wiki:T12_Security/OMII-UK/20080214

Version 3 (modified by pjkersha, 11 years ago) (diff)

--

NDG Security

Home | Research | Architecture | Documentation | Downloads | Discussion | OMII-UK | ESG and IPCC AR5 | DEWS | Admin Quick Start


OMII-UK NDG Security Status Report 2008/02/14

01: Documentation

  • Completed  NDG Security Computational Viewpoint design document. This gives an overview of the NDG Security system architecture.
  • Installation Guide updated to include instructions for configuring MyProxy as a SimpleCA and PAM interface to target site specific authentication system.

02: Port services into WSGI framework

Recently experimented with paster using the pylons_minimal template. This should provide a good basis for security services.

03: Use MyProxy as a Simple CA (#928)

This is to enable MyProxy to interface with NDG partner sites' existing authentication mechanism i.e. via a user database:

  • BADC having working version integrated against a Postgres database
  • PML also use Postgres and will copy BADC installation
  • BODC require a PAM to plugin to Oracle.
    • Enquiries have been made with the NGS at RAL to see if they have had experience with something like this but the answer is no.
    • An Open Source Oracle PAM is available pam_oci8 based on the OCI8 C library client wrapper to Oracle. However, this does not appear to be supported anymore and doesn't include capability for MD5 encryption of passwords. This module has been adapted to the latter and tested at BODC
    • BODC will make a support request to Oracle to see if there is an off-the-shelf package.
  • NOCS: todo - try MySQL PAM.

OMII-UK Site

  • NDG Security is entered as a separate  project on the OMII-UK site.
  • A 3 month drop of the software was made on the site

Project Management

The project is now entered into Trac tickets and the  TaskJuggler Project Management tool with a new baseline to reflect changes discussed in the 3 monthly meeting.