Talk:Grid Acceptable Use Policy

From JSPGwiki

Table of contents

1 DEISA AUP 1.1 Grid Acceptable Use Policy 2 OGF GIN AUP 3 EELA AUP 3.1 EELA RESOURCES ACCEPTABLE USE POLICY 4 Jan 23 2009 JSPG Meeting Notes 5 SURAgrid AUP 6 Discussion on Grid AUP V4.0 dated 17 Sep 2009 7 JSPG discussions and decisions on the Grid AUP during its meeting on 7/8 Dec 2009 8 Comments received on V4.1 since 12 Jan 2010

DEISA AUP

The following document describes the Acceptable Use Policy (AUP) which a user of the DEISA infrastructure is deemed to accept. This is in addition to the policies you have to accept of the DEISA site which registers you as DEISA user. The registration procedure of the site will contain the details.

V1.0 8 May 2007 Johannes Reetz, Andreas Schott, Jules Wolfrat. Builds on JSPG AUP v3.1. item 5 changed and new item 8 added.

V2.0 11 June 2007 Jules Wolfrat. Inserted item 8. Previous item 8 has become 9.

Grid Acceptable Use Policy

By registering with the Virtual Organization (the "VO” - footnote 1) as a GRID user you shall be deemed to accept these conditions of use:

1. You shall only use the GRID to perform work, or transmit or store data consistent with the stated goals and policies of the VO of which you are a member and in compliance with these conditions of use.

2. You shall not use the GRID for any unlawful purpose and not (attempt to) breach or circumvent any GRID administrative or security controls. You shall respect copyright and confidentiality agreements and protect your GRID credentials (e.g. private keys, passwords), sensitive data and files.

3. You shall immediately report any known or suspected security breach or misuse of the GRID or GRID credentials to the incident reporting locations specified by the VO and to the relevant credential issuing authorities.

4. Use of the GRID is at your own risk. There is no guarantee that the GRID will be available at any time or that it will suit any purpose.

5. Logged information, including information provided by you for registration purposes, shall be used for administrative, operational, accounting, monitoring and security purposes only. This information may be disclosed, via secured mechanisms, only for the same purposes and only as far as necessary to other organizations cooperating with DEISA. Although efforts are made to maintain confidentiality, no guarantees are given.

6. The Resource Providers, the VOs and the GRID operators are entitled to regulate and terminate access for administrative, operational and security purposes and you shall immediately comply with their instructions.

7. You are liable for the consequences of any violation by you of these conditions of use.

8. You must notify your VO administrator about any changes in your contact information.

9. In case that some or parts of these conditions are invalid or impracticable or if they become invalid or impracticable after the contract is signed, the remainder of the conditions is not affected. Only affected conditions may be substituted by conditions which are most close to the intended ones. This includes also incomplete conditions.

Footnote 1: the Virtual Organization is defined as the DEISA partner that registers you as a DEISA user.

--David kelsey 21:06, 22 Jan 2009 (GMT)

OGF GIN AUP

This Acceptable Use Policy (AUP) applies to all members of the GIN Virtual Organization, hereafter referred to as the VO, and covers all usage under the auspices of the VO of the resources provided to it. These resources are hereafter referred to collectively as the GRID. The chairs of the GIN Community Group (GIN-CG) of the Open Grid Forum own and give authority to this policy. The goal of the VO is to conduct interoperation efforts among production Grid projects in fulfilment of the GIN-CG charter (http://forge.ogf.org/sf/projects/gin).

The major Grid projects and others who are providing resources to the VO, hereafter referred to as the Resource Providers, do so under various legal and policy constraints that may be peculiar to their organizational, regional, national or Grid affiliations. This AUP implies no waiver of any other policies or conditions that the Resource Providers may impose on the use of their resources. Members of the VO must respect all other applicable policies and if they become aware that through their use of the GRID they are contravening any such policy they must immediately correct their activities to prevent further contravention.

The Resource Providers have agreed to donate resources to the VO on the understanding that the resources will be used for testing, monitoring and proof-of-concept experiments involving trial applications. Larger scale usage, such as might warrant the description production work, does not constitute reasonable use and MUST be cleared with the Resource Providers concerned through their normal channels.

Members and Managers of the VO agree to be bound by this Acceptable Use Policy and any other applicable policies of the VO or the Resource Providers, and to use the GRID only in the furtherance of the stated goals of the VO.

