JIRA Issue

[#XCI-608] Security design review for OAuth-SSH server deployment

[XCI-608] Security design review for OAuth-SSH server deployment Created: 06/13/2019  Updated: 10/02/2019

Status: Backlog
Project: XSEDE Cyberinfrastructure Integration
Component/s: Globus Auth SSH
Fix Version/s: PY9 (Sep '19 - Aug '20)

Type: Task Priority: Critical
Reporter: Lee Liming Assignee: Lee Liming
Resolution: Unresolved Votes: 0

Issue Links:
XCI Deliverable
is deliverable of XCI-501 Security review for Globus Connect Se... Closed
XSEDE Areas:
RACD Integration Services, RACD Security
XSEDE Priority: -
Planned Complete Date:
Public activity link: https://software.xsede.org/display/xci-608
Use Cases:
CAN-04: Open a command shell on a login server (web browser), CAN-06: Authenticate with an application, CB-08: Use a community login service with campus login servers, DA-02: Prepare data for analysis, DA-03: Analyze data from research instruments, DA-04: Analyze data generated by a simulation, DA-05: Steer a large computation while it runs, HPC-01: Use a single HPC resource for a research project, HPC-02: Use two or more HPC resources for a research project, HTC-01: Run a set of independent jobs on an HTC resource, HTC-02: Run a set of interrelated jobs on an HTC resource, VIS-01: Visualize research data using streaming video, VIS-02: Visualize research data using streaming geometry data, VIS-03: Generate visualization data for later viewing, VIS-04: Visualize and steer a simulation running on a remote resource, VIS-05: Visualize a simulation as it runs on a remote resource
Use Case Priority: High
Track status in meeting: yes


OAuth-SSH with enhanced authentication assurance features is now available. The OAuth PAM module for the SSH server can be configured to require authentication with specific IDP(s) and a time limit on authentication. We can now finalize the design document for SSH server deployment (see XCI-496) and test the design to ensure it provides the security controls described in the security design document.


There are comments for XCI-608 that can be viewed with XSEDE authentication.