wiki:T12_Security/OMII-UK/20081016

Version 4 (modified by pjkersha, 11 years ago) (diff)

--

NDG Security

Home | Research | Architecture | Documentation | Downloads | Discussion | OMII-UK | ESG and IPCC AR5 | DEWS | Admin Quick Start


OMII-UK NDG Security Status Report 2008/10/16

Summary

  1. Integration of NDG Security into the BADC Data Browser the main data access point for the BADC.
    • work has been carried out to integrate security into the BADC's website (independent to the  NDG site)
    • Adaptors have been written to integrate the Python security code into the legacy Perl code base.
    • A  test deployment has been made. This links with NDG Security Single Sign On service so that other NDG Partner sites are linked in (see login link) and it has a Policy Decision Point written to interface with the BADC's ProFTP based access control.
  2. #927 Port services into WSGI framework:
    • The Attribute Authority is ported, Session Manager port part complete.
  3. #983 OpenID Provider
    • a patch has been submitted to the developer of Authkit the security component of the Python Pylons web application framework. This will enable use of the Attribute Exchange OpenID extension. This provides the capability to pass arbitary attributes over the OpenID interface in addition to the OpenID URL identifier.
  4. #938 Java Client Interface:
    • Session Manager and Attribute Authority clients have now been tested.
  5. #940 WS-Security for ZSI: The SignatureHandler class has been re-engineered. It needs lifting from NDG Security package structure and making into an independent package for release to Python community.
  6. #941 MyProxy client: ditto the above.
  7. #958 no further work on SAML class but this is needed for collaboration work with the Earth System Grid for the IPCC Fifth Assessment report. SAML has been agreed upon as the protocol for attribute exchange in this work.
  8. #939 PHP client: given the overrun on other tasks this cannot be completed in the schedule.
  9. #943 Generic Session Manager package: work has been carried out to make a generic interface for the Session Manager. This decouples it form dependency from MyProxy and so enables it to be plugged into other authentication mechanisms e.g. interface to a user database.
  10. #944 Shibboleth integration: this will not be completed in the schedule. In preliminary work early this year:
    • A test IdP and SP were set-up: it should be straightforward to implement a Python IdP and or SP interface.
    • Contacts were made here at RAL and with the SPAM-GP team to see what would involved technically and the administrative steps to join the UK Federation.
    • Shibboleth enabling NDG Security still remains a priority.
  11. #945 OMII-AuthZ: this couldn't be taken forward on the advice of OMII-UK

Other Relevant

  1. Phil met with Tim, Simon Hettrick and developers at OMII-UK on 5 Oct to collaboration on an article about NDG Security and to talk with the OMII-UK developers and demonstrate the software.
  2. Earth System Grid interoperability for the IPCC Fifth Assessment Report: a successful meeting was held in Seattle on 16 September. We agreed on the interfaces for an Attribute Service and on the use of SAML for the protocol for attribute exchange to compliment OpenID for Single Sign On
  3. NERC Data Grid Medium Sized Initiative: a three month follow on project to the OMII-UK CSP will develop interfaces for NDG Security with OGC services for data visualization and download.