Talk:Site Registration Security Policy

From JSPGwiki

Discussion.

Discussion on V3.0 dated 17 Sep 2009

Mine Altunay commented:

On the site registration: I think this is a great policy. A vast improvement over the old one. It says: If a Site wishes to leave the Grid or the Grid decides to remove the Site, the registration information must be kept by the Grid for a minimum period consistent with the Traceability and Logging Policy (https://edms.cern.ch/document/428037/). Personal registration information must not be retained for longer than one year.

I re-read the traceability policy and could not find anything about retaining registration data. Although it does tell service logging data must be kept at the site for 90-days. But this is very different from keeping site registration data centrally in a Grid.

Answer from JSPG meeting 7 Dec 2009 (extracted from the minutes and slightly modified):

Actually, this was taken out of the traceability policy recently, when the traceability policy was re-written, and the period was an operational detail, not a policy. The VO Registration Security Policy document also refers to the traceability and logging policy in this manner. So, either we must add specifics in each document or add a statement to the traceability policy. Current working, it is 'consistent' with the Traceability and Logging policy, in the sense that it matches the needs expressed there for incident response, i.e., the 90 days. And during that period you need to have the site contact information (or the VO and user information, for that matter). So JSPG agreed to change it to read: '... must be kept by the Grid for at least the same period defined in the Traceability and Logging Policy'.