DRAFT GENI Recommended Use Policy

As some of you will remember, the OMIS meeting at GEC3 included a  
discussion of security issues for GENI operations.  One of the  
suggestions made there was to draft a GENI security policy.  (You can  
listen to the discussion, or read summary notes by following the links  
at http://groups.geni.net/geni/wiki/GeniOmis.)  I've posted a  
discussion draft of a GENI Recommended Use Policy at http://groups.geni.net/geni/wiki/RUP 
  as a first step.  I've tried to follow the main spirit of the  
discussion at GEC3, and include only those restrictions that seem  
absolutely necessary for GENI operations.  I'm sure opinions will  
differ on this, so please reply to the mailing list with comments.  
The OMIS group will also be discussing this document at our GEC4  
meeting.  The final policy will be used for Spiral 1.

For those of you who'd rather avoid the wiki, I've included the core  
text from the Recommended Use policy.  (Thanks to the PlanetLab  
Acceptable Use Policy authors, from whom I've borrowed much, as  
recommended by many at the OMIS meeting.

-Heidi

--------
2  GENI Use Overview
The suite of GENI facilities coordinated by the GENI Project Office  
(GPO) is meant to support network science and engineering experiments,  
and to provide a collaborative environment in which participants can  
evaluate prototypes and gain a better understanding of the behavior  
and utility of various design alternatives.  In addition to sponsored  
development projects, the GENI facilities suite may include resources  
contributed by research and commercial organizations and individuals.  
These resources are governed by their local policies, as well as by  
GENI guidelines.  GENI facilities should be used only for research and  
education purposes.   GENI does not allow illegal activities

3  Guidelines
All GENI use should be consistent with the goals expressed in the use  
overview.

All individuals contributing to the suite of GENI infrastructures  
should follow these guidelines. Individual sites that contribute GENI  
infrastructure may also have separate guidelines and Acceptable Use  
Policies (AUPs).  GENI participants should not knowingly violate local  
AUPs.

Many GENI resources are hosted and donated by organizations interested  
in the GENI project, and GENI work should not adversely affect those  
organizations.  GENI participants should adhere to widely-accepted  
standards of network etiquette.  Software and hardware should be  
debugged in a controlled environment prior to moving to GENI  
infrastructures, so that system behaviors are well understood before  
they become part of shared infrastructures.  Participants should  
ensure their work does not disrupt other infrastructure, (for example  
by using more than their share of bandwidth or performing systematic  
port scans on local machines).  If such an event is reported, the  
participant will be expected to investigate and address the issue if  
it appears to be related to their work.  The GPO will provide guidance  
if requested for participants who are unsure whether their work might  
adversely affect local infrastructures.

  GENI participants are responsible for ensuring that their  
experiments, prototypes, or contributed infrastructure cannot be  
hijacked and used to attack or spam other infrastructure or users.  If  
such an event occurs despite the participants’ best efforts, they are  
expected to investigate and remediate resultant problems.  Although  
the GPO-sponsored GENI operations mailing list may receive initial  
complaints about misbehaving services or systems, staff from the  
operations list will put complainants in direct contact with the  
researcher or development project lead responsible for reported  
problems, and follow the response emails.

GENI resources are accessible to various opt-in users, who may not be  
officially registered with GENI clearinghouses.  Researchers who  
sponsor services that include these users are responsible for ensuring  
that their users do not violate the GENI infrastructure recommended  
use policy.

GENI offers no privacy guarantees on data sent to and from the GPO-
coordinated GENI suite of infrastructure. GENI participants should  
assume data will be monitored and logged, for example to investigate  
abuse.  GENI also offers no reliability guarantees.  Systems and  
services may be rebooted, briefly taken off-line, and reinstalled  
without prior warning

4 Consequences
This is a collaborative infrastructure, and the nature of some  
violations may require immediate action to protect the rest of the  
community (for example responding to a denial-of-service attack).  
Staff on the GPO-sponsored GENI operations mailing list will strive to  
contact all parties involved in a suspected or reported violation, and  
to discuss options with those parties before taking action to address  
the violation.  Staff will take action before reaching all parties if  
necessary.  Local providers or project participants may act  
independently if they perceive an immediate threat, although GENI  
encourages coordination with the GENI operations mailing list.

Violation of this Recommended Use Policy may result in any of the  
following:
     * disabling experiments, systems, or users access to GPO-
coordinated GENI infrastructure
     * removing sites or resources from the GPO-coordinated GENI  
infrastructure
     * Informing the participant’s administrative organization of the  
violation
     * Informing the GENI community, including the National Science  
Foundation, of the violation

To report a suspected violation of this policy, contact the GENI  
operations mailing list (geni-ops@...).

 
_______________________________________________
omis-wg mailing list
omis-wg@...
http://lists.geni.net/mailman/listinfo/omis-wg