Differences between revisions 60 and 61
Revision 60 as of 2006-04-11 09:20:27
Size: 41313
Editor: AlunEdwards
Comment:
Revision 61 as of 2006-04-26 13:37:47
Size: 22461
Editor: AlunEdwards
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
== Citations for all the articles used: == xxxx Note for Mark and Alun <:(
 * This page needs a final proof-read = MN?.
 * The references should be re-ordered in their sections so that the top priority refs are listed at the top of each section, AE and MN to identify the priority ones.
 * First attempt at grouping the references by subject, MN to suggest further sub-division by subject and/or better subjects!
 * Also still needs some URLs to be found by AE
 * Also need to add references for Usability conference, and University of Oxford ICT Strategy presentations and many many more = AE and MN.
 * AE will attend to this after Evaluation pages are signed off.
 * '''ONLY one action for Mark''' included for the final report – e.g. recording where n. '''MUST''' be in the report etc.
Line 3: Line 10:
=== Note ===
 * See raw text to see how to add an anchor type this [[Anchor(name_of_anchor)]]
Line 6: Line 11:
 * See raw text to see how to link to an anchor at the text type this [:name_of_wiki_page#name_of_anchor:text_of_link] = Citations for all the articles used: =
Line 8: Line 13:
 * Sorry this contains lots of blank links because of text involving 2 or more capital letters together!
----
'''''Please add new items to the top of the list:'''''
Line 13: Line 15:
 1. [[Anchor(OnlineFroissart)]] '''Froissart Project'''. http://www.shef.ac.uk/french/research/froissart/besancon.htm == Security – grid use-cases ==
 * [[Anchor(gridshibusecases)]] '''Grid/Shibboleth Use Cases'''!GridShib Project (Von Welch). May 2 2005 http://grid.ncsa.uiuc.edu/GridShib/
  * For project notes about this see UsecasesGridshibboleth
Line 15: Line 19:
 1. [[Anchor(DunnAndAinsworth)]]'''The Medieval Book: Online Froissart Project: HEIF KNOWLEDGE EXCHANGE AWARD Report of activities, Aug-Sept 2004 (Project Title : "Virtual Vellum : digital tools for the medieval manuscript, Research & Development and Public Dissemination")'''. Dunn, Colin and Ainsworth, Professor Peter (University of Sheffield). http://cbers.shef.ac.uk/downloads/onlinefroissart.pdf  * [[Anchor(NagaratnamSOGS)]]'''The Security for Open Grid Services''' July 17 2002, Version 1. Nataraj Nagaratnam (IBM Corporation), Phillipe Janson (IBM Corporation), John Dayka (IBM Corporation), Anthony Nadalin (IBM Corporation), Frank Siebenlist (Argonne National Laboratory), Von Welch (University of Chicago), Ian Foster (Arg onne National Laboratory and University of Chicago), Steve Tuecke (Argonne National Laboratory)
Line 17: Line 21:
 1. [[Anchor(AccessGrid)]] '''The Access Grid Project''' http://www.accessgrid.org/  * [[Anchor(FosterOGSAUC)]]'''Open Grid Services Architecture Use Cases GFD-I.029'''. Editors: Ian Foster Argonne and University of Chicago), D. Gannon (Indiana University), H. Kishimoto (Fujitsu), Jeffrin J. Von Reich (Hewlett Packard), October 28 2004. http://www.gridforum.org/documents/GWD-I-E/GFD-I.029v2.pdf
{{{
xxxx action for final report then please delete this note:: this has the 2 routes, “must use in report”. Large document with lots of use cases. Use this to bolster our set of use cases. ''N.B. Google for this as there may be different versions of this around the place.''
}}}
Line 19: Line 26:
 1. [[Anchor(GrenhalghEquip)]]'''Equip: An Extensible Platform For Distributed Collaboration'''. Greenhalgh, Chris. Proceedings from Workshop on Advanced Collaborative Technologies (WACE) 2002, Edinburgh XXXX find url
 