By registering with the VO as a GRID user you shall be deemed to accept these conditions of use:

1. You shall only use the GRID to perform work, or transmit or store data consistent with the stated goals and policies of the VO and in compliance with these conditions of use.

2. You shall not use the GRID for any unlawful purpose. You shall not attempt to breach or circumvent any GRID administrative or security controls. You shall respect copyright and confidentiality agreements and protect your GRID credentials (e.g. private keys, passwords), sensitive data and files.

3. You shall immediately report any known or suspected security breach or misuse of the GRID or GRID credentials to the incident reporting locations specified by the VO and to the relevant credential issuing authorities.

4. Use of the GRID is at your own risk. There is no guarantee that the GRID will be available at any time or that it will suit any purpose.

5. Logged information, including information provided by you for registration purposes, shall be used for administrative, operational, accounting, monitoring and security purposes only. This information may be disclosed to other organizations anywhere in the world for these purposes. Although efforts are made to maintain confidentiality, no guarantees are given.

6. The Resource Providers, the VO and the GRID operators are entitled to regulate and terminate access for administrative, operational and security purposes and you shall immediately comply with their instructions.

7. You are liable for the consequences of any violation by you of these conditions of use.

--David kelsey 21:14, 22 Jan 2009 (GMT)

EELA AUP

From EELA-D1.3-v1.6.doc (11/5/2006)

The objective of this deliverable is to provide an Acceptable Use Policy (AUP) that is agreed upon for use within the EELA infrastructure. The EELA AUP will serve to help users to understand the code of conduct and the consequences of violating it. Establishing an AUP for EELA will formalize responsibilities of users while attempting to balance project risks and user flexibility.

In order to avoid possible conflicts between EGEE and EELA policies, which could jeopardize Grid interoperability, this work follows as much as possible pre-existing polices.

EELA RESOURCES ACCEPTABLE USE POLICY

1. The user shall only use the EELA Resources to perform work, process, transmit or store data in accordance with the stated goals and policies of the EELA supported VO of which he/she is a member and in accordance with the specific TEB approbation.

2. The user shall respect the EELA Consortium Agreement, copyright and confidentiality agreements and protect user’s credentials (e.g., private keys, passwords, etc.), sensitive data, and files.

3. The user is required to be aware that the use of the EELA Resources is at his/her own risk. There is no guarantee that the EELA Resources will be available at any time or that it will suit any purpose.

4. Logged information, including information provided by the user for registration purposes, shall be used for administrative, operational, accounting, monitoring and security purposes only. This information may be disclosed, in accordance with current laws of the country hosting it, to other organizations anywhere in the world only for these purposes. Although efforts are made to maintain confidentiality, no guarantees are given.

5. Both EELA Resource Providers and EELA supported VOs operators are entitled to regulate and terminate access for administrative, operational and security purposes and the user shall immediately comply with their instructions.

6. The user shall not use the EELA Resources for any unlawful purpose.

7. The user shall immediately report any known or suspected security breach or misuse of the EELA Resources or credentials to the incident reporting locations specified by the VO and to the relevant credential issuing authorities.

8. The user must select safe passwords and pass phrases, endeavour to keep them and the credentials secret, and under no circumstances reveal them to third parties.

9. The user shall not attempt to breach or circumvent any EELA Resources administrative or security controls to obtain unauthorized access to EELA Resources, any EELA Partner’s resource or any other systems.

10. The user shall not attempt to damage or alter without proper authorization either EELA Resources or any other EELA Partner’s systems.

The user is liable for the consequences of any violation by him/her of the conditions of use stated above.

--David kelsey 21:32, 22 Jan 2009 (GMT)

Jan 23 2009 JSPG Meeting Notes

Review of changes that others have made to the policy (see above):

• DEISA: Changes to #5 look good. #8 looks like a reasonable addition. #9 is project-specific legalese that we think we don't need -- we don't see the AUP as a contract that requires language like this.
• GIN AUP: No changes?
• EELA: Added "in accordance with current laws" to disclosure clause. Re-ordered and re-worded the clauses.
• Australia Grid: Added "You also must register with all the sites."

Other AUPs:

• TeraGrid User Responsibility Form (http://www.teragrid.org/userinfo/access/user_responsibility.html): Much longer than the JSPG AUP.

