Creation and implementation of a generic authorization schema for web based Site Status Board application
Project name
Creation and implementation of a generic authorization schema for web based Site Status Board applicationProject description
The Experiment Dashboard provides a wide range of applications for monitoring of the LHC computing activities on the WLCG infrastructure. Certain policies define privileges for data access, recording and modifications. The goal of the project is to improve the authentication and authorisation system for the Experiment Dashboard Applications.

Currently the authorisation in the Dashboard applications is based on the User’s credentials recorded in the GRID certificate. Most of applications use the X509 certificates to grant different permissions to various categories of users (like admin rights, or creation of the new metrics).
Potential improvements in this area would be to use egroups for authorisation enabling rules like ‘all people belonging to a particular
egroup will have admin rights’. Egroup is an interface to manage groups at CERN. Authorization based on egroup would provide an easy way to delegate authorization/authentication policy implementation to the group managers rather than to the support team of the monitoring services.
Required skills
Python, some basic knowledge about security for web applicationsLearning experience
The student will learn about various options for the implementation of the authentication/authorization for the web applications and will gain experience in choosing and implementing the most appropriate authentication/authorization technique, as well as experience in testing, deployment and validation of the authentication/authorization components.Project duration
4 monthsProject area
Monitoring of the distributed infrastructureContact for further details
pablo.saiz@cern.chCERN group
IT-SDCStatus
AccomplishedFrederic Saam
La Haute Ecole d'Ingénierie et de Gestion du Canton de Vaud (HEIG-VD)
Pablo Saiz
Project finished 31 Jul 2015