Overview
Globus Connect Server version 5.4 (GCS v5.4) is the next generation of the storage provider’s interface to the Globus system. It connects a storage system to the Globus data transfer service, enabling researchers to use the Globus web application (https://app.globus.org), Globus CLI, Globus Transfer API, or a Web browser to access the storage system, subject to the administrator’s data access policies.
GCS v5.4 replaces the X.509-based security mechanism used in GridFTP and Globus Connect Server version 4 with a new mechanism based on OpenID Connect 1.0 (OIDC) and OAuth 2.0 (OAuth2). OIDC/OAuth2-based security is widely used in the research community and in the mainstream Internet.
This design and security review gives XSEDE Operations, Service Providers, and other key stakeholders an opportunity to review the most important functional, design and security characteristics of GCS v5.4. Feedback from this review should identify the most important concerns that need to be addressed to deploy GCS v5.4 in production on XSEDE. XCI is conducting endpoint deployment and access testing before releasing it to XSEDE service providers.
Review Summary
Most important DSR feedback:
- Suggestion to add end-user and science gateway developer documentation
- Suggestion to include GCS v4 to v5 endpoint migration information will not be addressed as XSEDE never released GCS v4
- Recommendation that the XSEDE Installation Guide better describe the use of multiple mapfiles
- Suggestion to clarify whether the identities the user must authenticate with can be configured into the Storage Gateway
- Various clarifications recommendations or broken link issues were addressed
Review Output Documents (Final)
Review Input Documents
Review Criteria
- Does GCS satisfy XSEDE and SP security requirements and mitigate the most important risks
- Does GCS address the most important functional requirements for operators to manage storage access
- Does GCS address the most important functional requirements for users and science gateway developers to access storage systems
- Are the Design/Security Description, XSEDE Installation Guide, and Domain Guide documents clear and do they cover the most important design/security elements
- Do you have any deployment, announcement, and training recommendations
Schedule
Current Date: 2025-01-13Current Status: Closed (Design and Security Review)
Target Date | Actual Date | Activity Milestone |
---|---|---|
2021-03-30 | Review launch date | |
2021-04-14 | 2021-04-23 | Written feedback due (Reviewers) |
2021-04-16 | 2021-04-26 | Written response date (Review Material Developers) |
2021-04-23 | 2021-04-26 | Final approval due and completion date (Reviewers) |
Review Last Updated: 2021-04-26 5:58 pm
Reviewers
If you are a reviewer, please login to sign or withdraw from this review.
Required
- John-Paul Navarro
VIEWED: 2021-08-11 13:03
SIGNED: 2021-04-26 14:11 - David Wheeler
VIEWED: 2021-04-24 12:15
SIGNED: 2021-04-24 12:15
Optional
- Jim Basney
VIEWED: 2021-04-01 16:10
SIGNED: 2021-04-01 16:10 - Christopher Jordan
VIEWED: 2021-04-26 10:11
SIGNED: 2021-04-26 10:11 - Robert Quick
- Gary Rogers
- Tabitha Samuel
- Derek Simmel
VIEWED: 2021-04-19 14:33 - Shava Smallen
VIEWED: 2021-07-09 20:47 - Alexander Withers
Review Material Developers
Lee Liming
Review Facilitator
John-Paul Navarro