Bug 5007

Summary: CAMPAIGN: MyProxy Upgrade for PURSe
Product: PURSe Reporter: Deepti Kodeboyina <dkodeboy@mcs.anl.gov>
Component: PURSeAssignee: Deepti Kodeboyina <dkodeboy@mcs.anl.gov>
Status: ASSIGNED    
Severity: normal CC: ranantha@mcs.anl.gov, rohder@mcs.anl.gov
Priority: P3 Keywords: CDIGS
Version: unspecified   
Target Milestone: ---   
Hardware: PC   
OS: Linux   

Description From 2007-02-13 11:31:11
Campaign Leader: Rachana Ananthakrishnan

People: Deepti Kodeboyina
        Rachana Ananthakrishnan

Technologies: PURSe


The current implementation of PURSe requires that the MyProxy Server
be run on the same machine as the portal. The
"myproxy-admin-load-credential" command imposed the limitation. More
recent versions of MyProxy eliminates this and PURSe needs to be
upgraded to use it.

Also, recent versions of the MyProxy server provides CA functionality
and updating PURSe to use this would imply that that the CA signing
key need not be on the same machine as the portal.


The current installations of PURSe require the CA signing key and the
credential store be hosted on the same machine on which the portal is
run. This campaign will allow for mre secure PURSe installation by
allowing credentials and signing key to be stored in a separate, more
protected machine.


(1) Upgrade and test with more recent version of MyProxy Server 
(2) Use myproxy-store rather than mypopxy-admin-load-credential to
store end entity certificates
(3) Test and update document to reflect use of remote MyProxy Server
(4) Investigate use of CA functionality from MyProxy Server
(5) Document API changes required 
(6) Add functionality to use CA functionality from MyProxy Server
(7) Update documentation and tests


Deepti - 100% FTE, 3 weeks 
Rachana - Consultant
------- Comment #1 From 2007-04-05 16:01:59 -------
Patch from Deepti for storing credentials on remote MyProxy server has been