WLCG AuthZ Call

Thursday 29 Apr 2021, 15:00 → 16:00 Europe/Zurich

Proposed agenda: 

• Announcements/Info
  • CMS user sync
• Discussions:
  • WLCG Token Transition Timeline Comments https://docs.google.com/document/d/11fcZU8fEsfjDiSkjh95nVr4tNXLPCA_xwr2SwriBpiw/
     
• Parking lot
  • Standardisation of CE capability requirements https://github.com/WLCG-AuthZ-WG/common-jwt-profile/pull/11
  • MyProxy Equivalent for tokens

Zoom meeting:

Please ensure you are signed up to project-lcg-authz@cern.ch to receive the meeting password!

Join Zoom Meeting
https://cern.zoom.us/j/94718857994

Meeting ID: 947 1885 7994
Password: <see email>
One tap mobile
+41432107042,,94718857994# Switzerland
+41432107108,,94718857994# Switzerland

Dial by your location
        +41 43 210 70 42 Switzerland
        +41 43 210 71 08 Switzerland
        +41 31 528 09 88 Switzerland
        +33 1 7037 9729 France
        +33 7 5678 4048 France
        +33 1 7037 2246 France
Meeting ID: 947 1885 7994
Find your local number: https://cern.zoom.us/u/abjrVtLBu4

Join by SIP
94718857994@188.184.85.92
94718857994@188.184.89.188

Join by H.323
188.184.85.92
188.184.89.188
Meeting ID: 947 1885 7994
Password: <see email>

Notes WLCG AuthZ Meeting

Participants: Irwin, DaveD, DaveK, Mine, Tom, Julie, Maarten, Petr, Jim, Andrii, Andrea, Brian, Enrico, Jeff, Alessandra, James

Notes:

• User Sync
  • Working fine for CMS, no errors reported
  • ATLAS more problematic, will be worked on next week. Strategy for duplicates not sound, Petr has proposed a different approach (for some users override email with one provided by Petr). Should be done next week.
  • Mapping groups to capabilities, how will this be done? Can be done over curl at the moment but not possible through dashboard. Andrea working on this and will process.
• CHEP presentation, Tom Dack will present
• GDB token presentation, Dave did Vault last month. We need a volunteer for the next one.
  • CE side would be a good topic
    • Jeny testing with CEs with good results
  • VOMS import for CMS and ATLAS
  • Advertise new VOMS RPMs
  • Fermilab status report
  • FTS and 3rd party copy
    • Issue is that test framework is not used and frequently broken
• VOMS RPMs, Maarten created a new RPM. Should this RPM only contain new VOMS endpoints or other things too? Sites will have to configure their services with trusted IAM and VOMS endpoints - should the number of RPMs be minimised?
  • Andrea, keep RPM VOMS focused until clearer what configuration we should distribute
  • Progress made on OSG side as well

Actions:

• Reserve GDB slots
  • May OSG/Glidein WMS - Brian
  • May VOMS import status (short) - Andrea
  • June Fermilab Status - Mine
  • July token transfers (if ready) - Petr ?
• Maarten create VOMS RPMs for CMS and ATLAS, put into WLCG repo and announce on list
• Andrea and Andrii meet r.e. Dirac use cases