[gin-auth] GIN VO Usage Rules.

Stephen M Pickles Stephen.Pickles at manchester.ac.uk
Wed Aug 16 12:04:09 CDT 2006 

I hope some of you remember this thread. It's become
something of a loose end, and needs tying off.

I think that the text provided by Dave Kelsey is a good
starting point, and I'm willing to draft an adaptation of
this for an AUP for the GIN VO.

What I'm not sure about is whether there's any point
in trying to preserve EGEE's separation between a "Grid AUP"
and a "VO AUP". For example, I can't see that an existing
grid (like NGS) is likely to throw away its own AUP and adopt
a GIN AUP instead. I also think it awkward to have two AUPs
that reference each other.

So, will not a single document (i.e. an AUP for the GIN VO)
do for GIN?

I propose to:

1) draft a single-document AUP for GIN, merging text from
   Dave Kelsey's Grid AUP (more or less verbatim)
   and VO AUP (adapted for GIN and its goals)
2) add some words that amount to a "when in Rome clause"
   (to remind users that many of the grids involved in GIN
   have their own AUPs, which should be respected)
3) add some words that amount to a reminder that a user's access
   rights under the GIN VO are for testing, monitoring,
   proof-of-concept, not large scale production work
   (users planning large scale production work should
   make independent applications to the grid(s) they
   intend to use).
4) I think there's a problem with clause (1) of the
   Grid AUP for people who are members of multiple VOs.
   I'll try to fix that in the process. 

Any comments or objections?

Stephen


 
> -----Original Message-----
> From: owner-gin-auth at ggf.org [mailto:owner-gin-auth at ggf.org] 
> On Behalf Of Kelsey, DP (David)
> Sent: 04 May 2006 20:12
> To: gin-auth at ggf.org
> Subject: RE: [gin-auth] GIN VO Usage Rules.
> 
> Dear all,
> 
> I have only just joined the gin-auth list. I have been 
> meaning to do so
> for some time, but only got around to it when Oscar Koeroo 
> told me about
> this recent thread on AUPs etc.
> 
> I would like to tell you what we have been doing on this 
> topic in EGEE,
> Open Science Grid and various other related EU Grid projects, in the
> hope that it may be useful to GIN. If it does not work for 
> GIN it would
> also be good to understand why, in case we can improve things.
> 
> As Stephen Pickles already said, EGEE does have VO-specific 
> AUP's and we
> do have a general Grid AUP which uses the term "Grid". But different
> from what he said, we used this term deliberately not only to mean
> "EGEE" but also to mean any other Grid which decides to adopt the same
> policy, for example Open Science Grid in the USA. The policy was
> developed jointly with them and actually built on early work they had
> done to prepare a short, simple AUP. The aim was to produce a simple
> common policy to promote interoperation.
> 
> The background to this work was as follows:
> 
> 1. We needed to develop policies which would work for VO's using
> multiple Grids. Users needed to register just once with their VO which
> would then grant them access to resources on multiple Grids. We do NOT
> require the users to register with the sites or the Grid
> infrastructures.
> 2. We very quickly came to the conclusion that there was absolutely no
> way we could take the existing network and site AUPs and merge them
> altogether into one long document that would be a super-set of the
> others. With more than 200 sites in 40 countries this is a 
> non starter.
> 3. The legal experts we consulted seemed to agree that use of the Grid
> (being after all just another internet application) was 
> already covered
> by all of the network and site AUPs whether we mentioned them 
> or not, so
> suggested we did not mention them explicitly.
> 4. We wanted a policy which was deliberately as short as possible to
> stand some chance of acceptance by other Grids and in the 
> hope the users
> would read and understand.
> 5. We concluded that it was best to have a general Grid AUP 
> accepted by
> *ALL* Grid users during their registration with a VO and that any
> VO-specific details were best expressed in a VO AUP. Sites could then
> decide whether or not to offer resources to a particular VO based on
> their policy, safe in the knowledge that the user has already accepted
> the general AUP.
> 
> So... here is our "Grid AUP" (short enough to include verbatim)...
> 
> ------------------------------------------
> 
> By registering with the Virtual Organization (the "VO") as a GRID user
> you shall be deemed to accept these conditions of use:
> 
> 1. You shall only use the GRID to perform work, or transmit or store
> data consistent with the stated goals and policies of the VO of which
> you are a member and in compliance with these conditions of use. 
> 
> 2. You shall not use the GRID for any unlawful purpose and 
> not (attempt
> to) breach or circumvent any GRID administrative or security controls.
> You shall respect copyright and confidentiality agreements and protect
> your GRID credentials (e.g. private keys, passwords), 
> sensitive data and
> files. 
> 
> 3. You shall immediately report any known or suspected security breach
> or misuse of the GRID or GRID credentials to the incident reporting
> locations specified by the VO and to the relevant credential issuing
> authorities.
> 
> 4. Use of the GRID is at your own risk. There is no guarantee that the
> GRID will be available at any time or that it will suit any purpose.
> 
> 5. Logged information, including information provided by you for
> registration purposes, shall be used for administrative, operational,
> accounting, monitoring and security purposes only. This 
> information may
> be disclosed to other organizations anywhere in the world for these
> purposes. Although efforts are made to maintain confidentiality, no
> guarantees are given. 
> 
> 6. The Resource Providers, the VOs and the GRID operators are entitled
> to regulate and terminate access for administrative, operational and
> security purposes and you shall immediately comply with their
> instructions. 
> 
> 7. You are liable for the consequences of any violation by 
> you of these
> conditions of use.
> 
> ------------------------------------------------------------
> 
> And here is an example VO AUP ... again rather short as you can
> see.......
> At the very least it needs to define the goals of the VO such that the
> individual users are constrained by point 1 of the general AUP to only
> perform work consistent with these goals.
> 
> ------------------------------------------------------------
> 
> This Acceptable Use Policy applies to all members of the 
> Geant4 Virtual
> Organization, hereafter referred to as the VO, with reference 
> to use of
> the LCG/EGEE Grid infrastructure, hereafter referred to as 
> the Grid. The
> Geant4-Spokesman, <name-removed> (CERN), owns and gives authority to
> this policy. The goal of the VO is to validate the software 
> they provide
> to their users (HEP experiments such as ATLAS, CMS, LHCb, Babar,
> Astrophysics applications, biomedical communities, etc) twice per year
> within the Grid environment. This procedure should cover a 
> wide range of
> parameters and physical models which are high CPU demanding. 
> At the same
> time they are planning to use regularly the LCG/EGEE resources to make
> analysis and studies of their toolkit. Members and Managers of the VO
> agree to be bound by the Grid Acceptable Use Policy, VO 
> Security Policy
> and other relevant Grid Policies, and to use the Grid only in the
> furtherance of the stated of the VO.
> 
> ------------------------------------------------------------
> 
> I hope you might find this useful.
> 
> Regards
> Dave Kelsey
> 
> 
> ------------------------------------------------
> Dr David Kelsey
> Particle Physics Department
> Rutherford Appleton Laboratory
> Chilton, DIDCOT, OX11 0QX, UK
> 
> e-mail: D.P.Kelsey at rl.ac.uk
> Tel: [+44](0)1235 445746 (direct)
> Fax: [+44](0)1235 446733
> ------------------------------------------------
> 
> 
> 
>

More information about the gin-auth mailing list