Skip to content Skip to navigation

JIRA Issue

[#XCI-400] Facilitate TFA usability vs security discussion for sensitive updates thru the XUP

[XCI-400] Facilitate TFA usability vs security discussion for sensitive updates thru the XUP Created: 06/14/2018  Updated: 08/22/2018

Status: Proposed
Project: XSEDE Cyberinfrastructure Integration
Component/s: XSEDE User Portal (XUP)
Fix Version/s: PY8 (Sep '18 - Aug '19)

Type: Task Priority: Critical
Reporter: JP Navarro Assignee: JP Navarro
Resolution: Unresolved Votes: 0

Issue Links:
Relates
relates to XCI-42 CDP for GRP-01: Researcher manages me... Backlog
relates to XCI-47 CDP for IDM-03: Change an XSEDE user ... Backlog
XSEDE Areas:
RACD Security
XSEDE Priority: 4.2 UREP'16 (for add user), 3.6 (for update user profile)
Public activity link: https://software.xsede.org/display/xci-400
Use Cases:
GRP-01: Researcher manages membership of a project group, IDM-03: Change an XSEDE user profile
Track status in meeting: no

 Description   

It has been proposed to enhance security using TFA for sensitive updates in the XUP, such as: updating the list of users with access to an allocation, and updating a user's profile. This would have significant usability implications. The dev council asked (June 2018) RACD to facilitate a discussion between relevant stakeholders on the benefits and costs/impacts of this change to reach consensus on whether to implement.