There's a BalticGrid paper (http://www.balticgrid.org/Deliverables/pdfs/BGII-DSA2-2-v1.7-IMCSUL-GridAcceptableUsePolicy.pdf) that analyzes all the AUPs.

Should the AUP say you are bound by the AUPs of the sites?

How can we expect a grid user to see all of these?

VO is taking some responsibility, so this is covered by VO relationships with sites.

What are we trying to achieve by the AUP?

A minimal AUP that can be agreed by everybody (across grids) to allow jobs to run and data to be stored at sites.

Short enough to pop up on the screen.

Not intended to replace site policies.

The only policy that a grid user would see/sign to submit jobs to a grid. Want to avoid users having to sign AUPs for each grid/site.

Question to TeraGrid (Jim to convey): Are there small tweaks to the JSPG policy that could satisfy TeraGrid?

--Jim Basney 23 Jan 2009

SURAgrid AUP

http://sura.org/programs/sura_grid_aup.html

Discussion on Grid AUP V4.0 dated 17 Sep 2009

--David kelsey 15:22, 6 Dec 2009 (GMT)

Option 1 of bullet 1 is: "You shall only use the Grid to perform work, or transmit or store data consistent with the stated goals, policies and conditions of use applicable to the body that has granted you access".

This has the advantage of being similar to the previous version "You shall only use the GRID to perform work, or transmit or store data consistent with the stated goals and policies of the VO of which you are a member and in compliance with these conditions of use."

We changed it to remove the need to be a member of a VO as some (HPC) Grids don't have VOs. We also removed the phrase about compliance with these conditions as that is already stated in the introduction.

Option 2 of bullet 1 is: "You shall only use the Grid as authorised by the body that has granted you access."

The advantage of this is that the sentence is short and simple.

I am concerned, however, that "as authorised by" does not necessarily mean the same as "consistent with the stated goals, policies and conditions of use applicable ...". Our model in the EGEE VO world is that the VO writes an AUP stating the aims and goals of the VO. The Grid can assess this VO AUP during the VO acceptance/registration process. Sites can use this to decide whether to support the VO. "As authorised by the VO" may suggest a more dynamic approval process between the user and the VO, and not involving the Grid or the Site in any way.

I prefer the longer option 1. What do others think?

Romain Wartel replied: I fully support you there. It would be very hard to make a practical use of option 2.

Jules Wolfrat (DEISA) replied: I also prefer option 1 for now.

However it must be clear that in the text below the "body" may be something different than the organization that registers you as a user: "consistent with the stated goals, policies and conditions of use applicable to the body that has granted you access"

In the HPC (DEISA) case the body that gives you access is some peer review committee, or at least they provide the input. Also it must be realized that this body grants access for specific goals of the user, not of the body. This may be ambiguous (this is the difference with a VO, which has the same goals as the user). So this may need some more thinking, I don't have the answer now.

There is of course a clear analogy between a VO doing the registration of users and an HPC center doing it. In both cases it is in the first place a "contract" between the registration body and the user, which also for HPC centers can differ between each other, e.g. fulfilling national legislation requirements and other local rules. The important thing is that some organization is responsible for the registration of the user and which is trusted by the infrastructure.

Mine Altunay replied: I also prefer option 1.

I think the revised policies are a vast improvement over the old ones. They are much shorter, easier to understand and concise. thank you Dave!

On the AUP: the last bullet point says You are liable for the consequences of any violation by you of these conditions of use.

If I was given this policy as a grid user, I would be worried about the liability notice. am i legally liable? will you turn me into the police if I lose my private key? am I responsible for my graduate students? my laboratory does not allow me to sign anything legal without their consent.

An easier solution may be to change the wording. list whatever the consequences we can apply. I think the only punishment we can give is to kick a member out. Why not just say this so people would not get scared.

JSPG discussions and decisions on the Grid AUP during its meeting on 7/8 Dec 2009

--David kelsey 16:04, 12 Jan 2010 (GMT)

These are extracted from the minutes of the meeting (slightly modified):

