Please refer to the updated version at: https://twiki.cern.ch/twiki/bin/view/EGEE/EGEEgLiteWorkPlans

Security work plan

Task TCG # Effort Time to Start Estimated End
UH.HIP
voms validator ``debacle" --- JH Finished.
Checking for voms admin memory leak in util-java. (BasicVOMSTruststore refresh) --- JH Now Priority.
namespace enforcement in trustmanager - namespace definition parser . new format . old format - overhaul CA cert, CRL, namespace file loading . new option: securityDir @ within this dir load .[0-9] as CAs @ .r[0-9] as CRLs @ *.namespace as namespace constraint @ new format overrides old format --- JH Ongoing End of August
Hostname checking in client side during handshake --- JH August Mid-September
INFN
VOMS
voms server cert in voms AC - Server, and for the C/C++ APIs --- VC Done
voms server cert in voms AC - Java API --- VC Ongoing
vomses directory structure vo name restriction support - Server, and for the C/C++ APIs --- VC Done
vomses directory structure vo name restriction support- Java API --- VC Ongoing
NIKHEF
glexec
Deployment of glexec+LCAS+LCMAPS on a CE head node for testing. Later also on WNs with the code as is. 313 OK June Done, WMS testing now.
Call-out to remote authZ/credential mapping services, such as a centralized LCMAPS service, WSS, GUMS or gAAA. --- OK June August
The error of glexec itself should be separatable from the error returned by the command run by glexec. (Condor requirement) --- GV August August
In addition to running a command as a certain user it should be possible to copy a file and chown() it. (Condor requirement) --- GV September September
Fine grained error codes for glexec 313 GV September September
The use of a configuration file with a hardcoded location --- GV Later
Clean up of glexec code (Get rid of the unused apache suexec code). --- GV ????
LCMAPS/LCAS
Refine the proxy lifetime checking in the corresponding lcas/lcmaps plugin --- OK July Done
Implement globus C authZ call-out interface to be able to plug lcas and lcmaps into gt3,gt4 services. 313 OK July August
Finer grained error codes --- OK July October
Service frontend for LCAS and LCMAPS, which allows for a centralized management of LCAS and LCMAPS. This is in particular important for deployment of glexec on worker nodes. 313 ?? ?? 4 weeks
Call-out to remote authZ and credential mapping services 313 ?? ??
wildcard matching in grid/group mapfiles --- ?? November November
Job Repository
Integration into gLite 3.x 313 ?? Ongoing.
Deployment and tests with glexec --- OK July End of August
UvA
No input.
UIB
No input.
KTH
No input.
Other
proxy renewal within the service 103a DK Done. Split from WMS as a library. Integration by FTS needed.
Establishment of trust between the service and myproxy 103b DK Done. Given to MyProxy.

-- Main.grandic - 27 Jun 2006

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r5 - 2008-01-21 - LaurenceField
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EGEE All webs login

This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright & by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Ask a support question or Send feedback