REVIEW-64: XCI-196 Deliver XSEDE user to OAuth identity mappings - Design/Security Review

Overview

General design and security risk review for XSEDE user to OAuth identity mappings implementation.

Review Summary

The September 2018 design review identified the following issues:

  1. Multiple usernames per resource: The XCDB API route documented in section F.1 can return multiple usernames. A user may have multiple username at a site due to account merges and other routine AMIE actions. Section F.2 has been updated to note that the mapping file can accept a list of usernames in this case.
  2. No filters on mappings: Historically, for Globus Toolkit X.509 grid-mapfile processing, XSEDE does some filtering to meet IGTF policies. Specifically, a) there are no "Community User" mappings created by default and b) only mappings for "vetted" users on active allocations are included. These filters are in place because IGTF does not allow us to issue user certificates to non-persons like "Community Users" and does not allow us to issue certificates to unvetted users. The review team agreed that these policy questions should be addressed by separate authorization checks (to be developed in XCI-205), rather than being part of the core mapping functionality delivered here, to avoid a one-size-fits-all policy across all XSEDE resources.
  3. Multiple identity providers: The design should address the possibility that an SP may also need to map non-XSEDE OAuth identities to local accounts. Section F.2 has been updated to include the ability to merge XSEDE and non-XSEDE OAuth identities into a single mapping file.
  4. Mappings used by multiple services: While this design was driven primarily by the needs of Globus Auth SSH, we expect Globus Connect (and potentially other services) to also use the mapping file produced by this capability. An explicit note to this effect has been added to Section E.2.6.

Review Output Documents (Final)

https://software.xsede.org/svn/xci/activities/xci-196/trunk/Deliverables/XCI-196-Design.pdf

Review Input Documents

https://software.xsede.org/svn/xci/activities/xci-196/trunk/Deliverables/XCI-196-Design.pdf

Review Criteria

Please focus on these questions:

  1. Does the proposed design provide the required mappings
  2. Does the proposed design follow XSEDE security guidelines and best practices
  3. Does the proposed design mitigate significant security risks
  4. Could the proposed design be improved

Schedule

Current Date: 2019-08-18
Current Status: Closed (Design and Security Review)
Target Date Actual Date Activity Milestone
  2018-09-21 Review launch date
2018-09-28 Written feedback due (Reviewers)
2018-10-05 2019-02-21 Written response date (Review Material Developers)
2018-10-12 2019-02-21 Final approval due and completion date (Reviewers)
Review Created: 2018-09-21 6:30 pm
Review Last Updated: 2019-02-21 6:20 pm

 

Reviewers

If you are a reviewer, please login to sign or withdraw from this review.

Required

  • John-Paul Navarro
    VIEWED: 2019-02-21 18:20
    SIGNED: 2019-02-21 18:19

Optional

  • Victor Hazlewood
    VIEWED: 2018-10-01 15:44
  • Brian Hom
    VIEWED: 2018-09-28 17:02
    SIGNED: 2018-09-28 17:02
  • Lee Liming
    VIEWED: 2018-09-27 12:07
    SIGNED: 2018-09-27 12:07
  • Derek Simmel
    VIEWED: 2018-10-01 17:56
  • Shava Smallen

Review Material Developers

Galen Arnold
Jim Basney
Michael Shapiro

Review Facilitator

John-Paul Navarro

 

Please post your comments using the "New topic" or "Post reply" buttons in the forum below.