REVIEW-33: SDIACT-203 Update to support OAuth 2.0 - Test Readiness Review


XSEDE users have the ability to delegate a short­-lived certificate issued by the XSEDE MyProxy service to a Science Gateway using the XSEDE OA4MP (OAuth for MyProxy) service. The OA4MP service currently supports OAuth 1.0. SDIACT-203 involves updating the OAuth 1.0 service with the latest enhancements/fixes as well as adding support for OAuth 2.0 and OpenID Connect, as required for compatibility with Globus Auth.

Review Summary

  • (Shava) Inca section in deployment plan is incorrect
    • Developer removed Inca section once realized just Nagios tests needed changing; since OA4MP can only be used interactively via a web browser, Inca tests are not possible
  • (Choonhan) Clarify roles of administrator and developer parts in test plan
    • Developer updated new version of the test plan
  • (Peter) Clarify instructions for how to activate an XSEDE GridFTP end-point with
    • Developer updated deployment plan
  • (Shava) Combine two developer documents for OAuth 1 and OAuth 2
    • Developer clarified that the OAuth 2 developer document should replace the older OAuth 1 developer document.
  • (Choonhan) Oauth1 admin doc has same title as Oauth 2 admin doc
    • Developer fixed titles
  • (Choonhan) URL to Tomcat 8 is incorrect
    • Developer checked in Tomcat 8 to SVN and corrected URL
  • (Choonhan) Hard coded path to key tool in
    • Developer corrected path to default on Linux systems

Review Input Documents

Software (use the latest revision below)


Review Criteria

Package information: All software packages (e.g., server and client packages) for this CI are listed.

Documentation and Installation instructions: The deployment plan for this CI on XSEDE is clearly described as well as the installation instructions and any XSEDE specific configuration instructions.

Test environment and facilities: The test environment needed to adequately to validate this component is described. Should indicate also whether testing can be performed within a VM and if not, the reasons for it.

Assumptions: Lists any assumptions needed before testing can begin (e.g., accounts needed).

Test procedures, cases, and scenarios: Lists the tests that should be run or an associated test suite and expected performance metrics if applicable.

Defect, issue, and risk reporting: Deployment plans should include defect and issue reporting information. The testing plan could reference that same information from the deployment plan, or provide alternate information if defects and issues need to be reported differently during testing. Risks, as well as defects and issues, should be part of the testing report.


Current Date: 2024-06-21
Current Status: Closed (Test Readiness Review)
Target Date Actual Date Activity Milestone
  2016-10-26 Review launch date
2016-11-02 Written feedback due (Reviewers)
2016-11-04 2016-11-07 Written response date (Review Material Developers)
2016-11-07 2016-11-07 Final approval due and completion date (Reviewers)
Review Created: 2016-10-26 8:41 am
Review Last Updated: 2016-11-07 1:30 pm



If you are a reviewer, please login to sign or withdraw from this review.


  • Peter Enstrom
    SIGNED: 2016-11-02 15:36
  • Shava Smallen
    SIGNED: 2016-11-07 14:33
  • Choonhan Youn
    SIGNED: 2016-10-26 13:46


  • Gary Rogers
    SIGNED: 2016-11-03 15:29


  • Maytal Dahan

Review Material Developers

Venkatesh Yekkirala

Review Facilitator

Shava Smallen


Please post your comments using the "New topic" or "Post reply" buttons in the forum below.