wiki:T12_Security/OMII-UK/20080625

NDG Security

Home | Research | Architecture | Documentation | Downloads | Discussion | OMII-UK | ESG and IPCC AR5 | DEWS | Admin Quick Start


OMII-UK NDG Security Status Report 2008/06/25

Summary

  1. Completion of Deployments:
    • BADC is updated
    • BODC complete but there is a firewall problem with https POST requests. This means the Session Manager service is not visible to other sites and so prevents cross site access. BODC sys admin. staff are trying to fix this.
    • NOCS is planned for this week/early next week.
    • PML: passed on details of the new release and awaiting response from them
  2. OpenID:
    • OpenID Relying Party code based on Pylons AuthKit is now in place for NDG Security and integrated into the NDG Browse web interface. This enables OpenID uses to authenticate with NDG services but gives no more than public access privileges to data. This is a desired first objective: we want Data Providers to be able to log access requests to public data from OpenID users.
  3. Java Client Interface:
    • This is not finished and I've not revisited this since I effectively froze work on it after the tests with WSS4J a few months ago. Now that the OpenID work is complete and the updates to the deployments are in place, I want to have the Python ElementTree Canonicalization code into the ZSI web service package before I take this up again. Integration work continues on this but there are still bugs to be resolved - awaiting fixes from the author.

Other

  • Significant progress has been made with #927. Test code runs the Attribute Authority via WSGI middleware instead of the Twisted application framework before. WS-Security handlers can be called in a pipeline configurable in a file.
  • Earth System Grid - NDG security interoperability: we've now had two telecons to discuss status.
    • ESG have chosen OpenID with additional security measures for their Single Sign On solution. This will mean we will need to implement OpenID Provider (Single Sign On login) in addition to the Relying Party code we have just integrated into our system.
    • Details for attribute release and authorisation still to be agreed. We are arranging a meeting in the US for August - tbc.