Worker Node security discussion - Pre-GDB day

513-1-24 (CERN)



  • Adrian Casajus
  • Antonio Perez Perez
  • Claudio Grandi
  • David Crooks
  • David Kelsey
  • Davide Salomoni
  • Gonzalo Merino
  • Jeff Templon
  • Joel Closier
  • John Gordon
  • John White
  • Maarten Litmaath
  • Michel Jouvin
  • Romain Wartel
  • Tony Cass
  • Ulrich Schwickerath
  • Vincenzo Ciaschini
  • Yannick Patois
    • 09:30 09:45

      Wireless, emails, welcome.

    • 09:45 10:30
      Security controls - blocking/banning/revocation

      Assuming that gLexec (or similar) is deployed, this session is discussing the implementation of security controls (e.g. blocking/banning end users, credential revocation) and who should operate them.

    • 10:30 10:50
      Ownership of the traceability information

      Is it acceptable to split the traceability information
      among different participants (VOs and sites)?

    • 10:50 11:10
      Coffee break 20m
    • 11:10 11:45
      Implications and benefits of virtualization on the WN

      This session is not addressing the trivial case where the site is running virtualised WN. It is addressing scenarios where VOs run or provide their own images.

    • 11:45 12:20
      Using external/private clouds

      This topic has been highlighted in the WLCG Risk Assessment, and recommendations there would be needed.

    • 14:00 14:45
      How can we improve the security of the WN today?

      How can we improve the security of the WN today? In particular with regards to the use and transport of credentials on the WN, including delegation, propagation, controls, revocation, renewal and traceability

    • 14:45 15:30
      The longer term future of the security model of the WN

      (including the network/firewall requirements)

    • 15:30 15:50
      Summary of the discussions