Skip to content Skip to navigation

JIRA Issue

[#XCI-196] Deliver XSEDE user to OAuth identity mappings

[XCI-196] Deliver XSEDE user to OAuth identity mappings Created: 09/06/2017  Updated: 11/29/2018

Status: Design Review
Project: XSEDE Cyberinfrastructure Integration
Component/s: AMIE, Globus Auth, XSEDE Central Database (XCDB)
Fix Version/s: PY8 (Sep '18 - Aug '19)

Type: XCI Enhanced Capability Priority: Major
Reporter: JP Navarro Assignee: JP Navarro
Resolution: Unresolved Votes: 1

Attachments: Text File mapfile.txt     Text File output.txt     File xci-196-mapfile.py    
Issue Links:
Associated bugs and stories
associated with A3M-162 Implement XDCDB API to support work o... Closed
associated with XCI-437 Evaluate Globus Auth SSH Beta Closed
associated with XCI-437 Evaluate Globus Auth SSH Beta Closed
Meeting Action Item
is meeting action item from XCI-216 RACD Planning Meeting - September 14,... Completed
SD&I Deliverable
is deliverable of XCI-496 SSH with Globus Auth (OpenID Connect ... Proposed
Target Operator:
XSEDE Community Infrastructure, XSEDE Enterprise Services, XSEDE Service Providers
XSEDE Priority: -
XSEDE Areas:
RACD Security
Discussion Thread: https://software.xsede.org/discussion-forums/xci-196
Public activity link: https://software.xsede.org/display/xci-196
Devel Repository: https://software.xsede.org/svn/xci/activities/xci-196/trunk/
Use Cases:
CAN-01: Run a Remote Job, CAN-02: Managed File Transfer, CAN-04: Interactive Login
Effort and Costs:
Staff Name (Lastname, Firstname) Effort (person weeks) Roles or Contributions Status
Basney, Jim 0.6 Lead and implement the activity none
Liming, Lee 0.2 Design and assist with documentation none
Shapiro, Michael 0.6 Implement XCDB API none
Arnold, Galen 0.4 Implement mapping download/install/distribute functionality none
TBD (tester) 0.2 one week of effort to test the software none
... ... .. none
Deliverables:
Due by Activity Deliverable
DSR Design document*
TRR Implemented Software Capability
TRR Deployment plan*
TRR Test plan*
TRR User documentation*
TRR (post) TRR Baseline* (Shava)
Deployment Test Report* (Shava)
  • Click on "Deliverables" tab for URL.
Planned Launch Date:
Actual Launch Date:
Planned Design Review Date:
Actual Design Review Date:
Planned Complete Date:
Activity Lead: Jim Basney
Lead Tester: Shava Smallen
Design Document: https://software.xsede.org/svn/xci/activities/xci-196/trunk/Deliverables/XCI-196-Design.pdf

 Description   

Part of the Globus Toolkit de-support announcement includes retiring authenticating users to remote services using user X.509 credentials. Currently XSEDE provides SPs user X.509 credential information for mapping to local SP accounts in GridFTP and GSI OpenSSH. This activity will identity how XSEDE can map new OAuth global identity to SP accounts and what components will be changed and to implement those mappings. Implementation will likely include building an interface for extracting XSEDE to local account mappings from XCDB, and tools for downloading and installing those mappings on individual resources. This activity may spin off other activities to enhance components that implement these mappings. This activity will not retire the existing user X.509 identity mapping process



 Comments   

There are comments for XCI-196 that can be viewed with XSEDE authentication.