Overview
General design and security risk review for upgrading oa4mp.xsede.org and cilogon.org to support the OAuth 2.0 specification.
Review Summary
Will address standard security practicies for Tomcat from Apache and OWASP in the Deployment plan. Will also look into altering the wording on the user page to reflect the fact that the service isn't solely used by Science Gateways anymore using suggestions from Maytal.
Review Output Documents (Final)
No changes to design docs.
Review Input Documents
oa4mp.xsede.org OAuth 2.0 design
cilogon.org OAuth 2.0 design
Review Criteria
- Do the described user behaviors address known user requirements?
- Are the service interfaces secure?
- Are the administrative and support responsibilities spelled out and do they satisfy service availability and support needs?
- Are administrative procedures secure and mitigate risk appropriately?
- Are the service interfaces secure enough?
Schedule
Current Date: 2024-10-05Current Status: Closed (Design and Security Review)
Target Date | Actual Date | Activity Milestone |
---|---|---|
2016-05-17 | Review launch date | |
2016-05-27 | 2016-06-09 | Written feedback due (Reviewers) |
2016-06-03 | 2016-06-09 | Written response date (Review Material Developers) |
2016-06-03 | 2016-06-09 | Final approval due and completion date (Reviewers) |
Review Last Updated: 2016-06-09 9:38 am
Reviewers
If you are a reviewer, please login to sign or withdraw from this review.
Required
- Shane Filus
SIGNED: 2016-05-27 15:40 - Terrence Fleury
SIGNED: 2016-05-18 14:27 - John-Paul Navarro
SIGNED: 2016-05-25 11:53
Optional
- Victor Hazlewood
- Mattias Lidman
- Lee Liming
SIGNED: 2016-05-24 12:39 - Jim Marsteller
- Marlon Pierce
- Tabitha Samuel
SIGNED: 2016-05-17 16:18 - Adam Slagell
SIGNED: 2016-05-17 16:20 - Shava Smallen
Withdrawn
- Rachana Ananthakrishnan
Review Material Developers
Jim Basney
Venkatesh Yekkirala
Review Facilitator
John-Paul Navarro
Please post your comments using the "New topic" or "Post reply" buttons in the forum(s) below.
There are 2 discussion boards in this review. Please scroll down and post comments in the most appropriate board.