Changes between Version 3 and Version 4 of TI12_Security/Security0612


Ignore:
Timestamp:
12/12/06 13:08:33 (13 years ago)
Author:
pjkersha
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TI12_Security/Security0612

    v3 v4  
    77  * Although the WS-Secuirty standard is established the tooling has not reached full maturity.  With WebSphere, you can do most of what you want but it is a subset of the full standard. 
    88 * Carried out a major update of python  web services from ZSI version 1.6 to 2.0 rc3.  This includes using doc/literal wrapped style WSDL.  Also, now using Twisted resource framework for python web server. 
     9 * Eggifying security: separated security into client and server packages which can be deployed separately.  Still some way from completion and there are problems eggifying some packages notably Twisted. 
    910 
    1011== DEWS Security Critical Path and resource allocation (applicable to NDG also) == 
     12This is a summary of the remaining tasks for completion of NDG security for DEWS and amounts to around two months effort. 
    1113 
    1214 1. WS-Security WebSphere - Python interface (Done) 
     
    1820 1. Refactor pyXMLSec digital signature. This is used in for signing WS messages but ALSO for signing Attribute Certificates. Attribute Certificates are signed using an enveloped signature independently of being sent over the wire via a WS.  Two alternatives - Option 1) is preferred to ensure independence of transport layer: 
    1921   1. Refactor signature code removing pyXMLSec code and replacing with new signature code as used with WS-Security signature handler 
    20    1.Dispense with enveloped signature for Attribute Certificates and rely on signature applied by WS-Security handler at the point of message dispatch 
     22   1. Dispense with enveloped signature for Attribute Certificates and rely on signature applied by WS-Security handler at the point of message dispatch 
     23 1. !MyProxy pure python client. Python code to connect to myproxy-server over SSL using M2Crypto and implement the various commands needed as methods of a python client class: myproxy-logon, myproxy-store (add credential to the repository), myproxy-destroy (removes a credential from repository).  Current status: all complete bar integration and unit tests.  logon method requires a patch to M2Crypto.  This needs to be submitted to the M2Crypto developers. 
     24 1. Oracle Attribute Authority interface for the Python Attribute Authority (to be based on code developed within NDG at BODC).  
     25 1. Take Siva's code used for BODC Oracle interface and use for LostWax Attribute Authority 
     26 1. Install Security at the !MetOffice and !LostWax (and possible ESSC too). Go to sites to install or revise installation guide so that it can be done unsupervised.  
     27   1. MetOffice - install Attribute Authority. (Note that no !MyProxy is needed for DEWS at this stage). 
     28   1. LostWax - install Attribute Authority, Session Manager and !MyProxy. LostWax have a target machine running Redhat available. 
     29   1. Establish what will happen at ESSC. 
     30 1. Eggify security. Current status: security code is now separated into server, client, common and unit test packages. Ideally all the code components needed by clients (user clients and application clients) should be in easy to install packages. As many server components as possible should also be eggified, but it is recognised that until Twisted is eggified this may not be that useful. (5 days, 33 total). 
     31 1. Complete setup.py script for each package and overall setup.py to create individual eggs for client and server and overall egg to create whole bundle 
     32 1. Add scripting to create configuration files and installation location for the 
     33 1. Scripting to create security scripts for security bin directory (there's a standard egg way of doing this) 
     34 1. DEWS Auditing and Logging. Security will need to interact with the Lost Wax logging service. (5 days, 38 total). Note that this can be done after delivery of the security package and done as an update. 
     35 1. Interface with LostWax logging service 
     36 1. Remaining documentation for DEWS auditing logging workpackage  
    2137 
    22  1. !MyProxy pure python client. Python code to connect to myproxy-server over SSL using M2Crypto and implement the various commands needed: myproxy-logon, myproxy-store, myproxy-destroy. Current status: working MyProxy store method working.  
    23   1. complete MyProxy logon method 
    24   1. Write MyProxy destroy method (removes a credential from repository) 
    25  1. Oracle Attribute Authority interface for the Python Attribute Authority (to be based on code developed within NDG at BODC).  
    26 1.Take Siva's code used for BODC Oracle interface and use for LostWax Attribute Authority 
    27 7.Install Security at the MetOffice and Lost Wax (and possible ESSC too). Go to sites to install or revise installation guide so that it can be done unsupervised. (5 days, 23 total). 
    28 1.MetOffice - install Attribute Authority. (Note that no MyProxy is needed for DEWS at this stage). 
    29 2.LostWax - install Attribute Authority, Session Manager and MyProxy. LostWax have a target machine running Redhat available. 
    30 3.Establish what will happen at ESSC. 
    31  
    32 At this point we have 23 days work identified. Ideally however, we should have done the following before installing software, and we need to allow for a further 5 days of support for meetings etc.  
    33  
    34 8.Eggify security. Current status: security code is now separated into server, client, common and unit test packages. Ideally all the code components needed by clients (user clients and application clients) should be in easy to install packages. As many server components as possible should also be eggified, but it is recognised that until Twisted is eggified this may not be that useful. (5 days, 33 total). 
    35 1.Complete setup.py script for each package and overall setup.py to create individual eggs for client and server and overall egg to create whole bundle 
    36 2.Add scripting to create configuration files and installation location for the 
    37 3.Scripting to create security scripts for security bin directory (there's a standard egg way of doing this) 
    38 9.Auditing and Logging. Security will need to interact with the Lost Wax logging service. (5 days, 38 total). Note that this can be done after delivery of the security package and done as an update. 
    39 1.Interface with LostWax logging service 
    40 2.Remaining documentation for auditing logging workpackage  
    41