Design feedback

2 posts / 0 new
Last post
Design feedback

Section 5.1 Introduction should mention that the subsequent sections 5.1.x are all design requirements.

Section 5.1.7 "Self-Service required" seems to open the door to a malicious gateway operator obtaining access without human review.

Should there be a requirement for using HTTPS to access the API?

Should spell in this document the acceptable format(s) for "submittime".

 

Delivery Effort Stage: 

The self service still imposes a restriction of using XSEDE authentication for registering Gateways and getting an APIKEY. If an abuse is identified

- the offending APIKey can be revoked

- offending user account could be traced and followed up with

The possibility of similar abuse exists with currently existing design which is in production with no recourse. There is no way to find which user account is submitting garbage.

Log in to post comments