Globus Connect Server version 5 (GCSv5) uses server certificates to establish secure connections with data access clients and in the management service. By default, Globus automatically registers a domain name and provisions certificates for GCSv5 servers. This review describes that design and presents two options that could be implemented by Globus to enable XSEDE service providers to manage their own DNS entries and select their own server certificates.
Feedback was provided to Globus that lead to a design was under development late in 2020. New initial implementation design document will be reviewed separaty.
Review Output Documents (Final)
Review Input Documents
- Are there any security or design concerns with XSEDE service providers "SPs" choosing the default GCSv5 DNS and certificate configuration?
- Do SPs need a custom certification configuration option? If yes:
- Which one is preferred and satisfies the most requirements?
- Are there security concerns or risks that should be mitigated for the preferred option?
- Are there design improvements you would recommend for the the preferred option?
ScheduleCurrent Date: 2023-02-08
Current Status: Closed (Design and Security Review)
|Target Date||Actual Date||Activity Milestone|
|2019-12-18||Review launch date|
|2020-01-10||Written feedback due (Reviewers)|
|2020-01-13||2020-12-18||Written response date (Review Material Developers)|
|2020-01-17||2020-12-18||Final approval due and completion date (Reviewers)|
Review Last Updated: 2020-12-18 3:49 pm
If you are a reviewer, please login to sign or withdraw from this review.
- John-Paul Navarro
VIEWED: 2020-12-18 15:49
SIGNED: 2020-12-18 15:48
- Derek Simmel
VIEWED: 2020-01-16 14:34
SIGNED: 2020-01-16 14:34
- Jim Basney
- Victor Hazlewood
- Matt Kollross
VIEWED: 2020-01-08 12:24
- Scott Sakai
VIEWED: 2020-04-09 14:35
- Alexander Withers
Review Material Developers