REVIEW-65: XCI-419 Gateway attribute submission improvements for 2018 - Design/Security Review

Overview

General design and security risk review for a set of improvements to the gateway_submit_attributes tool.

Review Summary

The reviewers noted one concern about the APIKeys in a sqlite database will be backed up. After further consideration with XDCDB group this design choice was altered and agreed upon to store this information in the XDCDB database, which is already well managed and backed up.  Other consideration was to identify an automated method to securely issue APIKeys to the Gateways, after discussion and review of choices, XSEDE's Kerberos  authentication will be used to validate users to issue APIKeys. Finally, a usage attribute was deemed necessary for inclusion to support Jetstream which does not provide granular usage like batch systems.

Review Output Documents (Final)

XCI-419_Gateway Attribute Submission Improvements_v1.3.pdf

Review Input Documents

XCI-419_Gateway Attribute Submission Improvements_v1.1.pdf

Review Criteria

Please focus on these questions:

  1. Does the proposed design provide the required functionality
  2. Does the proposed design follow XSEDE security guidelines and best practices
  3. Does the proposed design mitigate significant security risks
  4. Could the proposed design be improved

Schedule

Current Date: 2023-06-08
Current Status: Closed (Design and Security Review)
Target Date Actual Date Activity Milestone
  2018-10-04 Review launch date
2018-10-15 2019-05-29 Written feedback due (Reviewers)
2018-10-19 2019-07-25 Written response date (Review Material Developers)
2018-10-22 2019-07-25 Final approval due and completion date (Reviewers)
Review Created: 2018-10-04 3:38 pm
Review Last Updated: 2019-07-25 4:44 pm

 

Reviewers

If you are a reviewer, please login to sign or withdraw from this review.

Required

  • Jim Basney
    VIEWED: 2019-10-03 15:03
    SIGNED: 2018-10-04 16:34
  • Amit Chourasia
    VIEWED: 2019-01-10 13:40
    SIGNED: 2018-10-17 12:43
  • John-Paul Navarro
    VIEWED: 2019-05-29 09:19
    SIGNED: 2018-11-15 14:35
  • Marlon Pierce

Optional

  • Steven Gallo
    VIEWED: 2018-10-11 10:07
  • Victor Hazlewood
  • Jim Marsteller
  • Robert Quick
    VIEWED: 2018-10-15 15:52
  • Robert Sinkovits

Review Material Developers

Scott Sakai

Review Facilitator

John-Paul Navarro

 

Please post your comments using the "New topic" or "Post reply" buttons in the forum below.


National Science Foundation (NSF)

© XSEDE All Rights Reserved. Visit the Feedback page for assistance or to provide feedback.
The Extreme Science and Engineering Discovery Environment is supported by the National Science Foundation.
Administrative Login