Project

General

Profile

Feature #23265

Feature #23091: Reliable, flexible and secure logging system for distributed workflows

Feature #23117: Additional logging channel

Add security mechanisms to the glidein logging channel

Added by Leonardo Lai 7 days ago. Updated 6 days ago.

Status:
Work in progress
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
09/12/2019
Due date:
% Done:

0%

Estimated time:
Stakeholders:
Duration:

Description

With the new glidein logging system, logs are occasionally sent from the glideins to a remote http server for storage. Being internet inherently insecure, additional security mechanisms must be adopted to prevent these messages from being intercepted or tampered, and to authenticate all the involved entities.

The implemented system should be relatively lightweight not to compromise the scalability (number of glideins); extremely secure measures are not really required in this case, as the log messages are not meant to contain strictly confidential information. Nevertheless, we don't want anybody in the network to easily read/steal these messages, or forge spurious ones.

The initial idea is to add an encryption layer (SSL/TSL) to protect the traffic, and a JSON Web Tokens for authentication.

History

#1 Updated by Leonardo Lai 7 days ago

Glideins now exchange messages with the remote server through HTTPS.
The server uses its x509 certificate signed by IGTF CA.

#2 Updated by Leonardo Lai 6 days ago

  • Status changed from New to Work in progress


Also available in: Atom PDF