General design and security risk review for XSEDE user to OAuth identity mappings implementation.
The September 2018 design review identified the following issues:
- Multiple usernames per resource: The XCDB API route documented in section F.1 can return multiple usernames. A user may have multiple username at a site due to account merges and other routine AMIE actions. Section F.2 has been updated to note that the mapping file can accept a list of usernames in this case.
- No filters on mappings: Historically, for Globus Toolkit X.509 grid-mapfile processing, XSEDE does some filtering to meet IGTF policies. Specifically, a) there are no "Community User" mappings created by default and b) only mappings for "vetted" users on active allocations are included. These filters are in place because IGTF does not allow us to issue user certificates to non-persons like "Community Users" and does not allow us to issue certificates to unvetted users. The review team agreed that these policy questions should be addressed by separate authorization checks (to be developed in XCI-205), rather than being part of the core mapping functionality delivered here, to avoid a one-size-fits-all policy across all XSEDE resources.
- Multiple identity providers: The design should address the possibility that an SP may also need to map non-XSEDE OAuth identities to local accounts. Section F.2 has been updated to include the ability to merge XSEDE and non-XSEDE OAuth identities into a single mapping file.
- Mappings used by multiple services: While this design was driven primarily by the needs of Globus Auth SSH, we expect Globus Connect (and potentially other services) to also use the mapping file produced by this capability. An explicit note to this effect has been added to Section E.2.6.
Review Output Documents (Final)
Review Input Documents
Please focus on these questions:
- Does the proposed design provide the required mappings
- Does the proposed design follow XSEDE security guidelines and best practices
- Does the proposed design mitigate significant security risks
- Could the proposed design be improved
ScheduleCurrent Date: 2019-03-21
Current Status: Closed (Design and Security Review)
|Target Date||Actual Date||Activity Milestone|
|2018-09-21||Review launch date|
|2018-09-28||Written feedback due (Reviewers)|
|2018-10-05||2019-02-21||Written response date (Review Material Developers)|
|2018-10-12||2019-02-21||Final approval due and completion date (Reviewers)|
Review Last Updated: 2019-02-21 6:20 pm
If you are a reviewer, please login to sign or withdraw from this review.
- JP Navarro
VIEWED: 2019-02-21 18:20
SIGNED: 2019-02-21 18:19
- Victor Hazlewood
VIEWED: 2018-10-01 15:44
- Brian Hom
VIEWED: 2018-09-28 17:02
SIGNED: 2018-09-28 17:02
- Lee Liming
VIEWED: 2018-09-27 12:07
SIGNED: 2018-09-27 12:07
- Derek Simmel
VIEWED: 2018-10-01 17:56
- Shava Smallen
Review Material Developers