Conveners
Network, Security, Infrastructure & Operations
- David Groep (Nikhef and Maastricht University)
Network, Security, Infrastructure & Operations
- David Groep (Nikhef and Maastricht University)
Network, Security, Infrastructure & Operations
- Joy Chan (TWNIC)
Network, Security, Infrastructure & Operations
- David Groep (Nikhef and Maastricht University)
Network, Security, Infrastructure & Operations
- Tomoaki Nakamura (KEK)
The mission of the “WISE” community is to enhance best practice in information security for IT infrastructures for research. WISE fosters a collaborative community of security experts and builds trust between those IT infrastructures. Through membership of working groups and attendance at workshops these experts participate in the joint development of policy frameworks, guidelines, and...
Security operations center (SOC) frameworks standardize how SOCs approach their defense strategies. It helps manage and minimize cybersecurity risks and continuously improve operations. However, current most of SOC frameworks are designed as the centralized mode which serves for the single organization. These frameworks are hard to satisfy the security operations scenarios that must...
We must protect and defend our environment against the cybersecurity threats to the research and education community, which are now acute having grown in recent years. In the face of determined and well-resourced attackers, we must actively collaborate in this effort across HEP and more broadly across Research and Academia (R&E).
Parallel efforts are necessary to appropriately respond to...
Enabling Communities - Building trust for research and collaboration
When exploring the world of Federated Identity, research communities can reap considerable benefit from using common best practices and adopting interoperable ways of working. EnCo, the Enabling Communities task of the GÉANT 4-3 and GÉANT 5-1 Trust and Identity Work Package, provides the link between those seeking to...
GakuNin, an identity and access management federation in Japan, has provided a stable trust framework to academia in Japan so far. For common services that all constituent members of university or institution use such as e-journal service the framework has worked well. There are many research communities: data science, material science, high energy physics, and research project using high...
This presentation reports on a series of exercises that checked the steps of the vetting process to gain VO membership for Check-in users. EGI Check-in accepts a range of identity providers on different trust levels, ranging from social media accounts where the identity provider can only guarantee that someone was in control of a mobile phone number or an email address.
OIDC (OpenID Connect) is widely used for transforming our digital
infrastructures (e-Infrastructures, HPC, Storage, Cloud, ...) into the token
based world.
OIDC is an authentication protocol that allows users to be authenticated
with an external, trusted identity provider. Although typically meant for
web- based applications, there is an increasing need for integrating
shell- based...
The Square Kilometre Array (SKA) telescope’s computing platform is being developed through an agile process, with teams from across the SKA Regional Centres (SRCs) developing the SRCNetwork (SRCNet) infrastructure the SKA will need.
One such area of development is the SRCNet’s Authentication and Authorisation Infrastructure (AAI), which is currently led by an agile team, Purple Team, with...
The Institute of High Energy Physics of the Chinese Academy of Sciences is a comprehensive research base in China engaged in high -energy physical research, advanced accelerator physics and technology research and development and utilization, and advanced ray technology and application.
The Sing sign on(SSO) system of the High Energy Institute has more than 22,000 users, the calculation...
The Worldwide Large Hadron Collider Computing Grid (WLCG) actively pursues the migration from the protocol IPv4 to IPv6. For this purpose, the HEPiX-IPv6 working group was founded during the fall HEPiX Conference in 2010. One of the first goals was to categorize the applications running in the WLCG into different groups: the first group was easy to define, because it comprised of all...
The transition of WLCG storage services to dual-stack IPv4/IPv6 is nearing completion after more than 5 years, thus enabling the use of IPv6-only CPU resources as agreed by the WLCG Management Board and presented by us at earlier ISGC conferences. Much of the data is transferred by the LHC experiments over IPv6. All Tier-1 storage and over 90% of Tier-2 storage is now IPv6-enabled, yet we...
As network technique continues to flourish, current network attacks against large-scale scientific facilities and science data centers show a more sophisticated trend. In order to evade traditional security detection systems, attackers adopt more stealthy attack methods. The Domain Name System (DNS) protocol is one of the basic protocols used in the network environment of large-scale...
Over the past year, the soaring cost of electricity in many parts of the world has brought the power-requirements of computing infrastructure sharply into focus, building on the existing environmental concerns around the issue of global warming. We report here on the investigations, and subsequent actions, in the UK to respond to this pressure. The issues we address are both the overall...
The Italian WLCG Tier-1 located in Bologna and managed by INFN, provides computing resources to several research communities in the fields of High-Energy Physics, Astroparticle Physics, Gravitational Waves, Nuclear Physics and others. The facility is hosted at CNAF. Although the LHC experiments at CERN represent the main users of the Tier-1 resources, an increasing number of communities and...
Use of ‘anycasting’ internet addresses (‘IP anycast’) in load balancing and high availability, and for traffic engineering reasons, is a widely deployed technique for content delivery networks to lower latency for access to frequently accessed content such as web pages and video. Using the properties of the Border Gateway Protocol (BGP) as a variable-length path-vector protocol for routing...