VMIC Work Plan
This
VMIC Work plan is based upon a wish to split and distribute the work involved in developing a
VMIC.
Work shoudl focus on a SVMIC, and attempt to provide the needs of a EVMIC.
Database Scheama.
The database Schema for the straw man, needs improvement. The straw man data base expresses the requirements set in the security group but some alterrnative layouts need to be investigated.
- Try multiple instances of image for each VO/endorsor so allowing tag and VO to be elements of the image for performance reasons.
- Look into defferent expiring models. These seem to store all the update state within the data base.
Develop a script to populate the database with tests data. So that development will be faster.
Clients Methods.
2 Types of clients, Remote and Local. Local clients will interact directly with the database and need to securly connect to the remote server. Remote clients will need to authenticate connecting to the
VMIC.
We have Example clients :
Remote clients.
The following minimum clients are needed for the SVMIC:
- Get image ID by (vo,tag).
- Get image location by ID.
- Check image validity by ID.
- Get supported VO's.
Local Clients.
These include cron scripts. these will need to securly link to remote servers, and manage the expiry of images.
The following minimum clients are needed for an EVMIC.
- Add image to EVMIC.
- De endorse image from EVMIC
General work for clients
This section should include all general work that
VMIC clients need to have completed.
Secure connections.
- X509 connection checking authentication of server.
- infrastructure for checking signatures on imaghes.
Server Methods.
For every client a server interface needs to be developed. The following server methods are needed.
- Get image ID by (vo,tag).
- Get image location by ID.
- Check image validity by ID.
- Get supported VO's.
- Add image to EVMIC.
- De endorse image from EVMIC.
We have
one example here for "Get image ID by (vo,tag)."
Current status.
Progress.
- We have a server (simple multi tier Django implenmetation providing the admin interface for free)
- a DB scheama in first draft which supports the security requirements. (made need optimisation)
- We have example clients showing the code needed to work with Django and x509.
Priorities for work.
These are my current opinions on the highest priroity work
- Show django can be used as a x509 authenticated webserver, and retrive the DN of the client connecting.
- generate a development script to populate the database with test data.
- Add missing essential client server interaction.
- try other database scheamers for performance optimisation.
--
OwenSynge - 05-Jul-2010
Topic revision: r2 - 2010-07-05
- unknown