Identity/EngPlan/VESEngPlan

From MozillaWiki
Jump to: navigation, search

Overview

Identity Server Engineering plan.

This document addresses the build portions of the Identity Service Server

Key People

Technical Lead: JR Conlin
Additional Developers: Rob Miller , Dave Dahl
Project Manager: Dan Mills
Product Manager: Dan Mills
UX: TBD

Work Items

Verified Email Server

Top-level tracking bug: bug 663887

Port existing code to new VEP specifications

Assigned to: jrconlin
Bug: 663276
Assumes/Depends On: Finalization of the internal Certificate format
Working Estimate: *code complete as of 2011Jun13*

Best case:
Worst case:
Most Likely:

Misc. server deployment tasks and checks (LDAP connection, Mail server, etc.)

Assigned to: jrconlin
Bug: N/A
Assumes/Depends On: Working VES
Working Estimate: *code complete as of 2011Jun14*

Best case: 1 day
Worst case: 5 days
Most Likely: 1 days

Long term data storage for VES

Assigned to: jrconlin
Bug: N/A
Assumes/Depends On: finalization of the VES data requirements
Working Estimate: *code complete as of 2011Jun13*

Best case:
Worst case:
Most Likely:

Complete work on server admin page (address registration)

Assigned to: jrconlin
Bug: N/A
Assumes/Depends On: Completion of UX designs, Completion of core server
Working Estimate: *code complete as of 2011Jun13*

Best case: 3 days
Worst case: 4 days
Most Likely: 6 days

Integrate to Clients

Assigned to: jrconlin
Bug: 664575
Assumes/Depends On: completion of baseline server and client
Working Estimate: 4 days

Best case: 2 days
Worst case: 6 days
Most Likely: 4 days

Performance testing for VES

Assigned to: jrconlin
Bug: 664578
Assumes/Depends On: Working VES
Working Estimate: 4 days

Best case: 1 day
Worst case: 6 days
Most Likely: 4 days

Validating unit test coverage for QA

Assigned to: jrconlin
Bug: 664579
Assumes/Depends On: Working VES
Working Estimate: 4 days

Best case: 1 day
Worst case: 6 days
Most Likely: 4 days

External Dependencies

Integrate to account portal for account creation.

Assigned to: jrconlin
Bug: 666081
Assumes/Depends On: Account portal able to create accounts and be accessed as service.
Working Estimate: 4 days

Best case: 2 days
Worst case: Unknown (external dependency)
Most Likely: 2 days

Security Review

Assigned to: jrconlin, opsec-TBD
Bug: 664579
Assumes/Depends On:
Working Estimate: 'REQUIRES SCHEDULING'

Best case: 1 day
Worst case: 5 days
Most Likely: 2 days

Security Review

= Checklist

Product Goal: Provide authenticated email addresses as signed identity certificates to client libraries.

Solutions and Approaches considered: The application uses the Verified Email Protocol. Internally, the library uses the following components:

  • Services core architecture:
    • nginx, python2.6, gunicorn, webob, beaker, etc.
  • M2Crypto (contains centralized rsa, Crypto and wraps OpenSSL library)
  • python-cjson (high speed json serializer)

Rationale for final solution: M2Crypto was chosen for two reasons: 1. It wraps OpenSLL, meaning that it's not trying to implement function independently of a proven library 2. It's fast.

cjson was chosen because it was far faster than native python JSON libraries, and this library does a LOT of JSON.

We are using redis as our back-end storage because it provides simple key::data storage. The data storage mechanism is abstracted, and can be replaced with another system if need be.

Known security threats and issues: Currently, the "admin" portions (providing the page to allow users to add and disable accounts) is meant to be called only from locally served pages, but could be spoofed. There is currently a stubbed local check function, however no method has yet been implemented.

We are working with ops to identify methods to provide adequate protection from XSS.

Summary:


Package and Deploy server to Beta

Assigned to: jrconlin
Bug: 664582
Assumes/Depends On: Working service, Available beta platform
Working Estimate: 1 day

Best case: 1 day
Worst case: 3 days
Most Likely: 1 day

Q.A. testing

Assigned to: TBD
Bug: TBD
Assumes/Depends On: Working Service; jrconlin provides proper testing architecture
Working Estimate: 11 days

Best case: 5 days
Worst case: 20 days
Most Likely: 10 days

Timeline

Expected Completion

Most tasks can be parallelized with clients working off of the base server. There is some imperative in getting the base server operational on a test platform in order to provide the clients with a baseline to work from.

Working Estimate: TBD

Milestones

Milestone 1: Server Base Configuration

The server needs to work with the services base platform architecture (LDAP connectivity, data storage, and like). At this milestone, the various underlying architecture components have been resolved and preliminary connections have been made.

  • Associated Bugs: 663276, (§3.1.2 & §3.1.3)
  • Working Estimate: Done
  • Expected completion: Done
  • Requirements Resolved: R3.1, R3.7

Milestone 2: User Admin pages operational

The server will need to provide some user administration pages (e.g. login, email registration, management, etc.) At this milestone, the pages would be created and operational, but still may require UI/UX intervention.

  • Associated Bugs: (§3.1.4)
  • Working Estimate: Done
  • Target Completion: Done
  • Requirements Resolved: R3.2, R3.4, R3.5, R3.6

Milestone 3: Integrate with Client code

The server needs to be able to properly pass certification info to the client, as well as provide support for admin calls and other functions. At this milestone, the client will be able to successfully collect certificates from the server for registered emails and display various admin pages where necessary.

  • Associated Bugs: 664575, 664597
  • Working Estimate: 4 days
  • Target Completion TBD
  • Requirements Resolved: R3.3

Milestone 4: Performance and Testing analysis

In order for the code to be deployed, there must be some baseline determination of its demands on the server hardware. It must also operate correctly and with the protocol specifications. At this milestone, the server will have adequate unit tests as well as a set of load tests will have been run to determine the maximum effective traffic a server can handle with a base configuration.

  • Associated Bugs: 664578, 664579
  • Working Estimate: 8 days
  • Target Completion: TBD

Milestone 5: Wrapup

The server needs documentation and be packaged for deployment and testing. At this milestone, the server will be in a beta consumer ready state. Documentation and packaging may not be finalized, but they should be at a point where an external developer can set up and use the system with no prior knowledge of the system and minimal assistance.

  • Associated Bugs: 664579, 664582, (§3.1.11)
  • Working Estimate: 13 days
  • Target Completion: TBD