Skip to content Skip to navigation

REVIEW-2: SDIACT-122 Incremental SSO Hub fixes and enhancements - Design and Security Review

Overview

Review of design and security elements of the an incremental upgrade to the XSEDE SSO login hub (login.xsede.org).

Review Input Documents

Review Criteria

Scenario 1: User login to service

  • Concerns to be addressed when discussing this scenario:
    • How are accounts created, updated, and deactivated?
    • How is logging handled?
    • What does the user have access to on the server outside their home directory?
    • How are home directory content quotas managed?
    • How are backups managed?
    • What client software is available initially to the user?
    • How is 2-factor login handled?
    • How is password login handled?

Scenario 2: Hacker attempts to login to service

  • Concerns to be addressed when discussing this scenario:
    • Are there any controls and mitigation responses to repeated failed logins?
    • How is failed login logging handled?

Schedule

Current Date: 2019-02-22
Current Status: Closed (Design and Security Review)
Target Date Actual Date Activity Milestone
  2015-09-02 Review launch date
2015-09-11 Written feedback due (Reviewers)
2015-09-18 2015-09-09 Written response date (Review Material Developers)
2015-09-25 2015-09-09 Final approval due and completion date (Reviewers)
Review Created: 2015-09-02 9:48 am
Review Last Updated: 2015-12-14 9:36 am

 

Reviewers

If you are a reviewer, please login to sign or withdraw from this review.

Required

  • Jim Basney
  • Randal Butler

Optional

  • Jim Marsteller

Review Material Developers

Stephen McNally
Michael Campfield
David Carver
Randal Butler
Jim Marsteller
Tabitha Samuel
Shava Smallen
JP Navarro

Review Facilitator

JP Navarro

 

Please post your comments using the "New topic" or "Post reply" buttons in the forum below.