[Go-essp-tech] Agenda for Security Telco Today
Rachana Ananthakrishnan
ranantha at mcs.anl.gov
Tue Aug 3 11:22:33 MDT 2010
Sharing my notes from the call.
Rachana
Gateway Release
1. Federation-wide Trust Root Management
A. Neill to send email to go-essp requesting for certiifcate
B. Input from Eric on where in a Gateway install you should pick up
MyProxy CA and the OpenID trustroots
C. All Gateway and Data node owners to send the trust roots
D. Neill generates document with tar.gz and Java trust root
2. Gateway Attribute Service
A. Luca to respond on feasibility to assert a whitelist
B. Nathan H to work on Gateway to attribute service call use
certificate for SSL handshake
C. Eric: PCMDI deployment does not validate client and all connections
should be mutually authentication
D. Eric: PCMDI deployment did not return any attribute results
E. (?) PCMDI registration request was not unanswered. This needs to be
changed to be automated.
F. (?) Registration currently is automatically approved, and if you
know the confirmation URI, the approval can be spoofed.
3. Gateway SAML Authorization Service
A. Luca has tested AuthZ service at NASA, which is latest code
B. Data node filter updates need to be absorbed for deployment
4. Gateway WGet Scripts
A. Eric making progress on this, on target
B. Phil to follow-up on the wget parameters needed
C. Call to discuss the VeriSign keystore issue (Phil, Rachana, Gavin)
Data Node Release
1. Data Node Authentication/Authorization
A. SAML one has low priority. Use cases where we need the user
attributes via the certificates, since the core attributes are pushed
via OpenID, but not via PKI.
B. RP with email in cookie, not resolved for now
C. Next release: code development is done, needs script integration
and installation (Stephen, Gavin & Luca)
D. Luca/Gavin: to test token and token-less data node install on a
machine with a clean script install to test this. Gavin to setup the
machine, and setup access. Install federation wide trust information
to allow anyone in federation to test this.
3. Configurable Data Node Service to enable/disable token generation
A. Gavin: generate CSR on data node install, and has documentation on
this. PCMDI as the specific contact for now.
B. Rachana to work with Gavin on the document outlining on how the
admin can get the host certificate.
* GridFTP on lack of chroot turnkey solution is a blocker for next
data node release.
* Attribute and authorization services need to be able to do mutual
authentication and whitelist users. Blocker for next release.
On Aug 3, 2010, at 7:56 AM, <philip.kershaw at stfc.ac.uk> <philip.kershaw at stfc.ac.uk
> wrote:
> Hi all,
>
> I’ve compiled an agenda with Rachana for the call today:
>
> http://proj.badc.rl.ac.uk/go-essp/wiki/CMIP5/Meetings/telco100803
>
> There is a lot to get through, probably more than we have time for
> but it’s in rough order of priority so we can see how far we get.
>
> Cheers,
> Phil
>
>
> --
> Scanned by iCritical.
>
>
> _______________________________________________
> GO-ESSP-TECH mailing list
> GO-ESSP-TECH at ucar.edu
> http://mailman.ucar.edu/mailman/listinfo/go-essp-tech
Rachana Ananthakrishnan
Argonne National Lab | University of Chicago
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ucar.edu/pipermail/go-essp-tech/attachments/20100803/0a410377/attachment-0001.html
More information about the GO-ESSP-TECH
mailing list