REVIEW-24: SDIACT-203 and SDIACT-239 Update oa4mp.xsede.org and cilogon.org to support OAuth 2.0 - Design/Security Review

Overview

General design and security risk review for upgrading oa4mp.xsede.org and cilogon.org to support the OAuth 2.0 specification.

Review Summary

Will address standard security practicies for Tomcat from Apache and OWASP in the Deployment plan. Will also look into altering the wording on the user page to reflect the fact that the service isn't solely used by Science Gateways anymore using suggestions from Maytal.

Review Output Documents (Final)

No changes to design docs.

Review Input Documents

oa4mp.xsede.org OAuth 2.0 design
cilogon.org OAuth 2.0 design

Review Criteria

  1. Do the described user behaviors address known user requirements?
  2. Are the service interfaces secure?
  3. Are the administrative and support responsibilities spelled out and do they satisfy service availability and support needs?
  4. Are administrative procedures secure and mitigate risk appropriately?
  5. Are the service interfaces secure enough?

Schedule

Current Date: 2024-10-04
Current Status: Closed (Design and Security Review)
Target Date Actual Date Activity Milestone
  2016-05-17 Review launch date
2016-05-27 2016-06-09 Written feedback due (Reviewers)
2016-06-03 2016-06-09 Written response date (Review Material Developers)
2016-06-03 2016-06-09 Final approval due and completion date (Reviewers)
Review Created: 2016-05-17 12:10 pm
Review Last Updated: 2016-06-09 9:38 am

 

Reviewers

If you are a reviewer, please login to sign or withdraw from this review.

Required

  • Shane Filus
    SIGNED: 2016-05-27 15:40
  • Terrence Fleury
    SIGNED: 2016-05-18 14:27
  • John-Paul Navarro
    SIGNED: 2016-05-25 11:53

Optional

  • Victor Hazlewood
  • Mattias Lidman
  • Lee Liming
    SIGNED: 2016-05-24 12:39
  • Jim Marsteller
  • Marlon Pierce
  • Tabitha Samuel
    SIGNED: 2016-05-17 16:18
  • Adam Slagell
    SIGNED: 2016-05-17 16:20
  • Shava Smallen

Withdrawn

  • Rachana Ananthakrishnan

Review Material Developers

Jim Basney
Venkatesh Yekkirala

Review Facilitator

John-Paul Navarro

 

Please post your comments using the "New topic" or "Post reply" buttons in the forum(s) below.

There are 2 discussion boards in this review. Please scroll down and post comments in the most appropriate board.