REVIEW-83: XCI-826: Deliver Globus Connect Server (GCS) v5.4 to XSEDE - Design/Security Review

Overview

Globus Connect Server version 5.4 (GCS v5.4) is the next generation of the storage provider’s interface to the Globus system. It connects a storage system to the Globus data transfer service, enabling researchers to use the Globus web application (https://app.globus.org), Globus CLI, Globus Transfer API, or a Web browser to access the storage system, subject to the administrator’s data access policies.

GCS v5.4 replaces the X.509-based security mechanism used in GridFTP and Globus Connect Server version 4 with a new mechanism based on OpenID Connect 1.0 (OIDC) and OAuth 2.0 (OAuth2). OIDC/OAuth2-based security is widely used in the research community and in the mainstream Internet.

This design and security review gives XSEDE Operations, Service Providers, and other key stakeholders an opportunity to review the most important functional, design and security characteristics of GCS v5.4. Feedback from this review should identify the most important concerns that need to be addressed to deploy GCS v5.4 in production on XSEDE. XCI is conducting endpoint deployment and access testing before releasing it to XSEDE service providers.

Review Summary

Most important DSR feedback:

  • Suggestion to add end-user and science gateway developer documentation
  • Suggestion to include GCS v4 to v5 endpoint migration information will not be addressed as XSEDE never released GCS v4
  • Recommendation that the XSEDE Installation Guide better describe the use of multiple mapfiles
  • Suggestion to clarify whether the identities the user must authenticate with can be configured into the Storage Gateway
  • Various clarifications recommendations or broken link issues were addressed

Review Output Documents (Final)

Review Input Documents

 

Review Criteria

  • Does GCS satisfy XSEDE and SP security requirements and mitigate the most important risks
  • Does GCS address the most important functional requirements for operators to manage storage access
  • Does GCS address the most important functional requirements for users and science gateway developers to access storage systems
  • Are the Design/Security Description, XSEDE Installation Guide, and Domain Guide documents clear and do they cover the most important design/security elements
  • Do you have any deployment, announcement, and training recommendations

Schedule

Current Date: 2025-01-13
Current Status: Closed (Design and Security Review)
Target Date Actual Date Activity Milestone
  2021-03-30 Review launch date
2021-04-14 2021-04-23 Written feedback due (Reviewers)
2021-04-16 2021-04-26 Written response date (Review Material Developers)
2021-04-23 2021-04-26 Final approval due and completion date (Reviewers)
Review Created: 2021-03-29 6:33 pm
Review Last Updated: 2021-04-26 5:58 pm

 

Reviewers

If you are a reviewer, please login to sign or withdraw from this review.

Required

  • John-Paul Navarro
    VIEWED: 2021-08-11 13:03
    SIGNED: 2021-04-26 14:11
  • David Wheeler
    VIEWED: 2021-04-24 12:15
    SIGNED: 2021-04-24 12:15

Optional

  • Jim Basney
    VIEWED: 2021-04-01 16:10
    SIGNED: 2021-04-01 16:10
  • Christopher Jordan
    VIEWED: 2021-04-26 10:11
    SIGNED: 2021-04-26 10:11
  • Robert Quick
  • Gary Rogers
  • Tabitha Samuel
  • Derek Simmel
    VIEWED: 2021-04-19 14:33
  • Shava Smallen
    VIEWED: 2021-07-09 20:47
  • Alexander Withers

Review Material Developers

Lee Liming

Review Facilitator

John-Paul Navarro

 

Please post your comments using the "New topic" or "Post reply" buttons in the forum below.