REVIEW-45: XCI-36 Enable L3 resource logins via XSEDE using login allocations - Design/Security Review

Overview

General design and security risk review for a new ability for users to login to campus clusters thru the XSEDE SSO hub using an L3 Resource Login Allocation.

Review Summary

Design doc sections B.1, E.1, E.2, F, and G.1 revised to address reviewer comments and include clarifying design text from XCI-36 participants.

Review Output Documents (Final)

https://software.xsede.org/svn/xci/activities/xci-036/trunk/Deliverables/L3Logins-Design.pdf

Review Input Documents

https://software.xsede.org/viewvc/xsede/xci/activities/xci-036/trunk/Deliverables/L3Logins-Design.pdf?pathrev=3692

Review Criteria

Please focus on these questions:

  1. Does the proposed design satisfy the functional user requirements?
  2. Are the protocols and interfaces selected appropriate and secure?
  3. Are all the relevant components and changes to each component identified?
  4. Are the interactions with other XSEDE and non-XSEDE services appropriate and secure?
  5. Are relevant XSEDE security policies and best practices followed?
  6. Are the services operated in a secure way and are the procedures appropriate to deal with planned and unplanned outages and unplanned incidents?

and the following solution supported scenarios:

  1. The user obtains an XSEDE account, requests access to the L3 Resource Login Allocation, is notified when they have been added to the allocation, and is able to login thru the SSO hub to the relevant campus login server
  2. A campus IT administrator can request a new L3 Resource Login Allocation and can add and remove user access to that L3 Resource Login Allocation thus controlling user access to the campus login server

Schedule

Current Date: 2019-06-24
Current Status: Closed (Design and Security Review)
Target Date Actual Date Activity Milestone
  2017-04-19 Review launch date
2017-05-01 2017-05-10 Written feedback due (Reviewers)
2017-05-08 2017-05-12 Written response date (Review Material Developers)
2017-05-12 Final approval due and completion date (Reviewers)
Review Created: 2017-04-19 12:46 pm
Review Last Updated: 2017-05-12 9:34 am

 

Reviewers

If you are a reviewer, please login to sign or withdraw from this review.

Required

  • David Hart
    SIGNED: 2017-04-28 10:42
  • JP Navarro
    VIEWED: 2018-12-03 15:08
    SIGNED: 2017-05-12 12:34

Optional

  • Jonathon Anderson
  • Maytal Dahan
  • Shane Filus
    SIGNED: 2017-05-01 17:54
  • Victor Hazlewood
  • Rob Light
    SIGNED: 2017-04-30 16:19
  • Lee Liming
  • Jim Marsteller
  • Tabitha Samuel
  • Amy Schuele
  • Derek Simmel
  • Shava Smallen
    SIGNED: 2017-05-02 16:08

Review Material Developers

Jim Basney

Review Facilitator

 

Please post your comments using the "New topic" or "Post reply" buttons in the forum below.