Changes between Version 6 and Version 7 of T12_Security/OMII-UK/20080214

14/02/08 14:21:29 (14 years ago)



  • T12_Security/OMII-UK/20080214

    v6 v7  
    33== OMII-UK NDG Security Status Report 2008/02/14 == 
     4=== Summary === 
     5 * The [ Computational Viewpoint] architecture document is complete. 
     6 * Oracle - !MyProxy interface for BODC has proved more difficult than expected with coding required to adapt an Open Source Oracle PAM (Pluggable Authentication Module) library. 
     7 * Fred Lundh developer of the Python !ElementTree XML package has been writing a Canonicalizer for it as part of the NERC Portals project.  Testing for this has diverted effort from other tasks. 
     8 * Discussion with UK-Federation Shibboleth ocntacts here have established more clearly possibilities for Shibboleth - NDG Security interface. 
    5 === Tasks === 
    6 ==== 01: Documentation ==== 
    7  * Completed [ NDG Security Computational Viewpoint] design document.  This gives an overview of the NDG Security system architecture. 
    8  * Installation Guide updated to include instructions for configuring !MyProxy as a SimpleCA and PAM interface to target site specific authentication system. 
     10=== Tasks Currently Active === 
     11[ticket:929 01: Documentation] 
    10 ==== 02: Port services into WSGI framework ==== 
    11 Recently experimented with paster using the `pylons_minimal` template.  This should provide a good basis for security services. 
     13[ticket:927 02: Port services into WSGI framework] 
    13 ==== 03: Use !MyProxy as a Simple CA (#928) ==== 
    14 This is to enable !MyProxy to interface with NDG partner sites' existing authentication mechanism i.e. via a user database: 
    15  * BADC having working version integrated against a Postgres database 
    16  * PML also use Postgres and will copy BADC installation 
    17  * BODC require a PAM to plugin to Oracle.   
    18   * Enquiries have been made with the NGS at RAL to see if they have had experience with something like this but the answer is no. 
    19   * An Open Source Oracle PAM is available pam_oci8 based on the OCI8 C library client wrapper to Oracle.  However, this does not appear to be supported anymore and doesn't include capability for MD5 encryption of passwords.  This module has been adapted to the latter and tested at BODC 
    20   * BODC will make a support request to Oracle to see if there is an off-the-shelf package. 
    21  * NOCS: todo - try MySQL PAM. 
     15[ticket:928 03: Use MyProxy as a Simple CA] 
    23 ==== 04: Integration of SAML into NDG Security ==== 
     17[ticket:958 04: Integration of SAML into NDG Security] 
    25 ==== 06: NDG security Java client for Axis1 and Axis2 ==== 
     19[ticket:931 NDG Security - OpenId interface] 
     21=== Additional === 
     22 Brought forward in the schedule activities on these task to enable validation of Fredrik Lundh's !ElementTree Canonicalization code: 
     23  [ticket:938 06: NDG security Java client for Axis1 and Axis2] 
     24  [ticket:940 08: WS-Security for ZSI] 
     25 Brought forward through discussions with STFC Shibboleth contacts and activity on #958: 
     26  [ticket:944 NDG Security - Shibboleth interface] 
    2728=== OMII-UK Site ===