REVIEW-78: XCI-757 Update idp.xsede.org to current InCommon TAP container - Design/Security Review

Overview

XSEDE’s InCommon identity provider (idp.xsede.org) currently runs at NCSA and NICS using Shibboleth Identity Provider (IdP) V3 on CentOS 6 VMs. CentOS 6 support ends November 2020, and Shibboleth IdP V3 support ends December 2020. This activity updates idp.xsede.org to use the currently supported Shibboleth Docker container from the InCommon Trusted Access Platform​ running in XSEDE’s AWS account.

Review Summary

Gary, Alex, and JP reviewed the design and had no concerns.

Review Output Documents (Final)

Review Input Documents

Review Criteria

  • Are there any unaddressed security or design concerns with migrating this service to an Amazon Elastic Container Service
  • Are there any unaddressed security or design concerns with implementing this service using a Docker Container
  • Are there any concerns with migrating from NCSA and NICS specific SysOps methods to XSEDE SysOps methods
  • Are there any unaddressed implementation or operation costs concerns

Schedule

Current Date: 2021-04-22
Current Status: Closed (Design and Security Review)
Target Date Actual Date Activity Milestone
  2020-08-24 Review launch date
2020-09-04 Written feedback due (Reviewers)
2020-09-09 2020-09-17 Written response date (Review Material Developers)
2020-09-11 2020-09-17 Final approval due and completion date (Reviewers)
Review Created: 2020-08-24 4:08 pm
Review Last Updated: 2020-09-17 11:57 am

 

Reviewers

If you are a reviewer, please login to sign or withdraw from this review.

Required

  • John-Paul Navarro
    VIEWED: 2021-02-05 16:10
    SIGNED: 2020-09-17 11:55
  • Gary Rogers
    VIEWED: 2020-09-11 09:44
    SIGNED: 2020-09-11 09:26

Optional

  • Victor Hazlewood
  • Lee Liming
  • Derek Simmel
  • Alexander Withers
    VIEWED: 2020-08-31 14:03

Review Material Developers

Jim Basney

Review Facilitator

John-Paul Navarro

 

Please post your comments using the "New topic" or "Post reply" buttons in the forum below.