 1. [[Anchor(jiscwebsecurity)]] '''Web Security.''' Andrew Cormack, University of Wales, Cardiff. Report: 006 to JISC, January 1997 http://www.jisc.ac.uk/index.cfm?name=acn_websecurity and http://www.jisc.ac.uk/uploaded_documents/jtap-006.doc
  * Alun:: Find abuse cases, for use-cases! 		 * [[Anchor(ACES)]]'''Security Requirements of Advanced Collaborative Environments (ACEs)''' GFD-I.043. D. Agarwal (Lawrence Berkeley National Laboratory), B. Corrie (Simon Fraser University), J. Leigh (Univeristy of Illinois at Chicago), M. Lorch (Virginia Tech), J. Myers (Pacific Northwest National Laboratory), R. Olson (Argonne National Laboratory), M.E. Papka (Argonne National Laboratory), M. Thompson (Lawrence Berkeley National Laboratory). December 22 2004.
Line 24: Line 28:
 1. [[Anchor(parliamentaryabusecases)]] '''CampusGrid Workshop.''' Paul Jeffreys and Peter Clarke June 16/17 2005 NeSC. http://www.nesc.ac.uk/talks/556/CampusGrid1617June2005b.pdf
  * Alun:: Find abuse cases, for use-cases! Deploying Grids on Campus Networks (Campus Network World: Service oriented28 minutes to be hacked on average); Local security issues in CampusGrid envs (Very helpful Security Checklist•Automate deployment, monitoring and security –only way•Use your existing authentication infrastructure–Avoid digital certificates and GSI; else make it transparent to users(this was contentious –can you have authentication for CampusGrid and external?)•Authorisation: –must scale well–Decide between central control and delegated control•Auditing is vital to support your security policy–Use system’s auditing facilities wherever possible–Intrusion Detection Systems can have too many false positives•Have as few access points as possible•Centrally manage workstations; keep all software on workstationsup-to-date•Control local environment as much as you can)		  * '''Advanced Collaborative Environments (ACE)'''. Research Group at Global Grid Forum 5 July 22-24 2002. http://calder.ncsa.uiuc.edu/ACE-grid/2002-07-22_GGF5/docs.html
Line 27: Line 30:
 1. [[Anchor(parliamentaryabusecases)]] '''All-party Parliamentary Internet Group.''' Minutes of proceedings at a Parliamentary hearing held in Room 19 Committee Corridor on Thursday 29 April 2004 Before: Mr Richard Allan (Chairman), Earl of Erroll, Earl of Northesk, Brian White, Derek Wyatt. http://www.apig.org.uk/Oral%20Evidence%20Transcript.doc
  * Alun:: Find abuse cases, for use-cases! Witnesses include Andrew Cormack, Chief Security Advisor, UKERNA 		 * [[Anchor(AccessGrid)]] '''The Access Grid Project''' http://www.accessgrid.org/
Line 30: Line 32:
 1. [[Anchor(neilsonabusecases)]] '''LCG/EGEE Grid Incident Response.''' Ian Neilson, Grid Deployment Group, CERN at the TERENA NRENS-Grids Workshop. May 12 2005, Amsterdam http://www.terena.nl/tech/grid/workshop-01/neilson.ppt
  * Alun:: Find abuse cases, for use-cases! References Andrew Cormack’s draft "CSIRTs and Grids" comparison available here. ...		  * [[Anchor(GrenhalghEquip)]]'''Equip: An Extensible Platform For Distributed Collaboration'''. Greenhalgh, Chris. Proceedings from Workshop on Advanced Collaborative Technologies (WACE) 2002, Edinburgh
{{{
 '''xxxx find url'''
}}}
Line 33: Line 37:
 1. [[Anchor(cormackabusecases)]] '''CSIRTs and Grids, Draft v0.3''' Andrew Cormack April 14 2005. http://indico.cern.ch/getFile.py/access?contribId=145&amp;sessionId=33&amp;resId=0&amp;materialId=0&amp;confId=0513
  * Alun:: Find abuse cases, for use-cases! Computer Security Incident Response Team (CSIRT)		  * [[Anchor(requirementscapture)]] '''Requirements Capture for Collaboration in eScience''' Marina Jirotka, Rob Procter, Frank Bisby and Matthew Dovey. UK: National e-Science Centre, January 14-15 2004 http://www.nesc.ac.uk/esi/events/320/ Summary report http://www.nesc.ac.uk/talks/320/Report.pdf
  * For project notes about this see UsecasesRequirementscapture
Line 36: Line 40:
 1. [[Anchor(gridshibusecases)]] '''Grid/Shibboleth Use Cases''' GridShib Project (Von Welch). May 2 2005 http://grid.ncsa.uiuc.edu/GridShib/
  * Alun:: Von Welch supplied these 'case studies' as he calls them, a first draft, they contribute to the end-to-end stories primarily. Von Welch's email subject - Re. Version 0.65 of use-cases doc. sent Mon 2 May 2005 17.29 to esp-grid@jiscmail.ac.uk		  * [[Anchor(NGSinductionBridges)]]'''NGS induction --- case study: the BRIDGES project'''. Micha Bayer, Grid Services Developer, BRIDGES project. National e-Science Centre, Glasgow Hub http://www.nesc.ac.uk/talks/561/ngs_induction_bridges.ppt
Line 39: Line 42:
 1. [[Anchor(requirementscapture)]] '''Requirements Capture for Collaboration in eScience''' Marina Jirotka, Rob Procter, Frank Bisby and Matthew Dovey. National e-Science Centre, January 14-15 2004 http://www.nesc.ac.uk/esi/events/320/ Summary report http://www.nesc.ac.uk/talks/320/Report.pdf
  * Alun:: Findings include: the lack of understanding of the nature of collaborative scientifc work and of the likely impact of Grid technologies on practice - a real threat to the success of the e-Science programme; users' requirements must be adequately factored into the process of Grid technology development.		  * [[Anchor(OnlineFroissart)]] '''Froissart Project'''. http://www.shef.ac.uk/french/research/froissart/besancon.htm
Line 42: Line 44:
 1. [[Anchor(tractabletoolkits)]] '''Towards tractable toolkits for the Grid: a plea for lightweight, usable middleware'''. Jonathan Chin, Peter V. Coveney, Centre for Computational Science, Department of Chemistry, University College London. RealityGrid 2003. http://www.realitygrid.org/lgpaper21.pdf
  * Alun:: Looks at significant barriers to widespread acceptance of Grid technology through the end-user community of application scientists. '''Requirements''' include develop a simple, lightweight Grid middleware which is "good enough" for rapid adoption, rather than taking longer to develop a solution which will, supposedly, suit all needs. Such a toolkit must be: substantially more portable, lightweight, and modular in design; produced in very close collaboration with application scientists; sufficiently well-documented that end-users will be able to port existing codes to use Grid techniques with the minimum of hassle.		  * [[Anchor(DunnAndAinsworth)]]'''The Medieval Book: Online Froissart Project: HEIF KNOWLEDGE EXCHANGE AWARD Report of activities, Aug-Sept 2004 (Project Title : "Virtual Vellum : digital tools for the medieval manuscript, Research & Development and Public Dissemination")'''. Dunn, Colin and Ainsworth, Professor Peter (University of Sheffield). http://cbers.shef.ac.uk/downloads/onlinefroissart.pdf
Line 45: Line 46:
 1. [[Anchor(AHRCeresearch)]] '''E-Science (E-Research) Expert Seminar: Report on Proceedings''' Sheila Anderson, 28 April 200(5?) http://www.ahrcict.rdg.ac.uk/activities/e_science.pdf
  * Alun:: Includes mention of Test-bed implementation of grid infrastructure for managing, accessing and delivering widely distributed resources: (a. Identify use-case scenarios linked to real research questions, b. Investigate use of globus, SRB, grid services, c. Test implementations, d. Potentially a joint AHDS/Methods Network project)		  * [[Anchor(AHRCeresearch)]] '''E-Science (E-Research) Expert Seminar: Report on Proceedings''' Sheila Anderson, 28 April 200(5?) http://www.ahrcict.rdg.ac.uk/activities/e_science.pdf
Line 48: Line 48:
 1. [[Anchor(NGSinductionBridges)]]'''NGS induction --- case study: the BRIDGES project'''. Micha Bayer, Grid Services Developer, BRIDGES project. National e-Science Centre, Glasgow Hub http://www.nesc.ac.uk/talks/561/ngs_induction_bridges.ppt
  * Alun:: presentation. '''Bridges' Requirements'''. '''Use cases''' include:
  * Project web portals
  * Microarray reporter sequence BLAST jobs (Basic Local Alignment Search Tool) 		 * [[Anchor(GridShibIntegration)]]'''GridShib: Grid-Shibboleth Integration (Identity Federation and Grids)''' April 11, 2005 Von Welch vwelch@ncsa.uiuc.edu http://grid.ncsa.uiuc.edu/GridShib/presentations/GridShib-uk-april05.ppt
Line 53: Line 50:
 1. [[Anchor(GridShibIntegration)]]'''GridShib: Grid-Shibboleth Integration (Identity Federation and Grids)''' April 11, 2005 Von Welch vwelch@ncsa.uiuc.edu http://grid.ncsa.uiuc.edu/GridShib/presentations/GridShib-uk-april05.ppt
  * Alun:: presentation '''Use cases''' 		 * [[Anchor(advancedreservation)]]'''Use Cases for Advance Reservation and Co-allocation'''. Presented at PSNC Workshop on Resource Management, Poznan, 22 October, 2003 by Stephen Pickles stephen.pickles@man.ac.uk http://www.realitygrid.org http://www.man.poznan.pl/10years/papers/pickles.ppt
Line 56: Line 52:
