JIRA Issue

[#XCI-428] Security risk analysis for GRP-17 Drive project membership with an email message

[XCI-428] Security risk analysis for GRP-17 Drive project membership with an email message Created: 08/10/2018  Updated: 10/04/2019

Status: Proposed
Project: XSEDE Cyberinfrastructure Integration
Component/s: XSEDE User Portal (XUP)
Fix Version/s: None

Type: XCI Evaluation Priority: Major
Reporter: Lee Liming Assignee: Unassigned
Resolution: Unresolved Votes: 0

XSEDE Priority: 3.6 UREP'17
Use Case Priority: Medium
Public activity link: https://software.xsede.org/display/xci-428
Devel Repository:
Use Cases:
GRP-17: Drive project membership with an email message
Effort and Costs:
Staff Name (Lastname, Firstname) Effort (person weeks) Roles or Contributions Status
<Activity Lead Name – Last, First> 6 six weeks of effort to lead and implement the activity (required) none
<User Doc Drafter – Last, First> 0.2 one day of effort to draft user documentation (required ) none
TBD (tester) 1 one week of effort to test the software none
... ... .. none
Due by Activity Deliverable
DSR Design document*
TRR Implemented Software Capability
TRR Other type of deliverable
TRR Deployment plan*
TRR Test plan*
TRR User documentation*
TRR (post) TRR Baseline* (Shava)
Deployment Deployment Baseline* (Shava)
Deployment Test Report* (Shava)
  • Click on "Deliverables" tab for URL.
Track status in meeting: no
Lead Tester: Shava Smallen Shava Smallen


We need to request and receive a security risk analysis for use case GRP-17 to review the security risks of the proposed use case and identify ways to mitigate these risks in the implementation.

From the CDP:

The current XSEDE system (and policy) does not allow for project PIs to invite other people to join the project team and share their allocation(s). There are several reasons for this, including some that involve security risks and our current strategy for mitigating those risks. Given enough development effort, the XUP team could implement a mechanism to support this use case, but the security risks and mitigation strategies need to be revisited by experts.


There are comments for XCI-428 that can be viewed with XSEDE authentication.