Project name

Creation and implementation of a generic authorization schema for web based Site Status Board application

Project description

 

The Experiment Dashboard provides a wide range of applications for monitoring of the LHC computing activities on the WLCG infrastructure. Certain policies define privileges for data access, recording and modifications. The goal of the project is to improve the authentication and authorisation system for the Experiment Dashboard Applications.

Currently the authorisation in the Dashboard applications is based on the User’s credentials recorded in the GRID certificate. Most of applications use the X509 certificates to grant different permissions to various categories of users (like admin rights, or creation of the new metrics).
Potential improvements in this area would be to use e­groups for authorisation enabling rules like ‘all people belonging to a particular
e­group will have admin rights’. E­group is an interface to manage groups at CERN. Authorization based on e­group would provide an easy way to delegate authorization/authentication policy implementation to the group managers rather than to the support team of the monitoring services.

Required skills

Python, some basic knowledge about security for web applications

Learning experience

The student will learn about various options for the implementation of the authentication/authorization for the web applications and will gain experience in choosing and implementing the most appropriate authentication/authorization technique, as well as experience in testing, deployment and validation of the authentication/authorization components.

Project duration

4 months

Project area

Monitoring of the distributed infrastructure

Contact for further details

pablo.saiz@cern.ch

CERN group

IT-SDC

Status

Accomplished Submitted by Catharine Noble on Friday, January 15, 2016 - 11:44.