DOMA / TPC Meeting

Europe/Zurich

Attending:

- Alessandra F, Andrea C, Andrew H, Brian B, Fabrizio F, Horst S., Lucia, Oliver K, Rizart D., Haykahi, Dmitry L, Andrea M, 

Protocol Updates:

- Xrootd: Continued work on the multistream transfers for Xrootd TPC.
- HTTP: Nothing of note - everything continues on quietly.

Token-based AuthN/Z for DOMA data transfers:

- Document discussed.
- One token or two?  If it is generated when the FTS transfer is started, then it is a bit irrelevant: the amount of code change is pretty minimal to do a second one.
- What trust do we put in FTS?  Document has client_credentials (CMS trusts FTS) while existing mechanism has a delegation of trust (CMS Rucio is trusted, Rucio delegates to FTS).
- Suggestion: reshuffle the proposal so there is a token exchange at the FTS side.
- FTS would be able to change the scope and audiences.
- Token exchange vs client credentials:
  - Client credentials causes FTS to be completely trusted.  Very simple
  - Token exchange causes FTS to be delegated quite a bit of authority.  Requires refresh tokens.
- FTS supports token exchange currently?  To investigate.
- To reduce the number of tokens, maybe we can just use fine-grained audiences and not fine-grained scopes?
- Audience: "storage endpoint" name of the SE?  GocDB name?  Endpoint name of the current host.
  - Let's not do GocDB name -- site admins may not know that, doesn't add much.

 

 

There are minutes attached to this event. Show them.
    • 17:30 17:35
      Xrootd Protocol Update 5m
      Speaker: Wei Yang (SLAC National Accelerator Laboratory (US))
    • 17:35 17:40
      HTTP Protocol Update 5m
      Speaker: Brian Paul Bockelman (University of Nebraska Lincoln (US))
    • 17:40 18:20