General design and security risk review for upgrading oa4mp.xsede.org and cilogon.org to support the OAuth 2.0 specification.
Will address standard security practicies for Tomcat from Apache and OWASP in the Deployment plan. Will also look into altering the wording on the user page to reflect the fact that the service isn't solely used by Science Gateways anymore using suggestions from Maytal.
Review Output Documents (Final)
No changes to design docs.
Review Input Documents
oa4mp.xsede.org OAuth 2.0 design
cilogon.org OAuth 2.0 design
- Do the described user behaviors address known user requirements?
- Are the service interfaces secure?
- Are the administrative and support responsibilities spelled out and do they satisfy service availability and support needs?
- Are administrative procedures secure and mitigate risk appropriately?
- Are the service interfaces secure enough?
ScheduleCurrent Date: 2023-06-08
Current Status: Closed (Design and Security Review)
|Target Date||Actual Date||Activity Milestone|
|2016-05-17||Review launch date|
|2016-05-27||2016-06-09||Written feedback due (Reviewers)|
|2016-06-03||2016-06-09||Written response date (Review Material Developers)|
|2016-06-03||2016-06-09||Final approval due and completion date (Reviewers)|
Review Last Updated: 2016-06-09 9:38 am
If you are a reviewer, please login to sign or withdraw from this review.
- Shane Filus
SIGNED: 2016-05-27 15:40
- Terrence Fleury
SIGNED: 2016-05-18 14:27
- John-Paul Navarro
SIGNED: 2016-05-25 11:53
- Victor Hazlewood
- Mattias Lidman
- Lee Liming
SIGNED: 2016-05-24 12:39
- Jim Marsteller
- Marlon Pierce
- Tabitha Samuel
SIGNED: 2016-05-17 16:18
- Adam Slagell
SIGNED: 2016-05-17 16:20
- Shava Smallen
- Rachana Ananthakrishnan
Review Material Developers
Please post your comments using the "New topic" or "Post reply" buttons in the forum(s) below.
There are 2 discussion boards in this review. Please scroll down and post comments in the most appropriate board.