Login

WLCG AuthZ call

Europe/Zurich
Description

Proposed agenda: 

- OAuth token exchange for WLCG Storage Elements (Google doc)

Zoom meeting:

Please ensure you are signed up to project-lcg-authz@cern.ch to receive the meeting password!

Join Zoom Meeting
https://cern.zoom.us/j/94718857994

Meeting ID: 947 1885 7994
Password: <see email>
One tap mobile
+41432107042,,94718857994# Switzerland
+41432107108,,94718857994# Switzerland

Dial by your location
        +41 43 210 70 42 Switzerland
        +41 43 210 71 08 Switzerland
        +41 31 528 09 88 Switzerland
        +33 1 7037 9729 France
        +33 7 5678 4048 France
        +33 1 7037 2246 France
Meeting ID: 947 1885 7994
Find your local number: https://cern.zoom.us/u/abjrVtLBu4

Join by SIP
94718857994@188.184.85.92
94718857994@188.184.89.188

Join by H.323
188.184.85.92
188.184.89.188
Meeting ID: 947 1885 7994
Password: <see email>

RUCIO client token flows
Hide

Participants

Andrea Ceccanti, Maarten Liitmath, Dave Kelsey, Dave Dykstra, Brian Bockelman, Andrii Lytovchenco, David Crooks, Tom Dack, Enrico Vianello, Gabriel Zachmann, Irwin Gaines, Jeffrey Gainor, Jim Basney, Joao Pedro Lopes, John De Stefano, Julie Marsh, Linda Cornwall, Marcelo Vilaca, Mihai Patrascoiu, Petr Vokac, Roberta Miccoli, Ian Collier

Notes

Discussion focused on how to implement scalable fine-grained access tokens for WLCG data management and whether we need a token exchange endpoint at WLCG SEs to exchange VO-issued tokens (i.e. WLCG JWTs) with storage-issued tokens.

Three possible approaches were presented with pros and cons of each discussed within the group.

Summarizing:
- Agreement in the group that token exchange and attenuation should happen centrally at the VO token issuer.
- IAM needs to be reliable and highly scalable. Some discussion on how we could optimize IAM token management (e.g., avoid storing tokens in the db if short-lived). The IAM team will look into this and report in a next meeting.
- Agreement that we need a more formal description of the token flows to understand all the implications (reliability, scalability, traceability, changes required in the software, etc...). Andrea will create a google doc with the revised version of the diagrams shown during the call

Actions

- @Andrea: create the google doc describing the flows

Next meeting

- Sept. 2nd, Hannah will circulate the proposed agenda

There are minutes attached to this event. Show them.
The agenda of this meeting is empty
Powered by Indico v3.3.2-pre