulnerabilities to assurance deployed security software are current and correctly configured.
3.4   Network and Firewall
3.4.1 Ingress, Egress policies
3.4.2 Firewall ports
     * Statement on high level approach of the tools and services deployed to dynamically open and close ports needed by application and middleware based on authentication and authorization.

4. Identity management
4.1   Allowed VOs
      * Statement of which VOs are allowed (e.g. all OSG)
4.2   Required VO commitment
      * VO promises to implement controls at least as strict as site
      * Site reserves the right to audit compliance
4.3 Privilege management policies (accounts and rules)
     * List supported accounts and roles
     * Statement on which subjects are authoritative for specific resources.
     * Statement on which subjects may never gain access to these resources (blacklisted).
     * Statement on which subjects are allowed to combine delegated privileges (for example, a member of two competing experiments may not be allowed to combine (privileges to) resources from these two experiments).
    * Specific privileges that may never be granted or have to be overruled for a specific resource.

5.    Technical
5.1   Compute Elements (CE)
5.1.1 CE Resource priorities
      * Statement of VO priorities       e.g. CMS, other use opportunistic
5.1.2 CE Resource limitations
      * Statement of processing limits   e.g. wall clock time limits
5.1.3 CE Resource management
      * Corrective actions that may be taken
      * Punitive actions that may be taken

5.2   Storage Elements (SE)
5.2.1 SE Access mechanism
      * SRM, jobmanager fork, etc
5.2.2 SE Storage areas
      * Statement on providing user storage on shared file systems as part of the OSG.   
     * Statement on providing the core $APP, $DATA, $TMP and $WN_TMP areas and there sizes as part of the OSG.
      * Redundancy (e.g. RAID, resilient dcache)
5.2.3 SE Storage quotas
5.2.4 SE Retention and Purge policies
5.2.5 SE Resource management
      * Corrective actions that may be taken    e.g. Full file system
      * Punitive actions that may be taken   e.g. Misuse of storage resources

6.    Support
6.1   What user can expect from site
      * Notification of downtimes
      * Job recovery procedures
      * Storage element recovery procedures
        e.g. backup policy, redundancy (e.g. RAID, resilient dcache)

Numbered items are template fields.
Items with a '*' are example contents

-- RobertGardner - 18 Aug 2006

About This Site

Please note that this site is a content mirror of the BNL US ATLAS TWiki. To edit the content of this page, click the Edit this page button at the top of the page and log in with your US ATLAS computing account name and password.


Powered by TWiki
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback