WLCG AuthZ Call

Europe/Zurich
Description

Notes:

Previous Actions:

  •  


Proposed agenda:

  • TBC - in email

 

Zoom meeting:

Link below, in the videoconference section. Please ensure you are signed in to Indico to see the meeting password!

Next Meeting: 

  • Jul 9
Zoom Meeting ID
61554826915
Description
Zoom room for WLCG AuthZ Call
Host
Tom Dack
Alternative hosts
Maarten Litmaath, Hannah Short
Useful links
Join via phone
Zoom URL

Present: Donald C, Tom D (notes), Federica A, Berk B, Maarten L, Mischa S, John SDS, Dave D, Linda C, Roberta M, Enrico V

 

Agenda:

  • No topics were raised

 

AOB:

  • Happy to hear Linda's broadband is working!
  • It's too warm
  • Good for members to recap the contents of yesterday's DOMA meeting
  • Contained a status update on IAM from Berk, and considerations looking forward
    • Next Data Challenge in particular, and anticipated Token usage there.
    • Expect newer versions of the token profile as new things are identified over the next 1-2 years
    • Maarten is optimistic in seeing increasing token usage over the second half of this year, and seeing the infrastructure continuing to grow
    • LHCb have requests for the profile to make grid job use cases easier for them to implement, whilst taking use of token power
      • Keeping "Fat Tokens" (psuedo VOMS proxies) as fall back
    • FTS will need some updates around tape storage elements, but these have seen delays due to unfortunate poor health for Mihai. He is home now, but delays are understandable
  • Open issue to be reviewed and closed - currently 12 open
    • These all still relevant, and will need attention
    • Some current incompleteness, missed/potential missing features need addressing
    • Some previous issues may have work around, and some others may now require substantial changes - will require care to ensure done correctly with developers and service managers.
    • May need experiments to do some cleanup of their infra, to move towards a simple and sensible model
  • Maarten asks Dave D about usage of new IAM version, with Client Credentials
    • Haven't got the scope in the yet, but have some machines using it without it
    • Waiting on CA Logon updates for next release, including this
  • SiGNET CA scheduled to retire. John asks for the date
    • Maarten suggests checking the root cert
    • Slovenia will be moving to the Geant CA
    • Some Belle2 users unable to connect to services (rucio), and were unaware of the SiGNET retirement - but this may not be the cause
    • Root expires in ~2months, and so a check for users may be needed (22/08)
    • Next version of CERN grid CA due in a few months. Will move automatically, with the issuer updated.
    • Discussed Issues around checking issuer and subject within Certificate, linking to: https://github.com/indigo-iam/iam/issues/1029
  • Work underway for IAM 2.0, to move to a version that is not dependent on MitreID
    • Potentital proof of concept EOY 2026
    • Release anticipated Q1 2027
    • Development support available for the IAM development team, due to new contracts.
    • IAM team are available to support CERN update next week, if necessary

 

There are minutes attached to this event. Show them.
The agenda of this meeting is empty