 1. [[Anchor(advancedreservation)]]'''Use Cases for Advance Reservation and Co-allocation'''. Presented at PSNC Workshop on Resource Management, Poznan, 22 October, 2003 by Stephen Pickles stephen.pickles@man.ac.uk http://www.realitygrid.org http://www.man.poznan.pl/10years/papers/pickles.ppt
  * Alun:: presentation'''Use case''' includes 'Steering Grid Service' (SGS)		  * [[Anchor(KalraEtAl)]]'''Security and confidentiality approach for the Clinical E-Science Framework (CLEF)'''. D Kalra (Centre for Health Informatics and Multiprofessional Education (CHIME) University College London), P Singleton (Centre for Health Informatics and Multiprofessional Education (CHIME) University College London) (Judge Institute, University of Cambridge), D Ingram (Centre for Health Informatics and Multiprofessional Education (CHIME) University College London), J Milan (Royal Marsden NHS Trust), J MacKay (The Genetics Unit, Institute of Child Health, University College London), D Detmer (Judge Institute, University of Cambridge), A Rector (Department of Computer Science, University of Manchester). Proceedings of UK e-Science All Hands Meeting 2003, 2-4th September, Nottingham, UK. http://www.clinical-escience.org http://www.nesc.ac.uk/events/ahm2003/AHMCD/pdf/160.pdf
Line 59: Line 54:
 1. [[Anchor(ebusinessgrid)]]'''The Grid: An Infrastructure for e-Business and e-Science'''. David W. Walker. School of Computer Science, Cardiff University http://www.cs.cf.ac.uk/User/David.W.Walker/ poss date 4 Feb 2004 http://www.wesc.ac.uk/events/past/ppt/Grid%203%20Feb%202004.ppt
  * Alun:: Presentation, graphs and stats for the take-up of grid technology in future, '''use cases''', incl mention of e-Health, e-Business, e-Commerce, e-Learning		  * [[Anchor(ebusinessgrid)]]'''The Grid: An Infrastructure for e-Business and e-Science'''. David W. Walker. School of Computer Science, Cardiff University http://www.cs.cf.ac.uk/User/David.W.Walker/ poss date 4 Feb 2004 http://www.wesc.ac.uk/events/past/ppt/Grid%203%20Feb%202004.ppt
Line 62: Line 56:
 1. [[Anchor(IAPGRID)]]'''Unlocking the ''Grid''''': The report of the Information Age Partnership ''Grid'' Taskforce (February 2004)
  '''Notes'''
  * Mark::
   Good section on 'What is Grid?' and a nice definition that '''''we should use'''''.		  * [[Anchor(eIRG551)]]'''eInfrastructure Reflection Group White Paper Version 5.51''' 13 April 2004
{{{
xxxx find url
}}}
Line 67: Line 61:
   Page 4 - first paragraph starts with "The term 'grid' is variously used to describe a number of different, but related, ideas, including utility computing concepts, grid technologies...". This looks like a robust definition to use. I like it!
   Page 6 - gives a Medium term view of what the Grid could be used for. We should use these examples as Use Cases, e.g. "requiring issues such as ownership, management and accounting to be handled within trusted partnerships." (said within the context VOs and medium=approx. 5 year timeframe).		  * '''European leadership in e-Science and Grids'''. eInfrastructure Reflection Group White Paper Version 2.0-pre 16 November 2004. eIRG-Den-Haag-v2.0-pre-accepted.doc
Line 70: Line 63:
 1. [[Anchor(SRC4E)]]'''Security Research Challenges for e-Science''' Document ''published'' by the UK e-Science Security Task Force (2005)
  * Mark:: If we can use it, the Security Research Challenges for e-Science document (2005) could be useful. It has lots of implied requirements (general expectations). (This document has now [End July 05] been published on the NeSC web site and therefore we can cite and use it).
  '''''General Note''''': Doc. talks about AAA= Authentication, Authorisation and Accounting, but when it gets down to detail, the final A becomes “Auditing”. This is probably deliberate, but could do with highlighting and explaining.		  * [[Anchor(Pahwaetal)]]'''Supporting Collaborative Virtual Organisations in the Construction Industry via the Grid'''. J.S. Pahwa, P. Burnap, L. Joita, W.A.Gray, O.F.Rana, John Miles, COllaborative VIrtual TEams (COVITE) Project. UK: Proceedings of the UK e-Science All Hands Meeting 2004. http://www.allhands.org.uk/2004/proceedings/papers/182.pdf and http://www.nesc.ac.uk/events/ahm2004/presentations/182.ppt
Line 74: Line 65:
  '''''General Note''''': Doc. is about priority needs for further work, but this implies requirements.  * [[Anchor(RussellEtAl)]]'''Access Control for Dynamic Virtual Organisations'''. Duncan Russell, Peter Dew, Karim Djemame Informatics Institute, School of Computing, University of Leeds. UK: Proceedings of the UK e-Science All Hands Meeting 2004. http://www.allhands.org.uk/2004/proceedings/papers/140.pdf and http://www.nesc.ac.uk/events/ahm2004/presentations/140.ppt
Line 76: Line 67:
  '''''General Note'''''/Requirement: [p3] “Authentication is the establishment ''and propagation'' of a user's identity in the system”. This is presented as a definition!  * [[Anchor(Antonioletti)]]'''OGSA-DAI Usage Scenarios and Behaviour: Determining good practice''' Mario Antonioletti EPCC, University of Edinburgh. UK: Proceedings of the UK e-Science All Hands Meeting 2004. http://www.allhands.org.uk/2004/proceedings/papers/266.pdf and http://www.nesc.ac.uk/events/ahm2004/presentations/266.ppt
Line 78: Line 69:
  '''''Implied Requirement''''': Need to support different levels of “trust and responsibility” (and assurance levels).  * '''Enterprise specification of the NERC DataGrid''' Andrew Woolf, CCLRC e-Science Centre et al. (et al includes Ray Cramer2, Marta Gutierrez3, Kerstin Kleese van Dam1, Siva Kondapalli2, Susan Latham3, Bryan Lawrence3, Roy Lowry2, Kevin O’Neill1 where 1CCLRC e-Science Centre, 2British Oceanographic Data Centre, 3British Amospheric Data Centre) UK: Proceedings of the UK e-Science All Hands Meeting 2004. http://www.allhands.org.uk/2004/proceedings/papers/128.pdf and http://www.nesc.ac.uk/events/ahm2004/presentations/128.ppt
Line 80: Line 71:
  '''''Implied Requirement''''': Easy credential management by users (i.e./e.g. transporting their authentication credentials between applications and end-systems).  * '''Towards Understanding Requirements for eScience: the eDiaMoND case study''' *Marina Jirotka, ‡Rob Procter, *Chris Hinds, †Catelijne Coopmans, ‡James Soutter and *Sharon Lloyd (where *Oxford University Computing Laboratory, ‡School of Informatics, University of Edinburgh, †Said Business School, Oxford University). UK: Proceedings of the UK e-Science All Hands Meeting 2004. http://www.allhands.org.uk/2004/proceedings/papers/225.pdf
  * For project notes about this see UsecasesRequirementsediamond
Line 82: Line 74:
  '''''Implied Requirement''''': Support for Secure Roaming [overlaps with the above, really].  * '''Gathering Requirements for an Integrative Biology Project'''. David Gavaghan, Jonathan Whiteley, Joe Pitt-Francis, Mark Slaymaker, Sharon Lloyd (University of Oxford),David Boyd, Damian Mac Randal, Kerstin Kleese van Dam, Lakshmi Sastry (CCLRC) Presented by Sharon Lloyd, University of Oxford. UK: Proceedings of the UK e-Science All Hands Meeting 2004. http://www.allhands.org.uk/submissions/papers/77.pdf and http://www.nesc.ac.uk/events/ahm2004/presentations/77.ppt
  * For project notes about this see UsecasesRequirementsib
Line 84: Line 77:
  '''''Implied Requirement''''': Management of authorisation policies and their distribution  * [[Anchor(GillespieEtAl)]]'''Web-services for the biology community: the BASIS project'''. Gillespie, Colin S. et al (authors from the School of Mathematics & Statistics, and the Henry Wellcome Laboratory for Biogerontology Research, School of Clinical and Medical Sciences-Gerontology, University of Newcastle). UK: Proceedings of the UK e-Science All Hands Meeting 2005, 19th - 22nd September, Nottingham http://www.allhands.org.uk/2005/proceedings/papers/309.pdf
Line 86: Line 79:
  '''''Implied Requirement''''': Authorisation policies must allow for dynamic or short-term groups of users.  * [[Anchor(BirkinEtAl)]]'''MOSES: Modelling and Simulation for e-Social Science'''. Birkin, Mark et al, University of Leeds. UK: Proceedings of the UK e-Science All Hands Meeting 2005, 19th - 22nd September, Nottingham http://www.allhands.org.uk/2005/proceedings/papers/341.pdf
Line 88: Line 81:
  '''''Implied Requirement''''': Need flexible dynamic delegation policies.  * [[Anchor(GeddesEtAl)]]'''NeuroGrid: Collaborative Neuroscience via Grid Computing'''. Geddes, John et al, (authors from Department of Psychiatry, University of Oxford; Oxford University Computing Laboratory; Institute of Neurology, University College London; Centre for Medical Image Computing, University College London; Imaging Sciences Department, Imperial College London; Department of Psychiatry, Edinburgh University; School of Informatics, University of Edinburgh; Division of Stroke Medicine, University of Nottingham; Addenbrookes Hospital, Cambridge). UK: Proceedings of the UK e-Science All Hands Meeting 2005, 19th - 22nd September, Nottingham http://www.allhands.org.uk/2005/proceedings/papers/365.pdf
