wiki:SecurityTeam/Agenda/Agenda11.08.06

Version 6 (modified by pjkersha, 13 years ago) (diff)

--

Location: SecurityTeam/Agenda?/Agenda11.08.06

NDG Security Configuration at the BODC Meeting [9.30 11 August 2006 @ BODC]

Aims

  • Determine the system configuration for all the NDG Security components at the BODC
  • To migrate from the current prototype configuration on livglue to the Alpha version.
  • Take into account the new arrangement of the Livgrid servers as follows:

Relevant Documents

Agenda

  1. Review of NDG Security
  2. Data Provider Deployment Use Case SecurityTeam/UseCases/DataProviderDeployment?
  3. Components for Configuration
    1. MyProxy Server
      • suitable host
      • Location of Certificates on host
      • firewall considerations
      • Requirement for minimal services running on that machine.
      • User/group permissions for installation and configuration.
      • Automated start up from boot: xinetd or SysV Init script
      • Any other security issues or measures to be taken to secure host ...
    2. Session Manager Web Service
      • suitable host
      • firewall considerations
      • Interface to MyProxy - considerations for this
      • Interface to the Credential Repository
    3. Attribute Authority Web Service
      • suitable host
      • firewall considerations
      • User Roles Interface to Oracle Database
    4. Login CGI Service
    5. [Logging Web Service]
    6. [Gatekeeper Web Service]
    7. Miscellaneous:
      • Use of NTP to synchronise clocks of hosts running security services
      • Web Server - https, cgi scripts and WSDL files
  4. Migration from LIVGLUE TO LIVGRID2.
    • Services running on LIVGLUE, Uninstall NDG-Security s/w on LIVGLUE and build everything from scratch on new target hosts
    • Installing NDG-Security Software on LIVGRID2.
    • User/group permissions for installation and configuration
    • LIVGRID1 will be NDG-Production Server ( http://grid.bodc.nerc.ac.uk).
  5. Migrating Credential Repository database from MySQL to Oracle.
    • Purpose of the Credential Repository
    • Creation of Database tables under BODC Oracle Server. Q. Before or after migrating to new Development Server?
    • New custom Python class for BODC Oracle db interface to NDG Security Credential Wallet