Updated mandate for the Joint Security Policy Group (JSPG) ---------------------------------------------------------- V3 29 May 2008 JSPG is jointly owned by and makes recommendations to both WLCG and EGEE, its primary stakeholders. Policy prepared for WLCG is designed to be applied to all of its Grid infrastructures in so far as this relates to WLCG activities. In addition to EGEE, this means subsets of OSG, NDGF and other national Grids and/or individual Grid sites which participate in the WLCG collaboration. The most important JSPG activity is that it prepares and maintains security policies for its primary stakeholders. It is also able to provide policy advice on any security matter. The topics and issues can be specified either by the stakeholders or by JSPG itself. Priority will be given to issues relevant to the primary stakeholders. JSPG may create special focussed sub-groups to tackle specific issues. JSPG should, wherever possible, aim to prepare simple and general policies which are not only applicable to the primary stakeholders but that are also of use to other Grid infrastructures (NGI's etc). The adoption of common policies by multiple Grids can ease the problems of interoperability. JSPG deliberations happen by face to face meetings, phone/video conferences or by the JSPG mailing list. The membership of JSPG and its mailing list is determined by the chair of JSPG in consultation with the management of the primary stakeholders. JSPG should aim to have sufficient membership to include site security officers, site system administrators, Grid operational experts, middleware experts and members from the larger VOs. Members from other Grids are particularly welcome and are encouraged to request to join. JSPG does not formally approve or adopt policies or advice. This is the responsibility of the stakeholder management bodies. The members of JSPG are treated as individual experts who do not formally represent any constituency. Individual members of JSPG agreeing to proposed policy does not imply automatic approval by their own Grid or organisation.