Line 90: Line 83:
  '''''General Note'''''/Requirement: [p4] “Many e-Science and e-Health applications require fine grained access controls, perhaps administered through a number of different policy authorities and distributed decision points.  * [[Anchor(HobsonEtAl)]]'''GRIDCC - providing a real-time Grid for distributed instrumentation'''. Hobson, Peter R. et al, School of Engineering and Design, Brunel University. (Collaboration between Istituto Nazionale di Fisica Nucleare, Legnaro, Italy; Institute Of Accelerating Systems and Applications, Athens, Greece; Brunel University, Uxbridge; Consorzio Interuniversitario per Telecomunicazioni, Italy; Sincrotrone Trieste S.C.P.A., Trieste, Italy; IBM, Haifa, Israel; Imperial College London; Istituto di Metodologie per l’Analisi ambientale – Consiglio Nazionale delle Ricerche, Potenza, Italy; Universita degli Studi di Udine, Udine, Italy; Greek Research and Technology Network S.A., Athens, Greece). Proceedings of the UK e-Science All Hands Meeting 2005, 19th - 22nd September, Nottingham http://www.allhands.org.uk/2005/proceedings/papers/502.pdf
Line 92: Line 85:
  '''''Implied Requirement''''': Privacy requirement for some applications during the authorisation process.  * [[Anchor(GreenhalghEtAl)]]'''Integrating with the Access Grid: Experiences and Issues'''. Greenhalgh, Chris et al (authors from the School of Computer Science & IT, University of Nottingham; the Department of Computer Science, UCL; and the Department of Computer Science, University of Glasgow). UK: Proceedings of the UK e-Science All Hands Meeting 2005, 19th - 22nd September, Nottingham UK http://www.allhands.org.uk/2005/proceedings/papers/312.pdf
Line 94: Line 87:
  '''''Implied Requirement''''': Auditing: need to be able to generate complete diagnostic trails.  * [[Anchor(BenfordEtAl)]]'''e-Science from the Antarctic to the GRID'''. Benford, Steve et al. UK: Proceedings of UK e-Science All Hands Meeting 2003, 2-4th September, Nottingham, UK.
{{{
xxxx find url
}}}
Line 96: Line 92:
  '''''Implied Requirement''''': Re. above – need to “allow some types of record (e.g. user accountability information) to be obtained securely from other parts of the system and interpreted in a common framework.  * [[Anchor(SteedEtAl)]] '''e-Science in the Streets: Urban Pollution Monitoring''' Steed, Anthony et al. UK: Proceedings of UK e-Science All Hands Meeting 2003, 2-4th September, Nottingham, UK.
{{{
xxxx find url
}}}
Line 98: Line 97:
  '''''Implied Requirement''''': (Some applications) – Privacy of the data subject.  * [[Anchor(ArtsHumVRE)]] '''VREs in the arts and humanities''' Anderson, Sheila (Arts and Humanities Data Service); Dunn, Stuart (AHRC ICT in Arts and Humanities Research Programme); and Hughes, Lorna M. (AHRC ICT Methods Network). UK: Proceedings of the UK e-Science All Hands Meeting 2005, 19th - 22nd September, Nottingham UK http://www.allhands.org.uk/2005/proceedings/papers/323.pdf
Line 100: Line 99:
  '''''Implied Requirement''''': (Some applications) Confidentiality of data (i.e. who can access data at all).  * [[Anchor(MacleodEtAl)]] '''ImpliedVolatilityGrid: Grid Based Integration to Provide On Demand Financial Risk Analyisis'''. Gordon Macleod, Paul Donachy, Terence J. Harmer, Ron H. Perrott (Belfast e-Science Centre, Queen’s University of Belfast); and Brian Conlon, Jonny Press, Felix Lungu (First Derivatives plc). UK: Proceedings of the UK e-Science All Hands Meeting 2005, 19th - 22nd September, Nottingham UK http://www.allhands.org.uk/2005/proceedings/papers/542.pdf
Line 102: Line 101:
  '''''Implied Requirement''''': Signalling of need for (a) privacy and (b) confidentiality when data are passed between systems.  * [[Anchor(AudenEtAl)]] '''eSDO: UK Access to the Solar Dynamics Observatory: Leveraging the UK Virtual Observatory for AIA and HMI Data and Algorithms'''. Elizabeth Auden et al (Authors from Mullard Space Science Laboratory, University College London; Physics Department, University of Birmingham; Rutherford Appleton Laboratory ;Department of Applied Mathematics, University of Sheffield). UK: Proceedings of the UK e-Science All Hands Meeting 2005, 19th - 22nd September, Nottingham UK http://www.allhands.org.uk/2005/proceedings/papers/428.pdf
Line 104: Line 103:
  '''''Implied Requirement''''': Provenance of data (“maintaining the integrity of chains or groups of related data”) whilst in transit and in storage.  * [[Anchor(HarkemaEtAl)]] '''Information Extraction from Clinical Records'''. Henk Harkema et al (Dept of Computer Science, University of Sheffield)]. UK: Proceedings of the UK e-Science All Hands Meeting 2005, 19th - 22nd September, Nottingham UK http://www.allhands.org.uk/2005/proceedings/papers/477.pdf
Line 106: Line 105:
  '''''General Note''''': Trust relationships between organisations are needed for: standards for identifying and managing users, agreements about payments or other boundary settlements, limitations of use etc.
Line 108: Line 106:
  '''''Implied Requirement''''': Policies and parameters that control security (both inside and outside the system) must be able to be changed flexibly and easily. ----
Line 110: Line 108:
  '''''Implied Requirement''''': Mechanisms are required for the agreement and setting of assurance levels for a particular security policy or function. These are needed in both directions (i.e. user to SP and SP to user). == Security - definitions – e.g. what is a grid? ==
Line 112: Line 110:
 1. '''Grid Delegation Protocol''' Ahsant, Basney and Mulmo. UK Workshop on Grid Security Experiences, Oxford. July 2004.
  * Mark:: The authors propose a delegation protocol based on the WS-Trust specification. This may be useful later.		  * '''What is the Grid? A three point checklist'''. !GridToday vol 1 no 6 2002. Ian Foster. http://www.gridtoday.com/02/0722/100136.html
Line 115: Line 112:
 1. '''Constrained delegation in XML-based Access Control and Digital Rights Management Standards''' Navarro et al. Date?[recent].
  * Mark:: The authors propose the extension of SAML to support constrained delegations. Don't really mention grid.		  * '''Characterizing Grids: Attributes, Definitions, and Formalisms'''. Journal of Grid Computing. 1, 9-23, 2003.
Line 118: Line 114:
 1. '''Authorization Glossary'''. GWD-I Category: Informational GGF Working Group on Authorization Frameworks and Mechanisms. Markus Lorch, Virginia Tech Dane Skow, Fermi National Accelerator Laboratory Mary Thompson, Lawrence Berkeley Nat l Laboratory 2004-05-14 GFD.42 http://www.gridforum.org/documents/GWD-I-E/GFD-I.042.pdf  * [[Anchor(BroadfootLowe)]]'''Architectures for secure delegation within grids'''. Programming Research Group Research Report PRG-RR-03-19. Philippa Broadfoot and Gavin Lowe (Oxford University Computing Laboratory), Sept 2003 http://web.comlab.ox.ac.uk/oucl/work/philippa.hopcroft/Papers/PRG-RR-03-19.pdf
Line 120: Line 116:
 1. '''Grid Authentication Profiles'''. Tony J. Genovese. GFD-I, ESnet/LBL Category: Informational Documents CA Operations WG May 15, 2004 http://www.gridforum.org/Meetings/GGF13/Documents/GGF13_Authentication_Profiles_CAOPs-WG.pdf
  *Ivo:: 'Need to be able to define authentication profiles within you certificate and methods of authentications.'		  * [[Anchor(IAPGRID)]]'''Unlocking the ''Grid''''': The report of the Information Age Partnership ''Grid'' Taskforce (February 2004)
  * For project notes about this see DefinitionsUnlockinggrid
Line 123: Line 119:
 1. '''Use of SAML for OGSA Authorization'''. Von Welch, NCSA Rachana Ananthakrishnan, Argonne National Laboratory Frank Siebenlist, Argonne National Laboratory David Chadwick, University of Salford Sam Meder, University of Chicago Laura Pearlman, Information Sciences Institute XXXX ref XXXX  * '''Security, Security, Security'''. !GridToday May 30 2005. Tony Hey. http://news.taborcommunications.com/msgget.jsp?mid=389414&xsl=s...
{{{
xxxx find url
}}}
Line 125: Line 124:
 1. '''Policy Management Authority Model Charter'''. Robert Cowles, SLAC Tony Genovese, ESnet/LBNL Peter Gietz, DAASI Michael Helm, Esnet/LBNL. GFD-C Category: Community Practice Documents CA Operations WG https://forge.gridforum.org/projects/caops-wg/document/Grid_PMA_model_charter/en/1
  * Ivo:: 'A common organizational structure and set of expectations; Central points of contact for different Virtual Organization s (VO s) to interoperate, and provide a medium for discussing and normalizing policy differences between different organizations; manage external relationships and resulting internal changes (or vice versa), reflecting these changes in its CP and CPS document set.'
Line 128: Line 125:
 1. '''OCSP Requirements for Grids''' GFD-C Category: Community Practice Documents CA Operations WG http://www-unix.gridforum.org/mail_archive/caops-wg/2004/09/pdf00000.pdf Ivo: 'need to have a common, simple, robust protocol, for certificates, signatures, CRTs, CRLs query, revocation, conformation etc.' ----
Line 130: Line 127:
 1. [[Anchor(MullenGAAAR)]]'''Grid Authentication Authorization and Accounting Requirements''' Research Document. GWD-C SEC S3A-RG Shawn Mullen, IBM Matt Crawford, FNAL Markus Lorch, VT Dane Skow. https://forge.gridforum.org/projects/saaa-rg/document/Draft_5_of_Requirements_Doc/en/1
  * Mark/Alun:: Used as basis for the requirements process, must/should/may language and comprehensiveness give an indication for requirements across the board.
   * RequirementsDoc: These are the final requirements for Authentication, Authorisation and Accounting on a generic grid as proposed by the ESP-GRID project. They are based heavily upon Shawn Mullen et al's (2004) document on "Grid Authentication, Authorization and Accounting Requirements".
   * Other "requirements" documents (including that of Mullen et al.) make an assumption that PKI is being used throughout (client to site/machine, and machine to machine). We wished to take a step back and write down the requirements (for access management and security) without the assumption that 'client to machine' PKI is already employed.
   * For more detail and justifications of changes made to the original Mullen et al. document, please see RequirementsDocFull. This contains many annotations explaining the difference between the documents. 		== Security – grids ==
 * [[Anchor(neilsonabusecases)]] '''LCG/EGEE Grid Incident Response.''' Ian Neilson, Grid Deployment Group, CERN at the TERENA NRENS-Grids Workshop. May 12 2005, Amsterdam http://www.terena.nl/tech/grid/workshop-01/neilson.ppt
Line 136: Line 130:
  We have copies of both version 4 (Jan 04) and version 5 (May 04). This document cites some grid AAA requirements and is therefore useful. Alun thought that this was the most useful. Very good at defining the problem spaces. Possibly the most like a requirements document that we have come across.
   '''Section 1.2.1:''' The document states that sites will generally make authz decisions on an aggregate basis: on VO membership or group membership. However, at times it will be necessary to set access rights at the granularity of a single user. [There is a little more on this] [[BR]] We should discuss this briefly before concluding that this requirement of each node identifying each (or some) user(s) should not be global. It is a great scalability bottleneck and it is clear that for some applications, it should not be necessary to have the functionality available to carry out this purpose. Nevertheless, this restricted functionality should not in turn restrict the ability to trace a user. For example, pseudonymity would be perfectly reasonable in many cases.		  * [[Anchor(cormackabusecases)]] '''CSIRTs and Grids, Draft v0.3''' Andrew Cormack April 14 2005. http://indico.cern.ch/getFile.py/access?contribId=145&amp;sessionId=33&amp;resId=0&amp;materialId=0&amp;confId=0513
Line 139: Line 132:
   '''Section 2.3.3:''' “Assertions of membership in roles or groups within a VO must be able to be validated by relying parties. Validation of such assertions should not succeed more than 1Ms [One megasecond (1,000,000 seconds): a little less than a fortnight.] after an authority removes the subject's membership.” [[BR]] There must be situations where VO assertions must have to be far more current (i.e. require a look up, and if the look up fails, the user cannot proceed or run/complete the job). This is problematic for the grid where long-running jobs are common.  * [[Anchor(tractabletoolkits)]] '''Towards tractable toolkits for the Grid: a plea for lightweight, usable middleware'''. Jonathan Chin, Peter V. Coveney, Centre for Computational Science, Department of Chemistry, University College London. RealityGrid 2003. http://www.realitygrid.org/lgpaper21.pdf
  * For project notes about this see SecurityTractabletoolkits
Line 141: Line 135:
   '''Section 2.3.5:''' “A user must be able to select and de-select VOs and roles for a specific access [sic]”  * [[Anchor(SRC4E)]]'''Security Research Challenges for e-Science''' Document ''published'' by the UK e-Science Security Task Force (2005)
  * For project notes about this see SecurityResearchchallenges
Line 143: Line 138:
   '''Section 2.6.2:''' Revocation. “It must be possible for the authorized administrators to revoke all of a user's authorizations based on VO membership by removing the user from the VO.” [No time requirement given].  * '''Grid Delegation Protocol''' Ahsant, Basney and Mulmo. UK Workshop on Grid Security Experiences, Oxford. July 2004.
  * For project notes about this see Grid Delegation Protocol
Line 145: Line 141:
   '''Section 2.6.3:''' “Authorization revocation should be done in a time frame consistent with the authentication revocation of 0.1Ms.” [a little more than a day].  * [[Anchor(jiscwebsecurity)]] '''Web Security.''' Andrew Cormack, University of Wales, Cardiff. Report: 006 to JISC, January 1997 http://www.jisc.ac.uk/index.cfm?name=acn_websecurity and http://www.jisc.ac.uk/uploaded_documents/jtap-006.doc
Line 147: Line 143:
   '''Section 2.6.5:''' Providing credentials to service. “The authentication and authorization credentials that a user presents should be made available to the execution environment by something like a gatekeeper or job manager. In other words, the gatekeeper may have passed a request based on the presented credentials, but if this results in delegation of the request, running a job, the authentication/authorization credentials should be made available to the final execution environment via some standard mechanism.”  * [[Anchor(parliamentaryabusecases)]] '''All-party Parliamentary Internet Group.''' Minutes of proceedings at a Parliamentary hearing held in Room 19 Committee Corridor on Thursday 29 April 2004 Before: Mr Richard Allan (Chairman), Earl of Erroll, Earl of Northesk, Brian White, Derek Wyatt. http://www.apig.org.uk/Oral%20Evidence%20Transcript.doc
Line 149: Line 145:
  There is more in this document than has been pulled out for these notes here. I (MN) suggest that the ESP-GRID architect uses the requirements given in this document as a starting point, but only after we have modified a few and possibly added a few for privacy and confidentiality.   * '''CampusGrid Workshop.''' Paul Jeffreys and Peter Clarke June 16/17 2005 NeSC. http://www.nesc.ac.uk/talks/556/CampusGrid1617June2005b.pdf
   * For project notes about these see SecurityParliamentaryinternetgroup
Line 151: Line 148:
 1. '''Conceptual Grid Authorization Framework and Classification'''. GWD-I, Category Informational, GGF Working Group on Authorization Frameworks and Mechanisms , Markus Lorch (Editor), Virginia Tech Bob Cowles (Co-Editor), Stanford Linear Accelerator Center Rich Baker, Brookhaven National Laboratory Leon Gommans, University of Amsterdam Paul Madsen, Entrust Andrew McNab, University of Manchester Lavanya Ramakrishnan, CNIDR/MCNC Krishna Sankar, Cisco Systems Inc. Dane Skow, Fermi National Accelerator Laboratory. Mary R. Thompson, Lawrence Berkeley National Laboratory http://www.globalgridforum.org/documents/GWD-I-E/GFD-I.038.pdf  * '''Constrained delegation in XML-based Access Control and Digital Rights Management Standards''' Navarro et al. Date?[recent].
Line 153: Line 150:
 1. '''Security Implications of Typical Grid Computing Usage Scenarios'''. GFD-I.12 Security Working Grou, Marty Humphrey University of Virginia Mary Thompson Lawrence Berkeley National Laboratory October 2000 http://www.globalgridforum.org/documents/GFD/GFD-I.12.pdf  * '''Authorization Glossary'''. GWD-I Category: Informational GGF Working Group on Authorization Frameworks and Mechanisms. Markus Lorch, Virginia Tech Dane Skow, Fermi National Accelerator Laboratory Mary Thompson, Lawrence Berkeley Nat l Laboratory 2004-01-23 GFD.42 http://www.gridforum.org/documents/GWD-I-E/GFD-I.042.pdf
Line 155: Line 152:
 1. '''An Analysis of the UNICORE Security Model'''. Grid Certificate Policy WG, T. Goss-Walter, Deutscher Wetterdienst R. Letz, Deutscher Wetterdienst Dr. T. Kentemich, Pallas GmbH H.-C. Hoppe, Pallas GmbH P. Wieder, Forschungszentrum J�lich July 2003. http://www.globalgridforum.org/documents/GFD/GFD.18.pdf
  * Ivo:: 'job authentication and secure transmission of data.'		  * '''Grid Authentication Profiles'''. Tony J. Genovese. GFD-I, ESnet/LBL Category: Informational Documents CA Operations WG May 15, 2004 http://www.gridforum.org/Meetings/GGF13/Documents/GGF13_Authentication_Profiles_CAOPs-WG.pdf
Line 158: Line 154:
