Present: Donald C, Tom D (notes), Federica A, Berk B, Maarten L, Mischa S, John SDS, Dave D, Linda C, Roberta M, Enrico V
Agenda:
AOB:
- Happy to hear Linda's broadband is working!
- It's too warm
- Good for members to recap the contents of yesterday's DOMA meeting
- Contained a status update on IAM from Berk, and considerations looking forward
- Next Data Challenge in particular, and anticipated Token usage there.
- Expect newer versions of the token profile as new things are identified over the next 1-2 years
- Maarten is optimistic in seeing increasing token usage over the second half of this year, and seeing the infrastructure continuing to grow
- LHCb have requests for the profile to make grid job use cases easier for them to implement, whilst taking use of token power
- Keeping "Fat Tokens" (psuedo VOMS proxies) as fall back
- FTS will need some updates around tape storage elements, but these have seen delays due to unfortunate poor health for Mihai. He is home now, but delays are understandable
- Open issue to be reviewed and closed - currently 12 open
- These all still relevant, and will need attention
- Some current incompleteness, missed/potential missing features need addressing
- Some previous issues may have work around, and some others may now require substantial changes - will require care to ensure done correctly with developers and service managers.
- May need experiments to do some cleanup of their infra, to move towards a simple and sensible model
- Maarten asks Dave D about usage of new IAM version, with Client Credentials
- Haven't got the scope in the yet, but have some machines using it without it
- Waiting on CA Logon updates for next release, including this
- SiGNET CA scheduled to retire. John asks for the date
- Maarten suggests checking the root cert
- Slovenia will be moving to the Geant CA
- Some Belle2 users unable to connect to services (rucio), and were unaware of the SiGNET retirement - but this may not be the cause
- Root expires in ~2months, and so a check for users may be needed (22/08)
- Next version of CERN grid CA due in a few months. Will move automatically, with the issuer updated.
- Discussed Issues around checking issuer and subject within Certificate, linking to: https://github.com/indigo-iam/iam/issues/1029
- Work underway for IAM 2.0, to move to a version that is not dependent on MitreID
- Potentital proof of concept EOY 2026
- Release anticipated Q1 2027
- Development support available for the IAM development team, due to new contracts.
- IAM team are available to support CERN update next week, if necessary
There are minutes attached to this event.
Show them.