1. Legal advice has always been to make the Users liable. The policies limits that to the employing organisation or to the police.
2. "You need to comply with the policy of all sites you will touch", but that in practice is unenforceable (and incomprehensible for the user).
3. The aims of the VO already defines this. And when the VO registers with the Infrastructure this ought to be checked? Would that be sufficient?
4. What could come out are transition principles, and the JSPG could come up with a discussion document describing the move to formalize the links to the employer and the legal site, and review of the VO and a range of issues and not necessarily push these into policies now but feed into the discussions in 6 months time, and see how the community will evolve. I.e. be more proactive with respect to new requests from .fr/.de
5. The main point behind the VO AUP was to enable sites to make a useful decision on acceptance. At least sites ought to make the decision consciously.
6. Clarify that Sites needs to actually look and check if they want to enable a VO?
7. Bullet 3 "no unlawful purpose": is should be legal in all countries, and its the user's responsibility to comply
8. An interesting realistic example would be a stem-cell research VO. A site in a jurisdiction where stem-cell research is forbidden has its own responsibility to not enable this VO, and should be held liable if it were to enable it. The user should not be held liable. The description of the VO should then also make that clear (i.e., not just 'biomed').
9. For the network, typically: 'if you are informed you're doing something wrong, you should stop'.
10. Between the two options for bullet 1, generally the first, longer, option is preferred.
11. 'The Body that granted you access' is what used to be the VO.
12. Is it the VO, or is it the Grid? For EGEE, this is the VO, but in DEISA it is a site, since the 'body that grants you access' is a scientific peer-review group, but these allocations committees don't do user registration. Aim: "only do work that is allowed". If, in DEISA, a site is granting you access, the site that grants you access does not have a specific goal. The goals derive from the project. A new user account does not mean a new contract is signed. It's up to the PI to add users (although there is also a list associates with the proposal). If a user registers at the site, and on log-on, you get notified to only use if for the intended purposes goal.
13. Agreed solution: make it plural: '... the body or bodies that granted you access.'
14. It should even be correct as it stand now, since the allocations committee grants you access and defined the goals, except that the user usually does not sign a contract with the allocations committee. The Dutch NWO sentence "The user will only use the system for the execution of the proposal, for which access has been granted". Or: "... goals, policies, and conditions of use for which your access to the grid has been granted"? It should be clear that there is someone else that defined what is acceptable work, and the user has to be aware of these conditions and goals.
15. Bullet 1 will now likely work for DEISA.
16. Is there the reciprocal 'acceptable provisioning' policy, that limits what a site can do against user data and processes? The GSOP(https://edms.cern.ch/document/819783/) has some of these elements.
17. What is the back-porting effect for, e.g., GILDA? There should also be clear interactions between the Grid and the VOs (and GILDA), so that the Grid limits what the VO allows its users to doToday, is may well be that GILDA allows its users to do anything, under the mantle of training. Then this AUP will not help to bind the users.
18. Liability: yes, in the end abuse may be reported to the police and the case then may end up in court.
19. Does the sentence in bullet 2 ever have any influence on whether or not the User gets persecuted. People may have a misconception that they either can hide or rely on diplomatic immunity. In practice, this just does not work.
20. You'll get prosecuted for breaking the law wherever that occurs, even in presence of multiple jurisdictions (the lowest common denominator is the safe default)
21. Based on #2, at least we can at least ban you from the Grid, irrespective of any judicial action.
22. Even if there is no JSPG policy, the law still applies ...
23. The meaning behind the lines is not obviously clear to new users
24. Could have one more iteration (clarification?) during the last F2F meeting of the JSPG in the EGEE-III era
    1. Accept only users from institutes that have contracts that include disciplinary measures?
25. Sanctions are clear from the top-level policy, referral to there from the last bullet, by adding: "... Possible sanctions may be defined by ... ?"
    1. The Grid (management)
    2. Resource Providers
    3. Your Home Institute (take into account employment constructions &c)
    4. Employer
26. Document was not edited to cover this, since the sentence was becoming too long.
27. Should information on sanctions actually be provided here? Keep for a next meeting, and go back to Mine for a next version.

Comments received on V4.1 since 12 Jan 2010

Stefan Lueders/Romain Wartel:

• The terms "Registrar", "access granting bodies", etc. all referring to actors, should be defined in our glossary
• The term "unlawful" might be inappropriate since we don't know which laws we are talking about (which countries, etc.). Suggest "illegitimate" as a replacement. The last point of the document refers to "liable", which seems however OK.

Answer from Dave Kelsey:

• Fully agree with the first point.
• There was quite some discussion on the second point during the December meeting. Clearly you were not there and maybe Stefan was not at that time either. Our conclusion at the end was that "unlawful" was OK for now. We know this will all have to change in EGI world when we tackle the responsibility of individuals and employers more carefully.