 1. [[Anchor(BroadfootLowe)]]'''Architectures for secure delegation within grids'''. Programming Research Group Research Report PRG-RR-03-19. Philippa Broadfoot and Gavin Lowe (Oxford University Computing Laboratory), Sept 2003 http://web.comlab.ox.ac.uk/oucl/work/philippa.hopcroft/Papers/PRG-RR-03-19.pdf
  * Mark:: Philippa Broadfoot (now Hopcroft) and Gavin Lowe's paper on secure delegation within grids (2003) is good for definitions of grid computing etc., and very readable. However, it is not very widely published (but available on-line - so referenceable).		  * '''Use of SAML for OGSA Authorization'''. Von Welch, NCSA Rachana Ananthakrishnan, Argonne National Laboratory Frank Siebenlist, Argonne National Laboratory David Chadwick, University of Salford Sam Meder, University of Chicago Laura Pearlman, Information Sciences Institute
{{{
xxxx find url
}}}
Line 161: Line 159:
 1. [[Anchor(WelchOGSAR)]]'''OGSA authorization requirements''', GWD-I (proposed). Von Welch, University of Chicago; Frank Siebenlist, Argonne National Laboratory; David Chadwick, University of Salford; Sam Meder, University of Chicago; Laura Pearlman, Information Science Institute; GGF June 2003.http://www.globus.org/ogsa/Security/authz/OGSA-authorization-requirements-june3.doc.
  * Mark/Alun:: AuthZ requirements and definitions, use cases also.		  * '''Policy Management Authority Model Charter'''. Robert Cowles, SLAC Tony Genovese, ESnet/LBNL Peter Gietz, DAASI Michael Helm, Esnet/LBNL. GFD-C Category: Community Practice Documents CA Operations WG https://forge.gridforum.org/projects/caops-wg/document/Grid_PMA_model_charter/en/1
Line 164: Line 161:
 1. '''Security architecture for open Grid Services and related developments'''. GGF5 and follow-on developments overview. Working draft version 0.9. Yuri Demchenko, October 2, 2002. http://www.terena.nl/tech/grid/docs/ggf5ogsa-security.html
  * Mark:: useful architecture design. This will be very useful for a technical reader. Possibly our 'architect'. Especially part 2: “Mapping AAA architecture to WS and WS/OGSA...”		  * '''OCSP Requirements for Grids''' GFD-C Category: Community Practice Documents CA Operations WG http://www-unix.gridforum.org/mail_archive/caops-wg/2004/09/pdf00000.pdf Ivo:
Line 167: Line 163:
 1. '''Enterprise specification of the NERC DataGrid''' Andrew Woolf, CCLRC e-Science Centre et al.
  * Alun:: to follow up this and find full report as well as references 14-15. At AHM 2004 http://www.nesc.ac.uk/events/ahm2004/presentations/128.ppt		  * [[Anchor(MullenGAAAR)]]'''Grid Authentication Authorization and Accounting Requirements''' Research Document. GWD-C SEC S3A-RG Shawn Mullen, IBM Matt Crawford, FNAL Markus Lorch, VT Dane Skow. https://forge.gridforum.org/projects/saaa-rg/document/Draft_5_of_Requirements_Doc/en/1
   * For project notes about these see SecurityGridaaa
Line 170: Line 166:
 1. '''What is the Grid? A three point checklist'''. GridToday vol 1 no 6 2002. Ian Foster. http://www.gridtoday.com/02/0722/100136.html Alun: to follow up this and find full report.  * '''Conceptual Grid Authorization Framework and Classification'''. GWD-I, Category Informational, GGF Working Group on Authorization Frameworks and Mechanisms , Markus Lorch (Editor), Virginia Tech Bob Cowles (Co-Editor), Stanford Linear Accelerator Center Rich Baker, Brookhaven National Laboratory Leon Gommans, University of Amsterdam Paul Madsen, Entrust Andrew McNab, University of Manchester Lavanya Ramakrishnan, CNIDR/MCNC Krishna Sankar, Cisco Systems Inc. Dane Skow, Fermi National Accelerator Laboratory. Mary R. Thompson, Lawrence Berkeley National Laboratory http://www.globalgridforum.org/documents/GWD-I-E/GFD-I.038.pdf
Line 172: Line 168:
 1. '''Characterizing Grids: Attributes, Definitions, and Formalisms'''. J. Grid Comp. 1, 9-23, 2003.
  * Alun:: to follow up this and find full report.		  * '''Security Implications of Typical Grid Computing Usage Scenarios'''. GFD-I.12 Security Working Grou, Marty Humphrey University of Virginia Mary Thompson Lawrence Berkeley National Laboratory October 2000 http://www.globalgridforum.org/documents/GFD/GFD-I.12.pdf
Line 175: Line 170:
 1. [[Anchor(eIRG551)]]'''eInfrastructure Reflection Group White Paper Version 5.51''' 13 April 2004
  * Alun:: Use Cases section 4, must follow up to get URL		  * '''An Analysis of the UNICORE Security Model'''. Grid Certificate Policy WG, T. Goss-Walter, Deutscher Wetterdienst R. Letz, Deutscher Wetterdienst Dr. T. Kentemich, Pallas GmbH H.-C. Hoppe, Pallas GmbH P. Wieder, Forschungszentrum J�lich July 2003. http://www.globalgridforum.org/documents/GFD/GFD.18.pdf
Line 178: Line 172:
 1. '''European leadership in e-Science and Grids'''. eInfrastructure Reflection Group White Paper Version 2.0-pre 16 November 2004. eIRG-Den-Haag-v2.0-pre-accepted.doc
  * Mark:: ignore for now.		  * [[Anchor(WelchOGSAR)]]'''OGSA authorization requirements''', GWD-I (proposed). Von Welch, University of Chicago; Frank Siebenlist, Argonne National Laboratory; David Chadwick, University of Salford; Sam Meder, University of Chicago; Laura Pearlman, Information Science Institute; GGF June 2003.http://www.globus.org/ogsa/Security/authz/OGSA-authorization-requirements-june3.doc.
Line 181: Line 174:
 1. [[Anchor(NagaratnamSOGS)]]'''The Security for Open Grid Services''' July 17 2002, Version 1. Nataraj Nagaratnam (IBM Corporation), Phillipe Janson (IBM Corporation), John Dayka (IBM Corporation), Anthony Nadalin (IBM Corporation), Frank Siebenlist (Argonne National Laboratory), Von Welch (University of Chicago), Ian Foster (Arg onne National Laboratory and University of Chicago), Steve Tuecke (Argonne National Laboratory)
  * Mark:: Alun has read this. Good general requirements. Has use cases (“use patterns”) as well. The use cases are good for the customer-service provider models and the scenarios where an intermediary is used.		  * '''Security architecture for open Grid Services and related developments'''. GGF5 and follow-on developments overview. Working draft version 0.9. Yuri Demchenko, October 2, 2002. http://www.terena.nl/tech/grid/docs/ggf5ogsa-security.html
Line 184: Line 176:
 1. '''Security, Security, Security'''. GridToday May 30 2005. Tony Hey. http://news.taborcommunications.com/msgget.jsp?mid=389414&xsl=s...
  * Mark:: definitions
  * Alun:: must find Frank Siebenlist Globus GT4 security architecture, find town meeting presentation? Find full URL for this article.		  * [[Anchor(CornwallEtAl)]]'''EU DataGrid and GridPP Authorization and Access Control'''. L. Cornwall, J. Jensen (CLRC), D. Kelsey (CLRC), A. McNab (Schuster Laboratory, University of Manchester). Proceedings of UK e-Science All Hands Meeting 2003, 2-4th September, Nottingham, UK. http://www.nesc.ac.uk/events/ahm2003/AHMCD/pdf/095.pdf
Line 188: Line 178:
 1. [[Anchor(FosterOGSAUC)]]'''Open Grid Services Architecture Use Cases GFD-I.029'''. Editors: Ian Foster Argonne and University of Chicago), D. Gannon (Indiana University), H. Kishimoto (Fujitsu), Jeffrin J. Von Reich (Hewlett Packard), October 28 2004. http://www.gridforum.org/documents/GWD-I-E/GFD-I.029v2.pdf
  * Mark:: this has the 2 routes, '''must use in report'''. Large document with lots of use cases. Use this to bolster our set of use cases. ''N.B. Google for this as there may be different versions of this around the place.''		  * [[Anchor(Chadwick)]]'''An Authorisation Interface for the GRID'''. D.W.Chadwick, University of Salford. Proceedings of UK e-Science All Hands Meeting 2003, 2-4th September, Nottingham, UK. http://www.nesc.ac.uk/events/ahm2003/AHMCD/pdf/162.pdf
Line 191: Line 180:
 1. [[Anchor(ACES)]]'''Security Requirements of Advanced Collaborative Environments (ACEs)''' GFD-I.043. D. Agarwal (Lawrence Berkeley National Laboratory), B. Corrie (Simon Fraser University), J. Leigh (Univeristy of Illinois at Chicago), M. Lorch (Virginia Tech), J. Myers (Pacific Northwest National Laboratory), R. Olson (Argonne National Laboratory), M.E. Papka (Argonne National Laboratory), M. Thompson (Lawrence Berkeley National Laboratory). December 22 2004.
  * Mark:: use cases and background documentation. The earlier document contains use cases and risk analyses.		  * [[Anchor(SinnottEtAl)]]'''Bridges: Security Focused Integration of Distributed Biomedical Data'''. Dr Richard Sinnott, Prof David Gilbert, Dr David Berry, Dr Ela Hunt, Prof Malcolm Atkinson National e-Science Centre. Proceedings of UK e-Science All Hands Meeting 2003, 2-4th September, Nottingham, UK. http://www.nesc.ac.uk/events/ahm2003/AHMCD/pdf/078.pdf
Line 194: Line 182:
 1. '''Advanced Collaborative Environments (ACE)'''. Research Group at Global Grid Forum 5 July 22-24 2002. http://calder.ncsa.uiuc.edu/ACE-grid/2002-07-22_GGF5/docs.html
  * Mark/Alun:: feeds into ACEs doc, must read all links for Use Cases
 
