Changes between Version 27 and Version 28 of WikiStart


Ignore:
Timestamp:
06/10/10 10:43:49 (10 years ago)
Author:
pjkersha
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • WikiStart

    v27 v28  
    11= Security = 
     2[[PageOutline]] 
     3== Development Activities == 
     4 * [wiki:SAML2.0 ndg_saml]: The Python SAML 2.0 implementation developed for NDG Security and the Earth System Grid Federation] 
     5 * [wiki:XACML ndg_xacml]: Python implementation of XACML, eXtensible Access Control Markup Language developed for CEDA (Centre for Environmental Data Archival). 
     6 * [wiki:MyProxyClient MyProxyClient]: Python implementation of the client interface to the !MyProxy Credential Management Service 
     7 * [wiki:MyProxyWebService MyProxyWebService]: a Python WSGI application which presents a HTTPS interface to the !MyProxy Credential Management Service logon and get trust roots operations. 
    28 
    3 Being the NDG3 security activities. More generic NDG security activities can be found [wiki:T12_Security here]. 
    4  
    5 === Meetings === 
    6  
    7 ==== October 1, 2008 ==== 
    8  
    9 The issue is that we need to link NDG security to the OWS client and server stacks (and ideally [http://pydap.org/ PyDAP] too). 
    10  
    11 All these actions to be carried out by Phil in the Nov-Jan time frame. 
    12  
    13 This can be achieved in the server by using WSGI middleware that can be configured using (for example) a regular expression which identifies the resource identifier in any HTTP GET URLS (and presumably POST), and then does a call out to the rest of the NDG security infrastructure. This middleware will be a policy enforcement point and could redirect for authentication and authorisation. 
    14  
    15 We need an NDG gatekeeper piece of code which can respond to requests matching user credentials to resource URIs to make policy decisions. 
    16  
    17 We need to address the client side. While using cookies for the browser would seem straightforward, how would the owslib client do the security? How would openlayers (or any embedded javascript) respect the browser cookie security environment. 
    18  
    19 === Tasks === 
    20 The overall objective is security enable OWS services.  We want to do this in a way that has minimal impact on the services they protect and on clients such as [http://openlayers.org/ OpenLayers] making requests. 
    21  1. Write a security filter to filter requests to OWS services permitting access to a secured resource only to authenticated and authorized users.  Test and make work with !OpenLayers based clients. 
    22    * Dependencies and ordering:  
    23     * Re-engineering of code stack (part of OMII-UK Commissioned Software Project) needs to be completed first.   
    24     * OWS Server development work is ''dependent'' on this.  OWS Server can be tested without security but integration with security is an important step.  The security filter should ideally be completed first. 
    25    * Start Date: December 08 
    26    * Duration: 20 days 
    27    * Relevant tickets: #1004, #1005, #1006 
    28  1. Write security client code to enable a client application written in Python to access a secured OWS service.  (Ticket #1008) 
    29    * Dependencies and ordering: dependent on 1) and development of OWS Python client code. 
    30    * Start Date: Mid January 09 
    31    * Duration: 5 days 
    32    * Relevant tickets: #1008 
    33  1. Apply the same or a similar filter to an [http://www.opendap.org/ OPeNDAP] service.  The OPeNDAP server would be based on the Python implementation of OPeNDAP, [http://pydap.org/ pyDAP].  This task will require familiarisation with a new package pyDAP.  This task is of secondary importance to 1)   
    34    * Dependencies and ordering: complete task 1) and 3) first. 
    35    * Start Date: late Jan / early Feb 09 
    36    * Duration: 10 days 
    37    * Relevant Tickets: #1007 
    38  1. Security Integration.  
    39    * Duration:5 days 
    40    * Relevant Ticket: #1010 
    41    * Start Date: late Feb/early March 
    42    * Software Integration 
    43      * server-side 
    44      * client-side 
    45    * Deployment Integration 
    46    * Aiding in ensuring that resources are appropriately listed in security uri -> role database. 
    47  
    48 === Risks === 
    49  1. Completion of OMII-UK Commissioned Software Project work (likely to impact).  The OMII-UK project finishes at the end of October but a no cost extension has been agreed up to the end of the year.  This is in order to put together final deliverables.  Work from this project required to be completed: 
    50    * Re-engineering of security code stack to use filter based (WSGI) technology.  This is a prerequisite for NDG3 security work. 
    51    * integration of NDG Security with the BADC Data Browser 
    52  1. [http://www.earthsystemgrid.org/ Earth System Grid] interoperability for the IPCC Fifth Assessment Report (less likely to impact) 
    53    * NDG Security components need to be made interoperable with security architecture agreed with the ESG team.  This work involve agreeing interfaces, developing new security modules (Attribute Service) and testing.  This work is not likely to start until Feb 09 at earliest. 
    54  1. DMAG Workshop preparation (likely to be minimal impact) 
    55  1. Leave late Oct/early to mid Nov 08. (approx. 15 days not including Christmas and New Year). 
    56  
    57 === [query:status=new|assigned|reopened&milestone=NDG3&owner=pjkersha&order=priority NDG3 Security Tickets] === 
    58 These break down the tasks into more detail: 
    59 [[TicketQuery(status=new|assigned|reopened&milestone=NDG3&owner=pjkersha&order=priority Active tickets)]] 
    60  
    61 === Reports === 
    62 Two weekly summaries for James (Monthly from March onwards): 
    63  1. [wiki:2WeeklyReports/20090108 20090109] 
    64  1. [wiki:2WeeklyReports/20090121 20090121] 
    65  1. [wiki:2WeeklyReports/20090130 20090130] 
    66  1. [wiki:2WeeklyReports/20090213 20090213] 
    67  1. [wiki:2WeeklyReports/20090227 20090227] 
    68  1. [wiki:2WeeklyReports/20090331 20090331] 
    69  1. [wiki:2WeeklyReports/20090430 20090430] 
    70  1. [wiki:2WeeklyReports/20090604 20090604] 
    71  1. [wiki:2WeeklyReports/20090717 20090717] 
    72  
    73 ---- 
    74 NDG3: [wiki:Capability], [wiki:Discovery], [wiki:Vocab], [wiki:Software], [wiki:MOLES], [wiki:Security], [wiki:Community], [wiki:Roadmap], [wiki:Management] 
     9== Projects == 
     10 * Federated Access control infrastructure for the Earth System Grid Federation 
     11 * [wiki:MashMyData MashMyData]: a NERC funded demonstrator project to create a portal environment for users to combine their data with datasets from distributed sources.  It will trial access control with multihop delegation in a workflow. 
     12 * [wiki:NDG3 NERC DataGrid 3 Project Activities]