Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "COSMOS Design 209337"
(→'''Workload Estimation''') |
(→'''Task Breakdown''') |
||
Line 109: | Line 109: | ||
== '''Task Breakdown''' == | == '''Task Breakdown''' == | ||
− | The following section includes the tasks required to complete this enhancement | + | The following section includes the tasks required to complete this enhancement: |
− | # | + | # Define the full scope of Security for COSMOS |
+ | # Open the downstream ERs to be completed in later iterations | ||
== '''Open Issues/Questions '''== | == '''Open Issues/Questions '''== |
Revision as of 17:58, 10 January 2008
Contents
Scoping of the COSMOS Security Infrastructure
Change History
Name: | Date: | Revised Sections: |
---|---|---|
Jimmy Mohsin | 01/08/2008 |
|
Workload Estimation
Process | Sizing | Names of people doing the work |
---|---|---|
Design | 3 | Jimmy Mohsin |
Code (not part of this ER) | 8 | Dev Team |
Test (not part of this ER) | 4 | QA Team |
Documentation (not part of this ER) | 1 | |
Build and infrastructure (not part of this ER) | 1 | |
Code review, etc. (not part of this ER) | 1 | |
TOTAL | 12 |
Terminologies/Acronyms
The terminologies/acronyms below are commonly used throughout this document. The list below defines each term regarding how it is used in this document:
Term | Definition |
---|---|
User | An entity representing a user in the organization. This is usually a 1:1 relation between a user and a real person |
Security Provider | Software that implements the various aspects of Security |
Account | an object representing an identity that exists on a specific realm / domain – e.g. login account on UNIX or Oracle. A single user may be associated with a multiple accounts |
Role | an application-centric authorization grouping of users (while group is a resource-based authorization grouping of accounts). |
Purpose
This enhancement is associated with bugzilla 209337.
Thsi ER will define / design / document the full scope of the COSMOS Security Infrastructure. This is the master Security ER; underneath it, multiple ERs will be spawned to address specific areas of the Security. Sepcifically, we need to address
- Authentication
- Encryption
- Authorization
- Approaches for implementing security in COSMOS, i.e. type of Security Providers supported
- Determine connection points where a Security Provider plugs into COSMOS
Security Providers supported by COSMOS
COSMOS should allow an adopter to plug in a Security Provider of their choosing. COSMOS must support the following options:
- Provide support and reference implementations for specified industry standard Security Providers, e.g. LDAP.
- Publish guidelines for hooking in Enterprise class Security Providers
- Ensure full support and compliance with WS-Security
Authentication
COSMOS must support basic user authentication and also support an SSO paradigm.
Authorization
COSMOS will need to support the roles identified in http://wiki.eclipse.org/COSMOS_Use_Cases. Additional roles may be implemented by the Security Provider used by the adopter.
Encryption
COSMOS will not encrypt any data while it is "at rest" in and MDR. This is something that the MDR / repsitory in question shown and control. However, COSMOS will be responsible for encrypting the queries and result sets as they flow through the COSMOS components, e.g. Broker / Domain / etc.
Task Breakdown
The following section includes the tasks required to complete this enhancement:
- Define the full scope of Security for COSMOS
- Open the downstream ERs to be completed in later iterations
Open Issues/Questions
All reviewer feedback should go in the Talk page for 209337.
- How much effort should be expended in addressing proprietary Security Providers?
- How many downstream ERs do we need to open once this ER is complete?