 1. All Hands Meeting Publications 2003 and 2004 and 2005 http://www.nesc.ac.uk/events/ahm2003/AHMCD/ and http://www.allhands.org.uk/2004/proceedings/ and http://www.allhands.org.uk/2005/proceedings/
  1. [[Anchor(CornwallEtAl)]]'''EU DataGrid and GridPP Authorization and Access Control'''. L. Cornwall, J. Jensen (CLRC), D. Kelsey (CLRC), A. McNab (Schuster Laboratory, University of Manchester) All Hands Meeting Publications 2004 http://www.nesc.ac.uk/events/ahm2003/AHMCD/pdf/095.pdf
   * Ivo:: 'PKI based; Virtual Organisation for resouces, and users, VO membership lists; attribute certificates; Fine grained access control, dynamically allocated user IDs on local systems'
  1. [[Anchor(Chadwick)]]'''An Authorisation Interface for the GRID'''. D.W.Chadwick, University of Salford All Hands Meeting Publications 2004 http://www.nesc.ac.uk/events/ahm2003/AHMCD/pdf/162.pdf
   * Ivo:: 'separate authentication and authorisation; plug and play authorisation functionality; need to have standartisaton on authorisation'
  1. [[Anchor(SinnottEtAl)]]'''Bridges: Security Focused Integration of Distributed Biomedical Data'''. Dr Richard Sinnott, Prof David Gilbert, Dr David Berry, Dr Ela Hunt, Prof Malcolm Atkinson National e-Science Centre. All Hands Meeting Publications 2004 http://www.nesc.ac.uk/events/ahm2003/AHMCD/pdf/078.pdf
   * Ivo:: 'No requirements, only descrbe what is used d(CAS, Akenti, VOMS, VOM, etc'
  1. [[Anchor(ManandharEtAl)]]'''GRID Authorization Framework for CCLRC Data Portal'''. Ananta Manandhar, Glen Drinkwater, Richard Tyer, Kerstin Kleese CCLRC Daresbury Laboratory. All Hands Meeting Publications 2004 http://www.nesc.ac.uk/events/ahm2003/AHMCD/pdf/118.pdf
   * Mark:: Mentions the 3 primary AuthZ frameworks: Community AuthZ Service (CAS) from the Globus project, Virtual Organization Management System (VOMS) from the EU Data grid project and PERMIS with respect to a "Grid Authorization Framework for CCLRC Data Portal".
   * Ivo:: 'Analysing the structure of the resource providers and the future directions it is heading, it is seen that the important requirement to the Authorization infrastructure are that it has to be: Scalable It is quite inevitable that as organizations start collaborating more there would be an increase in users accessing their resources. The organizations need be able to scale up the number of users or resources without much additional administration overhead for them to be able to enjoy collaboration; Manageable Adding or removing users or resources to the system or modifying user privileges to the resources need to be kept simple and intuitive for the organizations so that the overhead for collaboration does not increase. Also keeping users privileges manageable keeps the system more consistent and up to date, making them reliable; Preferably under the control of the resource end When it comes to the issue of security, organizations are wary of external parties accessing their resources. Organizations would prefer to have control over who have access over their data and up to what degree. They are not yet ready to trust third party organizations in authorizing their resources and prefer to keep control over their resources to keep them reliable; Minimum intervention at the Data Portal layer As the Data Portal is a broker application between users and resource, it is best to pull authentication and authorization information from the resource provider s trusted bodies and have Data Portal forward it to the resource provider along with the request. This keeps Data Portal away from being an addition point of security consideration; Ability to utilize existing Access Control Models Much of the data are stored in file systems, databases or other system which already have an elaborate access control features and many resources present already utilize these existing access control features in managing the level of information that need to be returned. It seems best to integrate the authorization information along with these access control mechanism in providing the level of information to be returned; Ability to integrate with GSI The GSI is the standard means of authenticating users in the e-science community. It provides a trusted mechanism in authenticating users and delegating authentication rights. It would be useful for the authorization system to use GSI as the authentication mechanism; Future integration capabilities with other Grid related applications Users accessing data resources via the Data Portal may like to use other Grid applications such as the HPC portal [10,11] in conjunction. For example a user may retrieve a certain data set via the data portal and may then submit a job on the HPC portal. It would be easy for the user to do such operations if different Grid applications use the similar authentication and authorization strategies.
  1. [[Anchor(KalraEtAl)]]'''Security and confidentiality approach for the Clinical E-Science Framework (CLEF)'''. D Kalra (Centre for Health Informatics and Multiprofessional Education (CHIME) University College London), P Singleton (Centre for Health Informatics and Multiprofessional Education (CHIME) University College London) (Judge Institute, University of Cambridge), D Ingram (Centre for Health Informatics and Multiprofessional Education (CHIME) University College London), J Milan (Royal Marsden NHS Trust), J MacKay (The Genetics Unit, Institute of Child Health, University College London), D Detmer (Judge Institute, University of Cambridge), A Rector (Department of Computer Science, University of Manchester) d.kalra@chime.ucl.ac.uk. All Hands Meeting Publications 2004 http://www.clinical-escience.org http://www.nesc.ac.uk/events/ahm2003/AHMCD/pdf/160.pdf
   * Ivo:: 'Data confidentiality and pseudonimity.'
   * Mark:: Pseudonymised repository of histories of cancer patients that can be accessed by researchers.
  1. [[Anchor(RussellEtAl)]]'''Access Control for Dynamic Virtual Organisations'''. Duncan Russell, Peter Dew, Karim Djemame Informatics Institute, School of Computing, University of Leeds. All Hands Meeting Publications 2004 http://www.allhands.org.uk/2004/proceedings/papers/140.pdf and http://www.nesc.ac.uk/events/ahm2004/presentations/140.ppt
   * Ivo:: 'Highly distributed teams and end resources; Distributed access control; Collaborating VOs; Real time data access and ability to search through historical records; Service level access control of stateful services; Automated VO management.'
  1. [[Anchor(Beckles)]]'''Removing digital certificates from the end-user s experience of grid environments'''. Bruce Beckles University of Cambridge Computing Service. All Hands Meeting Publications 2004 http://www.allhands.org.uk/2004/proceedings/papers/250.pdf and http://www.allhands.org.uk/2004/proceedings/papers/250.pdf
   * Ivo:: 'No digital certificates in user experience, i.e ease of use; No manual interaction of users with digital certificates'
  1. [[Anchor(Pahwaetal)]]'''Supporting Collaborative Virtual Organisations in the Construction Industry via the Grid'''. J.S. Pahwa, P. Burnap, L. Joita, W.A.Gray, O.F.Rana, John Miles, COllaborative VIrtual TEams (COVITE) Project. http://www.allhands.org.uk/2004/proceedings/papers/182.pdf and http://www.nesc.ac.uk/events/ahm2004/presentations/182.ppt
   * Alun:: Construction industry '''Use case'''? for PSCD application – Grid-enabled data management tool that provides the data structure for storing and retrieving information across a number of product suppliers' databases
  1. [[Anchor(Antonioletti)]]'''OGSA-DAI Usage Scenarios and Behaviour: Determining good practice''' Mario Antonioletti EPCC, University of Edinburgh http://www.allhands.org.uk/2004/proceedings/papers/266.pdf and http://www.nesc.ac.uk/events/ahm2004/presentations/266.ppt
   * Alun:: '''Use cases''' of current uses of OGSA-DAI.
  1. '''Enterprise specification of the NERC DataGrid''' Andrew Woolf, CCLRC e-Science Centre et al. (et al includes Ray Cramer2, Marta Gutierrez3, Kerstin Kleese van Dam1, Siva Kondapalli2, Susan Latham3, Bryan Lawrence3, Roy Lowry2, Kevin O’Neill1 where 1CCLRC e-Science Centre, 2British Oceanographic Data Centre, 3British Amospheric Data Centre) http://www.allhands.org.uk/2004/proceedings/papers/128.pdf and http://www.nesc.ac.uk/events/ahm2004/presentations/128.ppt
   * Alun:: to follow up this and find full report as well as references 14-15 of print version.
  1. '''Towards Understanding Requirements for eScience: the eDiaMoND case study''' *Marina Jirotka, ‡Rob Procter, *Chris Hinds, †Catelijne Coopmans, ‡James Soutter and *Sharon Lloyd (where *Oxford University Computing Laboratory, ‡School of Informatics, University of Edinburgh, †Said Business School, Oxford University) http://www.allhands.org.uk/2004/proceedings/papers/225.pdf and
   * Alun:: '''eHealth Use Case''' (complex collaborative domain, diverse range of professional expertise, volatile organisational issues, focussing on work practices, organisational issues... Understanding of work flow, collaborative practices and everyday work of clinicians, techniques to inform design of eScience technologies, transforming the eScience vision of sharing data) More lessons learned: (Don’t ignore previous research in areas such as Computer Supported Cooperative Work (CSCW) regarding global collaboration and virtual organisations) New issues in eScience: Scale and expertise needed for global collaboration - CSCW, Practical implications from studies of science and scientific knowledge (SSK), Development models and requirements for eScience)
  1. '''Gathering Requirements for an Integrative Biology Project'''. David Gavaghan, Jonathan Whiteley, Joe Pitt-Francis, Mark Slaymaker, Sharon Lloyd (University of Oxford),David Boyd, Damian Mac Randal, Kerstin Kleese van Dam, Lakshmi Sastry (CCLRC) Presented by Sharon Lloyd, University of Oxford http://www.allhands.org.uk/submissions/papers/77.pdf and http://www.nesc.ac.uk/events/ahm2004/presentations/77.ppt
   * Alun:: '''Use Cases and Requirements issues discussed, such as collaboration or competition in the future grid???''' Interesting findings include: 1. User Fear (Whilst it is considered poor practise to build systems which the developers think are suitable for users without determining the needs, we have experienced a sense of either fear or "I don’t want to be the first" in providing information.) 2. Difficulty in expressing scientific process. (In all but 1 case, the process resulted in the requirements capture resources writing the scenarios for the user. Often these did not result in scenarios as expected but a transcript of domain understanding. e.g. Code developed by Alan Garny in Physiology.); 3. Collaboration or competition? (Our vision of researchers working collaboratively differs hugely from the collaborative work which exists globally at present. There are social as well as technical barriers to overcome. Clearly security of data and models will be a key aspect of building a system which is trusted by the user community); 4. Users think they have no assets (Security analysis problematic as users do not identify anything they have as assets until you suggest removing them!)
  1. [[Anchor(GillespieEtAl)]]'''Web-services for the biology community: the BASIS project'''. Gillespie, Colin S. et al (authors from the School of Mathematics & Statistics, and the Henry Wellcome Laboratory for Biogerontology Research, School of Clinical and Medical Sciences-Gerontology, University of Newcastle). UK: Proceedings of the UK e-Science All Hands Meeting 2005, 19th - 22nd September, Nottingham http://www.allhands.org.uk/2005/proceedings/papers/309.pdf
  1. [[Anchor(BirkinEtAl)]]'''MOSES: Modelling and Simulation for e-Social Science'''. Birkin, Mark et al, University of Leeds. UK: Proceedings of the UK e-Science All Hands Meeting 2005, 19th - 22nd September, Nottingham http://www.allhands.org.uk/2005/proceedings/papers/341.pdf
  1. [[Anchor(GeddesEtAl)]]'''NeuroGrid: Collaborative Neuroscience via Grid Computing'''. Geddes, John et al, (authors from Department of Psychiatry, University of Oxford; Oxford University Computing Laboratory; Institute of Neurology, University College London; Centre for Medical Image Computing, University College London; Imaging Sciences Department, Imperial College London; Department of Psychiatry, Edinburgh University; School of Informatics, University of Edinburgh; Division of Stroke Medicine, University of Nottingham; Addenbrookes Hospital, Cambridge). UK: Proceedings of the UK e-Science All Hands Meeting 2005, 19th - 22nd September, Nottingham http://www.allhands.org.uk/2005/proceedings/papers/365.pdf
  1. [[Anchor(HobsonEtAl)]]'''GRIDCC - providing a real-time Grid for distributed instrumentation'''. Hobson, Peter R. et al, School of Engineering and Design, Brunel University. (Collaboration between Istituto Nazionale di Fisica Nucleare, Legnaro, Italy; Institute Of Accelerating Systems and Applications, Athens, Greece; Brunel University, Uxbridge; Consorzio Interuniversitario per Telecomunicazioni, Italy; Sincrotrone Trieste S.C.P.A., Trieste, Italy; IBM, Haifa, Israel; Imperial College London; Istituto di Metodologie per l’Analisi ambientale – Consiglio Nazionale delle Ricerche, Potenza, Italy; Universita degli Studi di Udine, Udine, Italy; Greek Research and Technology Network S.A., Athens, Greece). Proceedings of the UK e-Science All Hands Meeting 2005, 19th - 22nd September, Nottingham http://www.allhands.org.uk/2005/proceedings/papers/502.pdf
  1. [[Anchor(GreenhalghEtAl)]]'''Integrating with the Access Grid: Experiences and Issues'''. Greenhalgh, Chris et al (authors from the School of Computer Science & IT, University of Nottingham; the Department of Computer Science, UCL; and the Department of Computer Science, University of Glasgow). UK: Proceedings of the UK e-Science All Hands Meeting 2005, 19th - 22nd September, Nottingham UK http://www.allhands.org.uk/2005/proceedings/papers/312.pdf
  1. [[Anchor(BenfordEtAl)]]'''e-Science from the Antarctic to the GRID'''. Benford, Steve et al (XXXX delete from Neil Crout, John Crowe, Stefan Egglestone, Malcom Foster, Chris Greenhalgh, Alastair Hampshire, Barrie Hayes-Gill, Jan Humble, Alex Irune, Johanna Laybourn-Parry, Ben Palethorpe, Timothy Reid, Mark Sumner), Proceedings of UK e-Science All Hands Meeting 2003, 2-4th September, Nottingham, UK XXXX url
  1. [[Anchor(SteedEtAl)]] '''e-Science in the Streets: Urban Pollution Monitoring''' Steed, Anthony et al, Proceedings of UK e-Science All Hands Meeting 2003, 2-4th September, Nottingham, UK XXXX url
  1. [[Anchor(ArtsHumVRE)]] '''VREs in the arts and humanities''' Anderson, Sheila (Arts and Humanities Data Service); Dunn, Stuart (AHRC ICT in Arts and Humanities Research Programme); and Hughes, Lorna M. (AHRC ICT Methods Network). UK: Proceedings of the UK e-Science All Hands Meeting 2005, 19th - 22nd September, Nottingham UK http://www.allhands.org.uk/2005/proceedings/papers/323.pdf
  1. [[Anchor(MacleodEtAl)]] '''ImpliedVolatilityGrid: Grid Based Integration to Provide On Demand Financial Risk Analyisis'''. Gordon Macleod, Paul Donachy, Terence J. Harmer, Ron H. Perrott (Belfast e-Science Centre, Queen’s University of Belfast); and Brian Conlon, Jonny Press, Felix Lungu (First Derivatives plc). UK: Proceedings of the UK e-Science All Hands Meeting 2005, 19th - 22nd September, Nottingham UK http://www.allhands.org.uk/2005/proceedings/papers/542.pdf
  1. [[Anchor(AudenEtAl)]] '''eSDO: UK Access to the Solar Dynamics Observatory: Leveraging the UK Virtual Observatory for AIA and HMI Data and Algorithms'''. Elizabeth Auden et al (Authors from Mullard Space Science Laboratory, University College London; Physics Department, University of Birmingham; Rutherford Appleton Laboratory ;Department of Applied Mathematics, University of Sheffield). UK: Proceedings of the UK e-Science All Hands Meeting 2005, 19th - 22nd September, Nottingham UK http://www.allhands.org.uk/2005/proceedings/papers/428.pdf
  1. [[Anchor(HarkemaEtAl)]] '''Information Extraction from Clinical Records'''. Henk Harkema et al (Dept of Computer Science, University of Sheffield)]. UK: Proceedings of the UK e-Science All Hands Meeting 2005, 19th - 22nd September, Nottingham UK http://www.allhands.org.uk/2005/proceedings/papers/477.pdf		  * [[Anchor(ManandharEtAl)]]'''GRID Authorization Framework for CCLRC Data Portal'''. Ananta Manandhar, Glen Drinkwater, Richard Tyer, Kerstin Kleese CCLRC Daresbury Laboratory. Proceedings of UK e-Science All Hands Meeting 2003, 2-4th September, Nottingham, UK. http://www.nesc.ac.uk/events/ahm2003/AHMCD/pdf/118.pdf
 * For project notes about these see SecuritygridAuthorizationframework

