XSEDE Capability Delivery Plan for "DM-13: Small-scale data transfer"

Use Case DM-13: Small-scale data transfer

Area: Scientific Data
URLs: Review

Executive Summary: A researcher, educator, science gateway developer, or application developer needs to move a small amount of data (a handful of modest-sized files) to or from a community resource.

Organization: 
XSEDE
First CDP: 2019-10-02
Current CDP: 2019-10-02
Current Implementation Status: 
Issues to be Addressed: 
Time & Effort Summary: 

This use case is currently partially implemented via GSI-OpenSSH, but the user experience is complicated and not well-documented, and the current implementation doesn't fully honor SP security policies. Specifically, the process for obtaining an X.509 certificate for use with GSI-OpenSSH isn't well-documented, and the current implementation doesn't require multi-factor authentication. (In fact, some SP resources may not allow the current implementation for this reason.)

A new implementation based on OAuth-SSH can fix these issues but significant work remains before this can be used on XSEDE. Specifically, we need to complete a deployment plan for the SSH server configuration for XSEDE service providers, a design & deployment plan for the user experience, a final design & security review of these plans, and then the plans need to be executed.

A very rough estimate of the remaining effort is 2 man-months of effort. Given current staffing levels and the need for significant coordination across organizations, this is likely to take at least a year to complete.

Significant Revisions:
  • 2019-10-02 12:42 (current revision)
This capability is currently supported by the following 1 components:
Component User facing? Component’s role in the capability
Globus Toolkit GSISSH Client/Server yes Community members can currently install the GSI-OpenSSH client on their local systems and use it to directly connect to the GSI-OpenSSH servers on XSEDE SP login nodes. To do this, the community member also needs to obtain and configure an X.509 certificate from XSEDE.