Identity/EngPlan/VESEngPlan
Overview
Identity Server Engineering plan.
This document addresses the build portions of the Identity Service Server
Key People
| Technical Lead: | JR Conlin |
| Additional Developers: | Rob Miller , Dave Dahl |
| Project Manager: | Dan Mills |
| Product Manager: | Dan Mills |
| UX: | TBD |
Work Items
Verified Email Server
Top-level tracking bug: bug 663887
Port existing code to new VEP specifications
| Assigned to: | jrconlin |
| Bug: | 663276 |
| Assumes/Depends On: | Finalization of the internal Certificate format |
| Working Estimate: | *code complete as of 2011Jun13*
Best case: |
Integrate to Clients
| Assigned to: | jrconlin |
| Bug: | 664575 |
| Assumes/Depends On: | completion of baseline server and client |
| Working Estimate: | 4 days
Best case: 2 days |
Complete work on server admin page (address registration)
| Assigned to: | jrconlin |
| Bug: | N/A |
| Assumes/Depends On: | Completion of UX designs, Completion of core server |
| Working Estimate: | *code complete as of 2011Jun13*
Best case: 3 days |
Long term data storage for VES
| Assigned to: | jrconlin |
| Bug: | N/A |
| Assumes/Depends On: | finalization of the VES data requirements |
| Working Estimate: | *code complete as of 2011Jun13*
Best case: |
Performance testing for VES
| Assigned to: | jrconlin |
| Bug: | 664578 |
| Assumes/Depends On: | Working VES |
| Working Estimate: | 4 days
Best case: 1 day |
Validating unit test coverage for QA
| Assigned to: | jrconlin |
| Bug: | 664579 |
| Assumes/Depends On: | Working VES |
| Working Estimate: | 4 days
Best case: 1 day |
Misc. server deployment tasks and checks (LDAP connection, Mail server, etc.)
| Assigned to: | jrconlin |
| Bug: | N/A |
| Assumes/Depends On: | Working VES |
| Working Estimate: | *code complete as of 2011Jun14*
Best case: 1 day |
External Dependencies
Security Review
| Assigned to: | jrconlin, opsec-TBD |
| Bug: | 664579 |
| Assumes/Depends On: | |
| Working Estimate: | 'REQUIRES SCHEDULING'
Best case: 1 day |
Security Review
= Checklist
Product Goal: Provide authenticated email addresses as signed identity certificates to client libraries.
Solutions and Approaches considered: The application uses the Verified Email Protocol. Internally, the library uses the following components:
- Services core architecture:
- nginx, python2.6, gunicorn, webob, beaker, etc.
- M2Crypto (contains centralized rsa, Crypto and wraps OpenSSL library)
- python-cjson (high speed json serializer)
Rationale for final solution: M2Crypto was chosen for two reasons: 1. It wraps OpenSLL, meaning that it's not trying to implement function independently of a proven library 2. It's fast.
cjson was chosen because it was far faster than native python JSON libraries, and this library does a LOT of JSON.
We are using redis as our back-end storage because it provides simple key::data storage. The data storage mechanism is abstracted, and can be replaced with another system if need be.
Known security threats and issues: Currently, the "admin" portions (providing the page to allow users to add and disable accounts) is meant to be called only from locally served pages, but could be spoofed. There is currently a stubbed local check function, however no method has yet been implemented.
We are working with ops to identify methods to provide adequate protection from XSS.
Summary:
Package and Deploy server to Beta
| Assigned to: | jrconlin |
| Bug: | 664582 |
| Assumes/Depends On: | Working service, Available beta platform |
| Working Estimate: | 1 day
Best case: 1 day |
Q.A. testing
| Assigned to: | TBD |
| Bug: | TBD |
| Assumes/Depends On: | Working Service; jrconlin provides proper testing architecture |
| Working Estimate: | 11 days
Best case: 5 days |
Timeline
Expected Completion
Most tasks can be parallelized with clients working off of the base server. There is some imperative in getting the base server operational on a test platform in order to provide the clients with a baseline to work from.
Working Estimate: TBD
Milestones
Milestone 1: Completion of the Identity Server
- server should be deployed to a test configuration with access to test LDAP and some level of backend storage.
- user should be able to perform minimal account related actions
- Working Estimate: Done
- Expected completion: Done
Milestone 2: Working integration of server and client code
- client should be able to work with the existing server
- client should be able to provide basic VEP service to a demo 3rd party site
- Working Estimate: 4 days
- Target Completion: Jun 21
Milestone 3: QA and Infrasec signoff
- library test suite is finalized and infrasec has reviewed the code and found no major security violations.
- Working Estimate: 2 days
- Completion Date: TBD
Milestone 4: Deployment to Beta server
- Code is deployed to a public accessible server (beta) for preliminary testing and user feedback.
- Pending Issues: Beta Server configuration.
- Working Estimate: 2 days
- Target Completion: TBD