Changes between Version 5 and Version 6 of TI12_Security/Security0612


Ignore:
Timestamp:
12/12/06 14:17:41 (13 years ago)
Author:
pjkersha
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TI12_Security/Security0612

    v5 v6  
    1313This is a summary of the remaining tasks for completion of NDG security for DEWS and amounts to around two months effort. 
    1414 
    15  1. WS-Security WebSphere - Python interface (Done) 
    16  1. DEWS: Securing Geoserver. While we expect this work to be done at the Met Office (in cooperation with ESSC), we expect to be providing consultancy on the token signature evaluation etc and coordinating the work  
     15 1. WS-Security !WebSphere - Python interface (Done) 
     16 1. DEWS: Securing Geoserver. While we expect this work to be done at the !MetOffice (in cooperation with ESSC), we expect to be providing consultancy on the token signature evaluation etc and coordinating the work  
    1717 1. Update security WS interfaces for Session Manager, Attribute Authority and Simple CA.  NB: Session Manager interface is complete, Attribute Authority and SimpleCA code is part complete.  
    1818   1. re-write of rpc encoded WSDLs to wrapped/doc/literal style 
     
    2222   1. Refactor signature code removing pyXMLSec code and replacing with new signature code as used with WS-Security signature handler 
    2323   1. Dispense with enveloped signature for Attribute Certificates and rely on signature applied by WS-Security handler at the point of message dispatch 
    24  1. !MyProxy pure python client. Python code to connect to myproxy-server over SSL using M2Crypto and implement the various commands needed as methods of a python client class: myproxy-logon, myproxy-store (add credential to the repository), myproxy-destroy (removes a credential from repository).  Current status: all complete bar integration and unit tests.  logon method requires a patch to M2Crypto.  This needs to be submitted to the M2Crypto developers. 
     24 1. !MyProxy pure python client. Python code to connect to myproxy-server over SSL using M2Crypto and implement the various commands needed as methods of a python client class: myproxy-logon, myproxy-store (add credential to the repository), myproxy-destroy (removes a credential from repository).  Current status:  
     25   1. all complete bar integration and unit tests.   
     26   1. logon method requires a patch to M2Crypto.  This needs to be submitted to the M2Crypto developers. 
    2527 1. Oracle Attribute Authority interface for the Python Attribute Authority (to be based on code developed within NDG at BODC).  
    26  1. Take Siva's code used for BODC Oracle interface and use for LostWax Attribute Authority 
     28   1. Take Siva's code used for BODC Oracle interface and use for !LostWax Attribute Authority 
    2729 1. Install Security at the !MetOffice and !LostWax (and possible ESSC too). Go to sites to install or revise installation guide so that it can be done unsupervised.  
    28    1. MetOffice - install Attribute Authority. (Note that no !MyProxy is needed for DEWS at this stage). 
    29    1. LostWax - install Attribute Authority, Session Manager and !MyProxy. LostWax have a target machine running Redhat available. 
     30   1. !MetOffice - install Attribute Authority. (Note that no !MyProxy is needed for DEWS at this stage). 
     31   1. !LostWax - install Attribute Authority, Session Manager and !MyProxy. !LostWax have a target machine running Redhat available. 
    3032   1. Establish what will happen at ESSC. 
    3133 1. Eggify security. Current status: security code is now separated into server, client, common and unit test packages. Ideally all the code components needed by clients (user clients and application clients) should be in easy to install packages. As many server components as possible should also be eggified, but it is recognised that until Twisted is eggified this may not be that useful. (5 days, 33 total). 
    3234 1. Complete setup.py script for each package and overall setup.py to create individual eggs for client and server and overall egg to create whole bundle 
    33  1. Add scripting to create configuration files and installation location for the 
    34  1. Scripting to create security scripts for security bin directory (there's a standard egg way of doing this) 
    35  1. DEWS Auditing and Logging. Security will need to interact with the Lost Wax logging service. (5 days, 38 total). Note that this can be done after delivery of the security package and done as an update. 
     35   1. Add scripting to create configuration files and installation location for the 
     36   1. Scripting to create security scripts for security bin directory (there's a standard egg way of doing this) 
     37 1. DEWS Auditing and Logging. Security will need to interact with the Lost Wax logging service. Note that this can be done after delivery of the security package and done as an update. 
    3638 1. Interface with LostWax logging service 
    3739 1. Remaining documentation for DEWS auditing logging workpackage