wiki:TI12_Security/betaCriticalPath

Version 4 (modified by lawrence, 12 years ago) (diff)

questions for Phil

Critical Path for BETA+Security

Issues

  1. Do we deploy at all NDG partners / only BADC / BADC + one other? We would need at least the latter to demonstrate role mapping and cross site single sign on.
    • (BNL) All partners need to have it working!
  2. Do we need a completed SimpleCA Web Service? It's not a straightforward upgrade from the Alpha version because the client for Alpha required a Globus client. As with MyProxy we want this eliminated for beta. Nb. the SimpleCA Web Service would be superceded in any case if we make the planned change later this year to use MyProxy as a CA. In the meantime we can run a batch script to generate all the certificates we need at BADC without the need to use an upgraded SimpleCA service. Generation of all user certs at other sites could be more problematic. However, BODC for example only had a handful of users set-up for NDG Alpha tests.
    • (BNL) I think all the sites (except us) will only have test users.
    • (BNL) In general I don't know the answer to the question, because I've lost track of when we need this particular service ... can you elaborate?

Tasks

  1. Complete Development
    1. Attribute Authority (done)
    2. MyProxy Client (done)
    3. WS-Security interface (done) This is now modified to allow inclusion of certificate trust chains required with use of proxy certificates.
    4. Security Eggs (done) but require minor tweaks.
    5. Session Manager - minor changes [1 day, total 1]
    6. Login Service [3 days, total 4]
      • What does this have to do? Take a url with a redirect in it, offer some hosts, and throw it off to those hosts? Or are you including the development of the host login service (takes a username password, looks up the my proxy, creates a wallet etc. I don't understand why this is a three day task.
    7. NDG Session Client. This enables other partners to call NDG security from their non-Python based client code by calling it as an executable script. It needs upgrading from the Alpha version. [1 day, total 5]
    8. Convert to Python 2.5 (will require minor changes e.g. to fix ElementTree import statements. No other known issues. [1 day, total 6]
    9. Simple CA Service (not essential to BETA+Security - see Issues above) [3 days, total 9]
    10. Logging Service (not essential to BETA+Security - Logging is not integrated into the rest of NDG Security but it's desirable. There is a problem in the syslogger call which needs flagging with the Python mailing list) [2 days, total 11]
  2. Deploy at BADC
    1. Client egg install (Bryan so that he can link up Browse services) [1 day, total 12]
    2. Server egg install on glue [1 day, total 13]
    3. Postgres Attribute Authority plugin [1 day, total 14]
  3. Deploy at BODC [suggested deployment at one other site - see Issue 1) above]
    1. Browse config + Security Client egg install [1 day, total 15]
    2. Server egg install [1 day, total 16]
    3. Oracle Attribute Authority plugin [1 day, total 17]
  1. Integration testing, bug fixes [4 days, total 21]