 * [[Anchor(Beckles)]]'''Removing digital certificates from the end-user s experience of grid environments'''. Bruce Beckles University of Cambridge Computing Service. UK: Proceedings of the UK e-Science All Hands Meeting 2004. http://www.allhands.org.uk/2004/proceedings/papers/250.pdf

xxxx Note for Mark and Alun <:(

  • This page needs a final proof-read = MN?.
  • The references should be re-ordered in their sections so that the top priority refs are listed at the top of each section, AE and MN to identify the priority ones.
  • First attempt at grouping the references by subject, MN to suggest further sub-division by subject and/or better subjects!
  • Also still needs some URLs to be found by AE
  • Also need to add references for Usability conference, and University of Oxford ICT Strategy presentations and many many more = AE and MN.
  • AE will attend to this after Evaluation pages are signed off.

  • ONLY one action for Mark included for the final report – e.g. recording where n. MUST be in the report etc.

Citations for all the articles used:

Security – grid use-cases

xxxx action for final report then please delete this note:: this has the 2 routes, “must use in report”.  Large document with lots of use cases.  Use this to bolster our set of use cases.  ''N.B. Google for this as there may be different versions of this around the place.''

  • Anchor(ACES)Security Requirements of Advanced Collaborative Environments (ACEs) GFD-I.043. D. Agarwal (Lawrence Berkeley National Laboratory), B. Corrie (Simon Fraser University), J. Leigh (Univeristy of Illinois at Chicago), M. Lorch (Virginia Tech), J. Myers (Pacific Northwest National Laboratory), R. Olson (Argonne National Laboratory), M.E. Papka (Argonne National Laboratory), M. Thompson (Lawrence Berkeley National Laboratory). December 22 2004.

  • Advanced Collaborative Environments (ACE). Research Group at Global Grid Forum 5 July 22-24 2002. http://calder.ncsa.uiuc.edu/ACE-grid/2002-07-22_GGF5/docs.html

  • Anchor(AccessGrid) The Access Grid Project http://www.accessgrid.org/

  • Anchor(GrenhalghEquip)Equip: An Extensible Platform For Distributed Collaboration. Greenhalgh, Chris. Proceedings from Workshop on Advanced Collaborative Technologies (WACE) 2002, Edinburgh 

 '''xxxx find url'''

xxxx find url

xxxx find url

  • Anchor(SteedEtAl) e-Science in the Streets: Urban Pollution Monitoring Steed, Anthony et al. UK: Proceedings of UK e-Science All Hands Meeting 2003, 2-4th September, Nottingham, UK. 

xxxx find url

  • Anchor(ArtsHumVRE) VREs in the arts and humanities Anderson, Sheila (Arts and Humanities Data Service); Dunn, Stuart (AHRC ICT in Arts and Humanities Research Programme); and Hughes, Lorna M. (AHRC ICT Methods Network). UK: Proceedings of the UK e-Science All Hands Meeting 2005, 19th - 22nd September, Nottingham UK http://www.allhands.org.uk/2005/proceedings/papers/323.pdf

  • Anchor(MacleodEtAl) ImpliedVolatilityGrid: Grid Based Integration to Provide On Demand Financial Risk Analyisis. Gordon Macleod, Paul Donachy, Terence J. Harmer, Ron H. Perrott (Belfast e-Science Centre, Queen’s University of Belfast); and Brian Conlon, Jonny Press, Felix Lungu (First Derivatives plc). UK: Proceedings of the UK e-Science All Hands Meeting 2005, 19th - 22nd September, Nottingham UK http://www.allhands.org.uk/2005/proceedings/papers/542.pdf

  • Anchor(AudenEtAl) eSDO: UK Access to the Solar Dynamics Observatory: Leveraging the UK Virtual Observatory for AIA and HMI Data and Algorithms. Elizabeth Auden et al (Authors from Mullard Space Science Laboratory, University College London; Physics Department, University of Birmingham; Rutherford Appleton Laboratory ;Department of Applied Mathematics, University of Sheffield). UK: Proceedings of the UK e-Science All Hands Meeting 2005, 19th - 22nd September, Nottingham UK http://www.allhands.org.uk/2005/proceedings/papers/428.pdf

  • Anchor(HarkemaEtAl) Information Extraction from Clinical Records. Henk Harkema et al (Dept of Computer Science, University of Sheffield)]. UK: Proceedings of the UK e-Science All Hands Meeting 2005, 19th - 22nd September, Nottingham UK http://www.allhands.org.uk/2005/proceedings/papers/477.pdf

Security - definitions – e.g. what is a grid?

xxxx find url

Security – grids

xxxx find url