Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[cosmos-dev] Security scope from a CA perspective - Summit agenda item from CA

 

All,

 

This is in reference to the Security capabilities we need for CA from COSMOS 1.0.  We need a simple implementation that supports authentication ONLY (no authorization, encryption is nice to have).  One of our initial adopter products has a web service that needs three parameters: login, password, and the (graph) query string.

 

Since COSMOS does not have any security today whatsoever, we need to find a way to pass on the login / password from the COSMOS client (and possibly the webUI) to the MDR’s web service.

 

There is NO need to deal with any roles / authorization at this point; I state this explicitly to narrowly define the scope of our initial implementation.  Encryption, while NOT required by the CA product, would be nice to have, assuming it does not add significant time to the implementation.

 

Now some 64 million dollar questions: Do we need Higgins for this limited implementation?  Given our timeframes, should we do a simple / custom authentication implementation for now, and bring in Higgins later when we have elaborate security requirements?  Does anyone have any elaborate requirements at this juncture?  Is Higgins designed for such a simple Security implementation, or using Higgins for this purpose would be like swatting a fly with a tactical nuke?  Has anyone utilized Higgins for a similar scenario in conjunction with another open source (or corporate) project?

 

Thanks,

Jimmy Mohsin

Cell   +1-609-635-1703

 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------

From: cosmos-dev-bounces@xxxxxxxxxxx [mailto:cosmos-dev-bounces@xxxxxxxxxxx] On Behalf Of Ebright, Don
Sent: Wednesday, May 14, 2008 10:06 AM
To: Cosmos Dev
Subject: RE: [cosmos-dev] Security must-do for COSMOS 1.0

 

Jimmy

 

I think that this is worthy thing to prioritize, but we need to assess the impact on other requirements.

 

Don

 


The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it.

 

From: cosmos-dev-bounces@xxxxxxxxxxx [mailto:cosmos-dev-bounces@xxxxxxxxxxx] On Behalf Of Mohsin, Jimmy
Sent: Wednesday, May 14, 2008 9:55 AM
To: Cosmos Dev
Subject: [cosmos-dev] Security must-do for COSMOS 1.0
Importance: High

Don / Mark,

 

Quick note about the Security item for the May Summit meeting…. We have a critical adopter that requires Security internally.  It is essential for us to have a minimal Security implementation for the 1.0 timeframe.  Minimal is defined as the ability to pass on a login-id/password; I have opened a bugzilla entry (231400) for this ER; design document to follow shortly….

 

We would be willing to actively participate from our end to get this capability implemented in i12…  Thoughts?

 

Thanks,

Jimmy Mohsin

Cell   +1-609-635-1703

 

 

 

Back to the top