...

I propose a mean of no combined score (Adam Slagell).

DaveK - I agree.

Standardize Language

The spreadsheet and SCIv1 document have ambiguities. For example, one refers to service providers and another to service operators.

DaveK - yes - we need to check the whole document for this

Base-level Examples

There are always questions of scope and completeness in filling out this evaluation form. While no implementation or documentation is ever exhaustive or covers every corner case, if there are significant holes then noting the scope that is covered is useful. For example, there may be centrally managed services for an infrastructure, while there are shared infrastructure at the resource providers that follow different policies. Or there may be different policies for different tiers of infrastructure worth noting.

...

Access control example Dave?

DaveK - from minutes of the 1/6 meeting - "Access control" for files relates to role-based authZ to read/write/delete/control files. For XSEDE, Adam comments that their most important example of central access control is to for accounting.

Confidentiality example Dave?

DaveK - No access unless authorised. Hide the existence of jobs and their details

Integrity example Dave?

Examples of compliance mechanisms are top-level security policies, resource provider agreements, and terms of service that allow the organization to enforce policies for entities bypassing the model. For example, a resource provider setting up a gateway which bypasses authentication and authorization by sharing an account might be cut off from resources for breaking the model.

...