JIRA Issue

[#XCI-501] Security review for Globus Connect Server v5 and SSH with Globus Auth

[XCI-501] Security review for Globus Connect Server v5 and SSH with Globus Auth Created: 11/02/2018  Updated: 10/21/2021  Resolved: 10/21/2021

Status: Closed
Project: XSEDE Cyberinfrastructure Integration
Component/s: CILogon, Globus Auth, XSEDE Identity Provider (IdP)
Fix Version/s: PY8 (Sep '18 - Aug '19), PY9 (Sep '19 - Aug '20)

Type: Task Priority: Normal
Reporter: Lee Liming Assignee: Lee Liming
Resolution: Done Votes: 1

Issue Links:
XCI Deliverable
has deliverable XCI-608 Security design review for OAuth-SSH ... Backlog
XCI Design
produces design for XCI-826 Deliver Globus Connect Server (GCS) v... Closed
produces design for XCI-572 Prepare repo for SSH with OAuth code Closed
produces design for XCI-496 SSH with OAuth (OIDC/OAuth SSH servic... Design Review
Sub-Tasks:
Key
Summary
Type
Status
Assignee
XCI-825 Design & Security Review (DSR) for Gl... Sub-task Closed Lee Liming  
XSEDE Areas:
RACD Integration Services, RACD Security
XSEDE Priority: -
Planned Complete Date:
Public activity link: https://software.xsede.org/display/xci-501
Use Cases:
CAN-02: Managed data transfer, CAN-04: Open a command shell on a login server (web browser), CAN-06: Authenticate with an application
Use Case Priority: High
Track status in meeting: yes

 Description   

To prepare for use of Globus Connect Server version 5 and SSH with Globus Auth on XSEDE L1/L2 resources, we need to conduct a security review of the new access control mechanisms used by these two services. This activity will prepare the necessary documentation for the security review, prepare the review, and conduct the review. It WILL NOT prepare these services for use on L1/L2 resources: that will be a separate activity.

The result of this activity will be a completed security review of the new access control mechanisms. Ideally, this will result in a general recommendation regarding the use of Globus Connect Server version 5 and SSH with Globus Auth on XSEDE L1/L2 resources, as well as any materials needed to assist L1/L2 SPs in making their own choices regarding these services.



 Comments   

There are comments for XCI-501 that can be viewed with XSEDE authentication.