Please refer to the updated version at: https://twiki.cern.ch/twiki/bin/view/EGEE/EGEEgLiteWorkPlans
Security work plan
| Task | TCG # | Effort | Time to Start | Estimated End |
|---|---|---|---|---|
| UH.HIP | ||||
| voms validator ``debacle" | --- | JH | Finished. | |
| Checking for voms admin memory leak in util-java. (BasicVOMSTruststore refresh) | --- | JH | Now | Priority. |
| namespace enforcement in trustmanager - namespace definition parser . new format . old format - overhaul CA cert, CRL, namespace file loading . new option: securityDir @ within this dir load .[0-9] as CAs @ .r[0-9] as CRLs @ *.namespace as namespace constraint @ new format overrides old format | --- | JH | Ongoing | End of August |
| Hostname checking in client side during handshake | --- | JH | August | Mid-September |
| INFN | ||||
| VOMS | ||||
| voms server cert in voms AC - Server, and for the C/C++ APIs | --- | VC | Done | |
| voms server cert in voms AC - Java API | --- | VC | Ongoing | |
| vomses directory structure vo name restriction support - Server, and for the C/C++ APIs | --- | VC | Done | |
| vomses directory structure vo name restriction support- Java API | --- | VC | Ongoing | |
| NIKHEF | ||||
| glexec | ||||
| Deployment of glexec+LCAS+LCMAPS on a CE head node for testing. Later also on WNs with the code as is. | 313 | OK | June | Done, WMS testing now. |
| Call-out to remote authZ/credential mapping services, such as a centralized LCMAPS service, WSS, GUMS or gAAA. | --- | OK | June | August |
| The error of glexec itself should be separatable from the error returned by the command run by glexec. (Condor requirement) | --- | GV | August | August |
| In addition to running a command as a certain user it should be possible to copy a file and chown() it. (Condor requirement) | --- | GV | September | September |
| Fine grained error codes for glexec | 313 | GV | September | September |
| The use of a configuration file with a hardcoded location | --- | GV | Later | |
| Clean up of glexec code (Get rid of the unused apache suexec code). | --- | GV | ???? | |
| LCMAPS/LCAS | ||||
| Refine the proxy lifetime checking in the corresponding lcas/lcmaps plugin | --- | OK | July | Done |
| Implement globus C authZ call-out interface to be able to plug lcas and lcmaps into gt3,gt4 services. | 313 | OK | July | August |
| Finer grained error codes | --- | OK | July | October |
| Service frontend for LCAS and LCMAPS, which allows for a centralized management of LCAS and LCMAPS. This is in particular important for deployment of glexec on worker nodes. | 313 | ?? | ?? | 4 weeks |
| Call-out to remote authZ and credential mapping services | 313 | ?? | ?? | |
| wildcard matching in grid/group mapfiles | --- | ?? | November | November |
| Job Repository | ||||
| Integration into gLite 3.x | 313 | ?? | Ongoing. | |
| Deployment and tests with glexec | --- | OK | July | End of August |
| UvA | ||||
| No input. | ||||
| UIB | ||||
| No input. | ||||
| KTH | ||||
| No input. | ||||
| Other | ||||
| proxy renewal within the service | 103a | DK | Done. Split from WMS as a library. Integration by FTS needed. | |
| Establishment of trust between the service and myproxy | 103b | DK | Done. Given to MyProxy. | |
Topic revision: r5 - 2008-01-21 - LaurenceField
- EGEE Web
- EGEE Web Home
- gLite
- ProductTeams
- SA3
- JRA1
- TMB
- EMT
- SA1
- SA2
- NA2
- NA4
- EGEE-UIG
- List of registered projects
- List of EGEE-RP interactions
- Changes
- Index
- Search
Main.WebList
 |
|
Copyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Ask a support question or Send feedback